Hacking & Security
Hello, SecurityIQ users! As our dev team continues to enhance our cloud-based security awareness education platform, I thought you all would like to know about some of the changes and upgrades available to you on SecurityIQ. Here’s this week’s update: Phishing Reports Now Include “Avoided” – We now summarize and graph all the times when learners […]
Penetration testing report is the key deliverable in any security assessment activity. In Penetration testing, the final deliverable is the report which shows the service provided, the methodology used, findings/results and the recommendation. Many penetration testers find the report making as a boring process because it takes a lot of time and effort. In this […]
Security researchers at Cisco Talos and Check Point have published reports detailing the inner workings of Nuclear, an "exploit kit" Web service that deployed malware onto victims' computers through malicious websites. While a significant percentage of Nuclear's infrastructure has been recently disrupted, the exploit kit is still operating—and looks to be a major contributor to the current crypto-ransomware epidemic.
Introduced in 2010, Nuclear has been used to target millions of victims worldwide, giving attackers the ability to tailor their attacks to specific locations and computer configurations. Though not as widely used as the well-known Angler exploit kit, it has been responsible for dropping Locky and other crypto-ransomware onto more than 140,000 computers in more than 200 countries, according to statistics collected by Check Point (PDF). The Locky campaign appeared to be placing the greatest demand on the Nuclear pay-to-exploit service.
Much of Talos' data on Nuclear comes from tracking down the source of its traffic—a cluster of "10 to 15" IP addresses that were responsible for "practically all" of the exploit infrastructure. Those addresses were being hosted by a single cloud hosting provider—DigitalOcean. The hosting company's security team confirmed the findings to Talos and took down the servers—sharing what was on them with security researchers.
Major football tournaments such as the World Cup and the European Championship, traditionally attract a lot of spammer activity. Euro 2016 will be held this summer in France, and it’s not only the fans and players who are getting ready but also Internet fraudsters. The latter have started sending out fake notifications about lottery wins dedicated to the upcoming tournament. Their emails often contain attachments adorned with graphic elements including official emblems, the Euro 2016 logo and those of its sponsors.
The contents of the attachments are the standard stuff: the lottery was held by an authorized organization, the recipient’s address was randomly selected from a large number of email addresses, and in order to claim your prize you have to reply to the email and provide some personal information. We have recorded cases where the same attachment was sent in messages with a different text, but the theme of the email is essentially the same. The fraudsters also use different email addresses and change those used in the body of the message and the attachment.
We have also come across advertising spam in different languages, for example in Dutch, asking recipients to buy a 2-euro commemorative coin issued specifically for Euro 2016.
We expect to see a growth in football-themed spam as the start date of Euro 2016 approaches. This type of fraudulent spam can be one of the most dangerous for users: the perpetrators are unlikely to limit their activity to fake lotteries, and will start spreading various emails offering the chance to win tickets to the games, as was the case before the World Cup in Brazil. The amount of spam targeting users in France, which is hosting the championship, may also increase.