Posts Tagged ‘UK’
Wednesday, May 28, 2014 @ 06:05 PM gHale
Point of sale (PoS) terminals appear to still be some low hanging fruit for the bad guys as a global cybercriminal operation infected almost 1,500 terminals, accounting systems and other retail back-office platforms from businesses in 36 countries, researchers said.
The infected systems joined together in a botnet researchers from cybercrime intelligence firm IntelCrawler called Nemanja. The researchers believe the attackers behind the operation might be from Serbia.
The size of the botnet and the worldwide distribution of infected systems brings into perspective the security problems faced by retailers from around the world, problems also highlighted by PoS breaches at several large U.S. retailers.
Past incidents suggest an increased attention from cybercriminals toward retailers and small businesses that use PoS terminals, the IntelCrawler researchers said Thursday in a blog post.
“We predict an increasing number of new data breaches in both sectors in the next few years, as well as the appearance of new types of specific malicious code targeted at retailers’ backoffice systems and cash registers,” the researchers said.
The Nemanja botnet included 1,478 infected systems in countries on most continents including the U.S., the U.K., Canada, Australia, China, Russia, Brazil and Mexico, IntelCrawler said.
An analysis of the Nemanja botnet found the compromised systems were running a wide variety of PoS, grocery store management and accounting software popular in different countries. The IntelCrawler researchers identified at least 25 different such software programs used on those systems.
This doesn’t mean the identified applications are particularly vulnerable or insecure for further use, but shows the Nemanja PoS malware is able to work with different software. Despite the ability to collect credit card data, the malware also had keylogging functionality to intercept credentials that could provide access to other systems and databases that contained payment or personally identifiable information.
IntelCrawler predicts that very soon modern PoS malware will end up incorporated as modules into malicious remote access tools (RATs) or other Trojan programs and will see use along other components, like those for keylogging or network traffic sniffing.
The other countries where the Nemanja botnet ended up detected were Argentina, Austria, Bangladesh, Belgium, Chile, Czech Republic, Denmark, Estonia, France, Germany, Hong Kong, India, Indonesia, Israel, Italy, Japan, Netherlands, New Zealand, Poland, Portugal, South Africa, Spain, Switzerland, Taiwan, Turkey, Uruguay, Venezuela and Zambia.
Tuesday, May 27, 2014 @ 05:05 PM gHale
The iPhone hack that started in Australia and New Zealand is spreading to the United States and the United Kingdom.
In a forum thread Apple users said the widely-reported ransomware attack under the name of Oleg Pliss spread to the U.S. and the United Kingdom, in addition to Australia and New Zealand.
“I’m in the US. Never been to Australia. Hacked last night by the Oleg Pliss nonsense. Currently restoring to try and get it back online,” said wheelman2188 on the Apple Support Communities forum thread.
This attack could spread globally, and many users could actually fall for the scam and pay up the $100/€100 without any guarantees that the crooks will unlock their Apple IDs.
The whole attack could have come about through a phishing email.
Phishing is a common practice used by cybercriminals to steal user names and passwords, and the Apple community has had its fair share these attacks for the past few years. Suffice to say iOS is on its way to becoming what Windows has been for the hacking community for the past decade: A sea of opportunities.
Earlier this month, an email purporting to be from Apple was sent to various iOS/OS X users with the following message:
“Dear Apple Customer,
“Your Apple ID has been Disabled for Security Reasons!
“Someone just tried to sign in into your Apple account from other IP Address.
Please confirm your identity today or your account will be Disabled due to concerns we have for the safety and integrity of the Apple Community.
“To confirm your identity, we recommend that you go to
This note came from a user who managed to avoid getting hit by the hack, but others may not be so fortunate. If you know you’ve answered to this email as instructed, change your Apple ID password ASAP.
Wednesday, May 21, 2014 @ 07:05 PM gHale
Cyber crime and investigations know no boundaries and last week 300 houses ended up raided and over 100 people arrested as part of an international law enforcement operation targeting people believed to be responsible for selling, creating and using the BlackShades Remote Access Trojan (RAT).
News of the operation came out last week, when the members of hacker forums said police raided them. On Monday, Europol confirmed the operation and provided more details.
Raids took place in over 10 countries, including Belgium, France, the Netherlands, Germany, UK, Estonia, Austria, Canada, U.S., Denmark, Chile, Italy and Croatia.
Investigators seized over 1,000 computers, laptops, mobile phones, USB sticks, external hard drives and routers.
“This case is yet another example of the critical need for coordinated law enforcement operations against the growing number of cyber criminals operating on an EU and global level,” said Troels Oerting, head of the European Cybercrime Centre (EC3).
“EC3 will continue — together with Eurojust and other partners — to work tirelessly to support our partners in the fight against fraudsters and other cyber criminals who take advantage of the Internet to commit crime. The work is far from over, but our cooperation to work together across borders has increased and we are dealing with cases on an ongoing basis.”
The BlackShades RAT, which sells for between $40 and $100, is a popular tool among cybercriminals. The malware can hijack webcams, steal files, log keystrokes, and launch denial-of-service attacks against a designated target.
In a recent case in the Netherlands, an 18-year-old used it to infect over 2,000 computers. The teen hijacked the webcams of infected devices in an effort to capture intimate pictures of women.
The FBI arrested Michael Hogue, one of the creators of BlackShades, back in 2012. However, others continued to improve the RAT even after Hogue’s arrest. In November 2013, Symantec said the use of BlackShades had increased in the previous five months.
“This case is a strong reminder that no one is safe while using the Internet, and should serve as a warning and deterrent to those involved in the manufacture and use of this software,” said Koen Hermans, assistant to the National Member for the Netherlands.
