Posts Tagged ‘UK’
Wednesday, March 19, 2014 @ 02:03 PM gHale
There is a new operation just discovered that has over 25,000 Unix servers suffering from an infection for the past two years.
Called “Windigo” after the mythical creature from Algonquian Native American folklore, the servers are sending out 35 million spam emails each day, putting around 500,000 computers at risk of malware infection.
“Each day over half a million computers are put at risk of infection, as they visit websites that have been poisoned by web server malware planted by Operation Windigo redirecting to malicious exploit kits and advertisements,” said ESET security researcher Marc-Étienne Léveillé.
Most of the infected servers are in the U.S., Germany, France and the UK. Many of the affected servers belong to hosting providers. The list of victims includes companies such as cPanel and kernel.org.
ESET has been investigating the campaign for around one year. In total, 25,000 servers suffered infection, of which 10,000 still have the issue.
Mac users are not out in the cold as Windows users end up directed to malware-serving exploit kits. People who visit the infected websites from Macs end up pushed to adult content or served ads for dating sites.
Léveillé highlights the Ebury backdoor deployed by the attackers doesn’t exploit Linux or OpenSSH vulnerabilities. Instead, it ends up planted manually.
“The fact that they have managed to do this on tens of thousands of different servers is chilling. While anti-virus and two factor authentication is common on the desktop, it is rarely used to protect servers, making them vulnerable to credential stealing and easy malware deployment,” Léveillé said.
Pierre-Marc Bureau, security intelligence program manager at ESET, said they are investigating the campaign because cybercriminal operations that rely on Linux malware are not something we get to see every day, particularly when it comes to an operation as complex as Windigo.
Bureau said this is the biggest botnet of servers they have ever seen. What they do know is the bot masters are very good in programming and the administration of Linux systems. Additionally, they probably have good connections in the underground, considering their capabilities to send spam and install malware.
The complete paper of the Windigo operation is available on ESET’s website.
Monday, January 6, 2014 @ 03:01 PM gHale
Europe users clicking on Yahoo.com had a good chance of having their computers infected with malware from malicious ads over a four-day time frame.
Cybercriminals were able to place compromised ads.yahoo.com as early as December 30, said researchers at security firm Fox-IT. Malicious iframes placed on the website redirected users to domains hosting the Magnitude exploit kit.
The exploit kit leveraged Java vulnerabilities to push various pieces of malware, including ZeuS, Andromeda, Dorkbot, Tinba (Zusy), and Necurs.
Yahoo said users from Europe are the only ones that can suffer from the issue. Fox-IT said most infections were in Romania, the UK, and France.
Yahoo cleared up the problem by January 3. However, researchers from HitmanPro said there could be as much as 2.5 million computers infected with the malware.
The victims did not have to click on the malicious ads in order to have their devices infected with malware. Users from Europe who visited Yahoo.com from a computer running a vulnerable version of Java should immediately scan their computers with an up-to-date antivirus program to make sure they’re not a victim of the attack.
Wednesday, October 23, 2013 @ 03:10 PM gHale
A 25-year-old UK man got three years and eight months in prison for stealing account credentials which he then used to purchase goods worth $112,000 from online stores.
Sentencing Andrew Morgan and three others at Grimsby Crown Court in the UK, Judge David Tremberg said the offenses caused “enormous inconvenience and vexation” to customers.
Tremberg told Morgan he was not at the level of sophistication of professional fraudsters to devise his own hacking tool kit, but the judge described him as an “enthusiastic follower” of a forum on how to commit fraud, according to a report in the Grimsby Telegraph.
Tremberg said Morgan had played the “senior operational role” organizing multiple attacks.
He also imposed a Serious Crime Prevention Order which means Morgan cannot change his name for Internet purposes and he must keep a verifiable history of all Internet use for five years.
Accomplices included Ashton Leach, 21, of Immingham, who admitted conspiracy to commit fraud and two drug offenses, including the supply of cannabis and methadrone in November 2011.
He received eight months in prison suspended for 18 months and 80 hours of unpaid work for the fraud offenses and a further eight months suspended for 18 months and 80 hours unpaid work for the drugs offenses.
Amanda Gollings, 32, of Immingham, admitted conspiracy to commit fraud between August and September last year.
She said she had signed for goods three times but pleaded guilty on the basis that she only dishonestly signed for two of them. She received a 12-month community order and 60 hours of unpaid work.
Her cousin Sarah Louise McIntyre, 22, of Immingham, admitted using criminal property, a Nintendo DS for her son, but said she was not part of the conspiracy of her former partner, Morgan.
Prosecuting, Craig Lowe said Proceeds of Crime proceedings will end up taken against Morgan. He said Leach had received goods in 50 transactions in one month.
Lowe said Morgan hacked into confidential information held electronically by various companies, which he had learned how to do by going on websites that provide a tool kit to obtain email address and passwords.
Firms like Amazon set up accounts that store details on secure servers and end up used each time a customer makes a purchase, using a “one click” system so the customer doesn’t have to give details each time they order.
One of the stipulations of opening an Amazon account is that the billing or home address should be the same as the delivery address, to try to reduce fraud, the court heard.
On one hackers’ forum, Morgan said he had been doing fraud for two years and had “blasted it for four months with Paypal, Amazon and shops.”
Monday, October 21, 2013 @ 05:10 PM gHale
As the United Kingdom attempts to secure its future energy needs and cut greenhouse gas emissions, Britain inked a pact with a French energy company and Chinese investors to build the country’s first nuclear power plant in 18 years.
