Monthly News Roundup - April 2015 (TL;DR)

img_2015-04-01_Dark-Reading

NEWS

It’s time to get back to basics -- that’s the takeaway in this month’s InfoSec news. Among the headlines: a simple phishing scam hacked the White house, teamwork undermined a criminal botnet, and unpatched networks are vulnerable to attack (duh!). Here are the highlights from April:

  • Hackers Gain Mass Email Capabillities: Mass e-mailing firm, SendGrid, suffered a double hack that affected both a customer’s account and an employee’s network account. According to reports, the hackers used SendGrid’s system to send phishing emails. It also gave the attackers access to customers’ usernames, salted-and-hashed passwords, and email addresses. An attack like this is of particular concern because malicious/phishing emails distributed via SendGrid can circumvent spam filters.
  • Apple’s OS X Patch Fail: Last year, Apple learned of an OS security flaw (dubbed “Rootpipe”) that would allow a hacker to access a Mac without needing to know the admin password. On April 8, 2015, Apple released a patch. But… the patch doesn’t work! This revelation comes via Patrick Wardle of the security startup, Synack, who blogged about the issue recently. In addition to committing the patch flub, Apple faces criticism for its decision to only fix Yosemite, while leaving earlier OS versions vulnerable.
  • Teamwork Takes Down Bad Guys’ Botnet: In mid-April, authorities struck a blow for the good guys after disabling an international botnet. The target of the effort, the so-called Simda Botnet, is used to distribute malware and is suspected of infecting over 770,000 machines worldwide. The operation involved the disruption and dismantling of 14 command and control servers in Europe and the U.S. This successful takedown was possible thanks to an alliance between Microsoft, the FBI, Interpol and cybercrime units from Luxembourg, Holland, Russia and France. It’s a veritable tossed-salad of global, anti-hacking expertise.
  • The White House Gets Phished: According to multiple sources, President Obama’s non-public travel schedule was accessed by Russian hackers. The information was obtained following a successful phishing effort. Further research revealed the breach was caused by a single, mistaken click by a State Department staffer. This story is a reminder that human behavior is a weak link in a network security chain. Our tip: A cloud-browser mitigates the risk of innocent user error.
  • Sophisticated Dyre Wolf Malware Uses Old Phone Con Trick: This month, IBM warned of a surprisingly crafty cybercrime scam that relies on “Dyre Wolf” malware. First, the malicious program is downloaded by an unsuspecting user. It activates when a user attempts to visit a bank site. Instead of visiting the actual site, the malware displays a web page stating that the bank’s site is experiencing technical difficulties and gives a phony phone number. When a user calls the number, they’re asked to give their bank website password to the person on the other end. Before the user hangs up, their money’s already been transferred into the criminal’s accounts. Talk about social engineering!
  • Laziok Trojan Exploits Old Flaw: Hackers have devised a way to infiltrate company networks thanks to a three-year-old Windows flaw. Criminals using the “Trojan Laziok” malware tool appear to have targeted large energy companies working in the Middle East. Shockingly, there was a patch for the vulnerability that Laziok exploits back in 2012, but the gap in security was never fixed. This report reveals that individual users aren’t the only ones who are slow to patch their machines and networks. Large companies are slacking as well.