Week in review: Lure10 attack, DoublePulsar exploit proliferation

Here’s an overview of some of last week’s most interesting news and articles:

BrickerBot bricked 2 million IoT devices, its author claims
The author of BrickerBot, which “bricks” IoT devices by rewriting the flash storage space and wiping files, has emerged to explain that the malware first attempts to secure the units without damaging them.

Security improvements primary reason for Windows 10 migration
Migration to Windows 10 is expected to be faster than previous OS adoption, according to a survey by Gartner. The survey showed that 85 percent of enterprises will have started Windows 10 deployments by the end of 2017.

Russian carding industry pioneer sentenced to 27 years in prison
Under the nickname “Track2,” Seleznev created two automated vending sites, an innovation that made it possible for criminals to efficiently search for an purchase stolen credit card data through a process as easy as buying a book on Amazon.

Lure10: Exploiting Wi-Fi Sense to MITM wireless Windows devices
Karma has long been a staple man-in-the-middle attack used in authorised wireless security assessments and unsanctioned ones, but as many modern operating systems now provide effective countermeasures, other approaches for tricking wireless clients into automatically associating with a rogue access point are wanted. Enter Lure10 – a new attack that, by taking advantage of Wi-Fi Sense, tricks wireless devices running Windows into doing exactly that.

IT service providers, many other orgs targeted in long-standing attack campaign
According to preliminary analysis, threat actors appear to be leveraging stolen administrative credentials (local and domain) and certificates, along with placing sophisticated malware implants on critical systems.

Industry reactions to the Verizon 2017 Data Breach Investigations Report
Nearly 2,000 breaches were analyzed in this year’s Verizon 2017 Data Breach Investigations Report and more than 300 were espionage-related.

Know your enemy: Defining the new taxonomy of malicious emails
Familiarity can breed contempt, and all users are now at risk from increasingly more advanced email attacks, which have become vastly more sophisticated in the last few years.

Tens of thousands Windows systems implanted with NSA’s DoublePulsar
Has your Windows machine been implanted with NSA’s DoublePulsar backdoor? If you haven’t implemented the security updates released by Microsoft in March, chances are good that it has. The good news is that the backdoor can now be remotely uninstalled from any infected Windows machine thanks to the updated detection script provided by security firm Countercept, as well as by rebooting the affected machines.

How secure are mobile banking apps?
Accenture and NowSecure have performed vulnerability assessments of customer-facing mobile banking apps of 15 banking institutions in the North American market.

Alleged Kelihos botmaster indicted
Pyotr Levashov, who went online under several nicknames – the most memorable of which was “Peter Severa” (i.e. Peter of the North) – was arrested in Barcelona on April 7, 2017, while on vacation with his family.

How to securely deploy medical devices within a healthcare facility
The risks insecure medical devices pose to patient safety are no longer just theoretical, and compromised electronic health records may haunt patients forever.

Will fileless malware push the antivirus industry into oblivion?
The death of antivirus has been prophesied for years now, but the AV industry is still alive and kicking. SentinelOne, though, believes that in-memory resident attacks, i.e. fileless malware, just might be the thing that pushes it into oblivion.

Executive spotlight: iovation’s new Vice President of Product
Last week iovation announced that Dwayne Melancon was leaving Tripwire after 17 years and joining the company as the new Vice President of Product, so we decided to get in touch and see what are his future plans.

Behavioural profiling: Spotting the signs of cyber attacks and misuse
Behavioural profiling is increasingly recognised as a new level of protection against cyber attacks and systems abuse, offering the potential to pick out new and unknown attacks, or to spot activities that may be missed.

Cybercrime can come in any shape or size, and not always the form you’d expect
Cyberespionage is now the most common type of attack seen in manufacturing, the public sector and now education, warns the Verizon 2017 Data Breach Investigations Report. Much of this is due to the high proliferation of propriety research, prototypes and confidential personal data, which are hot-ticket items for cybercriminals.

Modern threat landscape: Seismic shifts in motivation and focus
Cybercriminals revealed new levels of ambition in 2016 – a year marked by extraordinary attacks, including multi-million dollar virtual bank heists and overt attempts to disrupt the U.S. electoral process by state-sponsored groups.

Phishing attacks responsible for three-quarters of all malware
While technical attacks on the newest vulnerabilities tend to dominate the media, many attacks rely on less technical means.

SquirrelMail opens users to remote code execution
Users of open source webmail software SquirrelMail are open to remote code execution due to a bug (CVE-2017-7692) discovered independently by two researchers.

New infosec products of the week​: April 28, 2017
A rundown of infosec products released last week.