The government struck a deal with Electricite de France and a group of Chinese investors Monday to build the country’s first nuclear power plant since 1995
“If people at home want to be able to keep watching the television, be able to turn the kettle on, and benefit from electricity, we have got to make these investments,” Energy Secretary Ed Davey told the BBC. “It is essential to keep the lights on and to power British business.”
The deal for the new reactor at Hinkley Point in southwest England, which will generate power in 2023, underlines the desperation politicians across Europe face in meeting energy needs amid dwindling fossil fuel resources and rising costs.
Germany decided two years ago to shut down all of its nuclear power plants by 2022, following years of anti-nuclear protests and the meltdown at Fukushima, Japan in 2011 after an earthquake and tsunami devastated the facility. But the effort needed to ramp up renewable energy sources to replace domestic nuclear reactors is costly because the country must build many new wind, solar, water and biomass plants and Germany must overhaul its energy grid to balance the fluctuating supply such power sources provide.
One of the last barriers to the British deal ended up removed during a visit to Asia last week by Treasury chief George Osborne, who said Chinese firms could invest in civilian nuclear projects.
China General Nuclear Corp. and China National Nuclear Corp will provide 30 percent to 40 percent of the financing under the agreement in principle, EDF said. EDF, majority-owned by the French government, will provide 45 percent to 50 percent.
The deal also helps China, which relies on foreign technology for its generating stations and is trying to develop its own reactors.
Friday, September 27, 2013 @ 05:09 PM gHale
The crack down on cyber bad guys is ongoing throughout the world and law enforcement agencies are finding some success in a very difficult environment to find and capture criminals.
A small snapshot of a triumph for the white hats shows that UK law enforcement anti-hacker efforts stopped the theft of over $1.6 billion (£1billion) in just over two years, according to the Met’s Police Central e-crime Unit (PCeU).
As well as the money, the report also said PCeU operations have led to 126 suspects arrested and 89 people convicted, with 30 more awaiting trial, according to the PCeU Harm and reduction report 2013.
The operations also disrupted 26 national and international cyber-based organized crime groups and secured 184 years imprisonment for the 61 criminals.
At first the police said they would cut the cost of cyber crime by $813 million (£504 million) within four years in 2011. The report highlighted the Allandale and Caldelana operations as key victories that helped it double its projected goal.
Operation Allandale was a sting against a gang conspiring to defraud banks worldwide using a sophisticated phishing scam. The operation resulted in the arrest of three men and prevented $119 million (£74 million) worth of financial damage.
Operation Caldelana saw police target an organized crime group responsible for a sophisticated phishing scam responsible for stealing money from victims’ bank accounts. The operation prevented $63 million (£39 million) worth of damage.
“The PCeU has exceeded all expectations in respect of making the UK’s cyber space more secure,” said Commander Steve Rodhouse, head of gangs and organized crime at the Met. “This is due to its innovative partnership work with industry and law enforcement across the globe and its dynamic system for developing intelligence, enforcing the law and quickly putting protection measures in place,” he said.
Monday, September 16, 2013 @ 05:09 PM gHale
Over half of companies are more worried about their own employees turning rogue than about external cyber-threats, a survey said.
While cyber security is a global issue, this survey, conducted by IT Governance, wanted to show how company directors and board members currently perceive IT security issues. Most of the respondents in this survey are from the UK, are IT professionals, and work for tech and financial firms, telecoms, and the government/local authorities. It does give a regional snapshot on some security issues.
A quarter of the 260 respondents said their organization received a concerted cyber attack in the past 12 months. However, the true total may be higher, as over 20 percent are unsure if their organization has been subject to an attack.
Despite that, over 40 percent of respondents said their company is either making the wrong level of investment in information security or are unsure if their investment is appropriate.
And it doesn’t help that reports on the status of the organization’s IT security often gets delivered once a year or in even bigger intervals — or in 30 percent of the cases board-level job candidates are aware and understand current IT security threats.
The good news is customers are beginning to take the company’s security credentials into consideration when choosing their suppliers. Seventy-four percent of respondents said their customers prefer dealing with suppliers with such credentials, while 50 percent said customers asked their company about its information security measures in the past 12 months.
Despite all this, compliance with the ISO/IEC 27001 security standard is not high (around 35 percent) with the companies whose employees/managers have been polled.
Thursday, August 22, 2013 @ 04:08 PM gHale
Yes, the cyber threat from criminals and nation states is very real, but when push comes to shove, over 50 percent of businesses consider their own employees the greatest security threat, according to a new survey.
Fifty-four percent of respondents believe insiders are the biggest threat, compared to 27 percent who fear criminals the most, 12 percent state-sponsored cyber attacks and 8 percent competitors, according to the survey conducted by IT Governance.
On top of that, 25 percent of respondents said their business had received a “concerted cyber-attack” in the past 12 months.
That number could actually be higher, as 21 percent of respondents said they do not know whether or not they suffered such an attack, said officials at IT Governance, a UK-based security provider.
The UK government, among many others, has made a concerted effort to make IT security a board-level issue. IT Governance’s survey suggests there is some board level recognition of IT security, but that there is room for improvement.
The majority of respondents (58 percent) said their organization gives the board of directors “regular” report on the state of its IT security. That is an encouraging figure, but for 35 percent of those companies that provide reports, they are filed “less than annually.”
Only 30 percent of respondents said an understanding of IT security is a pre-requisite for a position on the board.
Other findings from IT Governance’s survey include the fact 50 percent of respondents said customers had inquired about their IT security measures in the past 12 months, and 26 percent have lost sleep because of worries about IT security.
IT Governance surveyed 260 respondents, mostly business and IT executives from businesses in the UK and U.S.
Click here to download the survey.