Archive for April 26, 2016

‘Blackhole’ exploit kit creator sentenced for 7 years

Dmitry Fedotov, a Russian national who created the infamous Blackhole exploit kit, was sentenced to 7 years in prison by a Moscow Court. Known as “Paunch” in the cybercrime world, Fedotov, along with his seven accomplices, was arrested in October 2013 for involvement in a criminal organization.

According to a Russian security firm, Paunch had more than 1,000 customers and was earning $50,000 per month from his illegal activity. The Blackhole exploit kit was rented for $500 per month if run on the seller’s server and $700 if customers wanted to run it on their own server.

Coming into existence in 2010, Blackhole exploit kit was responsible for large number of malware infections. It was stitched into malicious sites and exploited a variety of Web-browser vulnerabilities.

(pc-google images)
A few months before his arrest, Paunch teamed up with a fraudster known online as “J.P. Morgan” and announced that they had set aside $100,000 to acquire zero-day exploits. The budget for zero-days later doubled, and “J.P. Morgan” increased it to $450,000 after Fedotov’s arrest.

Russian authorities estimated that Paunch and his accomplices caused damage of 70 million rubles (approx. $2 million) at the time of his arrest.

Adobe Flash vulnerabilities more in focus for exploit kit writers: NTT reports

A study done by  NTT Group reveals that exploit kit writers are more interested in vulnerabilities in Adobe Flash rather than the Java vulnerabilities.

In 2015, the top 10 vulnerabilities targeted by exploit kits belonged to Adobe Flash. However in 2013, the scenario was different, the top 10 vulnerabilities targeted by exploit kits included one Flash and eight Java vulnerabilities.

The reason behind this shift is that the  vulnerabilities in Java have dropped drastically, while vulnerabilities in Flash has jumped by almost 312 per cent (four-fold) over 2014 levels, NTT reports.

In their latest global threat intelligence report that was published on Tuesday, states that spear phishing attacks accounted for approximately 17 per cent of incident response activities, and an 18 per cent rise in malware detected for every industry other than education.

The report consists of analysis of  threats and trends from the 1999, information from 24 security operations centers, seven R&D centers, 3.5 trillion logs, 6.2 billion attacks and nearly 8,000 security clients across six continents.

"NTT clients from the education sector tended to focus less on the more volatile student and guest networks, but malware for almost every other sector increased," a spokesman from NTT Group's Solutionary managed security service business commented.

Europol arrests Romanian group on ATM skimming operation

European Union’s law enforcement agency, Europol along with Italy's military, Carabinieri arrested 16 Romanian nationals who were operating a massive ATM skimming operation in three EU countries.

Authorities seized micro camera bars, card readers, magnetic strip readers and writers, computers, phones, flash drives, and plastic cards ready to be formed into credit card clones from individuals arrested from across Italy.

The group installed ATM skimming devices on cash machines across Italy, Denmark, and the UK. Later, the group collected credit card data from these devices, crafted cloned payment cards and pass them off to partners in Belize and Indonesia who made fraudulent transactions and emptied the victim’s accounts.

The money was later split across group members.

The damaged incurred by this criminal group’s activity is estimated at EUR 1.2 million ($1.35 million) in the past.

Officials started its investigation on the group in 2014 when they first came to know about it.

This isn’t the first time when group of Romanian nationals have been caught operating ATM skimming 
operations. In the past, many such activities have taken place.

However, intelligence agencies and security officials have been trying to make payment transactions safer for 
customers throughout Europe and elsewhere.

Open Sourced Vulnerability Database shuts down

Open Sourced Vulnerability Database (OSVDB), a website that provides unbiased and accurate information about software vulnerabilities, has decided to shut down permanently. 

This announcement came after the lack of industry support for the maintenance of the project. OSVDB was launched in March 2004 as a project whose goal was to provide precise and unbiased information about security vulnerabilities. It was guided by the non-profit organization Open Security Foundation (OSF).

In a brief statement, Brian Martin, one of the leaders of the OSDVB project, pointed out that they won’t be coming back. “As of today, a decision has been made to shut down the Open Sourced Vulnerability Database (OSVDB), and will not return. We are not looking for anyone to offer assistance at this point, and it will not be resurrected in its previous form,” Martin said in a blog post. “This was not an easy decision, and several of us struggled for well over ten years trying to make it work at great personal expense. The industry simply did not want to contribute and support such an effort,” he added.

The OSVDB blog will, however, continue to be a place for providing commentary on all things related to the vulnerability world.

Before the abrupt shut down, the site had managed to collect over 106,000 vulnerabilities in over 83,000 products from over 10,000 vendors.

Personal data of 50 million Turkish citizens including its President leaked online

Database of a massive leak posted online claims to contain details of almost 50 million Turkish citizens including country's president, Recep Tayyip Erdogan, his predecessor Abdullah Gul and Prime Minister Ahmet Davutoglu.

The bulk data, which contains 49,611,709 records, appeared on the website of an Icelandic group on Monday (April 04). The complete archive of 1.5 GB is available for downloading on both Torrent and Magnet URL.

On the download page, the hackers wrote: "Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?"
The hacker also listed a number of 'lessons' aimed at Turkish authorities including "bit shifting isn't encryption" and "putting a hardcoded password on the UI hardly does anything for security". Lastly, the hacker added: "Do something about Erdogan! He is destroying your country beyond recognition. Lessons for the US? We really shouldn't elect Trump, that guy sounds like he knows even less about running a country than Erdogan does."

The unnamed hacktivist have posted data which is usually included in a standard Turkey ID card. It holds the first and last names, national identifier numbers, mother and father's first names, gender, city of birth, date of birth, full address, ID registration cities and districts of citizens.

The Associated Press was able to partially verify the authenticity of the leak by running 10 non-public Turkish ID numbers against names contained in the dump. Eight out of ten were a match.

Turkish officials didn't immediately comment on the leak.

Experts speculate that data have been stolen from a government agency managing data of Turkish citizens.
If the authenticity of all 50 Million records gets verified, this will be one of the biggest public breaches of its kind, effectively putting two-thirds of the Nation's population at risk of identity theft and fraud.

The breach will be the biggest leaks after the one that occurred in U.S. government's Office of Personnel Management (OPM) in April 2015 that compromised the personal information of over 22 Million U.S. federal employees, contractors, retirees and others and exposed millions of sensitive and classified documents.