“This applies not only to victims, but also to the perpetrators of criminal and malicious acts. The number of countries involved in this operation has shown the inherent value in Eurojust’s coordination meetings and coordination centers.”
Friday, April 25, 2014 @ 03:04 PM gHale
Nine members of a cybercrime group responsible for stealing $2.1 million from bank accounts received sentences totaling 24 years and 9 months by the United Kingdom’s Southwark Crown Court.
The group used KMW (Keyboard, Video, Mouse) switches to transfer money from bank accounts at Barclays and Santander. They also made fraudulent purchases with payment cards obtained after intercepting or stealing around one million letters.
They used the cards to purchase expensive watches, jewelry and other high-value items worth more than $1.68 million, court officials said.
Lanre Mullins-Abudu, 25, received eight years in prison for one count of conspiracy to commit fraud, two counts of conspiracy to steal and one count of possession of articles for use in fraud. Steven Hannah, 53, got 5 years and 10 months in prison for conspiracy to commit fraud and possession of drugs with intent to supply.
The list also includes Tony Colston-Hayter (5 years and 6 months in prison), Darius Valentin Boldor (2 years and 6 months in prison), Dean Outram (3 years in prison), Segun Ogunfidodo (9 months suspended, community work and tag-monitored curfew), Adam Raeburn Jefferson (1 year and 9 months suspended and tag-monitored curfew for 6 months), and Dola Leroy Oduns (9 months suspended, community work and curfew).
James Lewis Murphy received six months in prison, but he has already served his sentence while in custody.
“Today’s convictions are the culmination of a long and highly complex investigation into an organized crime group whose aim was to steal millions of pounds from London banks and credit card companies,” said Detective Chief Inspector Jason Tunn, of the MPS Cyber Crime Unit.
“Through working with industry partners such as Santander and Barclays, whose efforts in assisting us were immense, we have been able to bring this group to justice,” he said.
“This case demonstrates the sheer investigative skill we are able to apply to tackling cyber crime, as we continue working to keep London people and businesses safe from cyber criminals. We are determined to make London a hostile place for cyber criminals and not allow the Internet to be a hiding place for those who defraud people in the capital,” Tunn said.
Wednesday, March 19, 2014 @ 02:03 PM gHale
There is a new operation just discovered that has over 25,000 Unix servers suffering from an infection for the past two years.
Called “Windigo” after the mythical creature from Algonquian Native American folklore, the servers are sending out 35 million spam emails each day, putting around 500,000 computers at risk of malware infection.
“Each day over half a million computers are put at risk of infection, as they visit websites that have been poisoned by web server malware planted by Operation Windigo redirecting to malicious exploit kits and advertisements,” said ESET security researcher Marc-Étienne Léveillé.
Most of the infected servers are in the U.S., Germany, France and the UK. Many of the affected servers belong to hosting providers. The list of victims includes companies such as cPanel and kernel.org.
ESET has been investigating the campaign for around one year. In total, 25,000 servers suffered infection, of which 10,000 still have the issue.
Mac users are not out in the cold as Windows users end up directed to malware-serving exploit kits. People who visit the infected websites from Macs end up pushed to adult content or served ads for dating sites.
Léveillé highlights the Ebury backdoor deployed by the attackers doesn’t exploit Linux or OpenSSH vulnerabilities. Instead, it ends up planted manually.
“The fact that they have managed to do this on tens of thousands of different servers is chilling. While anti-virus and two factor authentication is common on the desktop, it is rarely used to protect servers, making them vulnerable to credential stealing and easy malware deployment,” Léveillé said.
Pierre-Marc Bureau, security intelligence program manager at ESET, said they are investigating the campaign because cybercriminal operations that rely on Linux malware are not something we get to see every day, particularly when it comes to an operation as complex as Windigo.
Bureau said this is the biggest botnet of servers they have ever seen. What they do know is the bot masters are very good in programming and the administration of Linux systems. Additionally, they probably have good connections in the underground, considering their capabilities to send spam and install malware.
The complete paper of the Windigo operation is available on ESET’s website.
Monday, January 6, 2014 @ 03:01 PM gHale
Europe users clicking on Yahoo.com had a good chance of having their computers infected with malware from malicious ads over a four-day time frame.
Cybercriminals were able to place compromised ads.yahoo.com as early as December 30, said researchers at security firm Fox-IT. Malicious iframes placed on the website redirected users to domains hosting the Magnitude exploit kit.
The exploit kit leveraged Java vulnerabilities to push various pieces of malware, including ZeuS, Andromeda, Dorkbot, Tinba (Zusy), and Necurs.
Yahoo said users from Europe are the only ones that can suffer from the issue. Fox-IT said most infections were in Romania, the UK, and France.
Yahoo cleared up the problem by January 3. However, researchers from HitmanPro said there could be as much as 2.5 million computers infected with the malware.
The victims did not have to click on the malicious ads in order to have their devices infected with malware. Users from Europe who visited Yahoo.com from a computer running a vulnerable version of Java should immediately scan their computers with an up-to-date antivirus program to make sure they’re not a victim of the attack.
Wednesday, October 23, 2013 @ 03:10 PM gHale
A 25-year-old UK man got three years and eight months in prison for stealing account credentials which he then used to purchase goods worth $112,000 from online stores.
Sentencing Andrew Morgan and three others at Grimsby Crown Court in the UK, Judge David Tremberg said the offenses caused “enormous inconvenience and vexation” to customers.
Tremberg told Morgan he was not at the level of sophistication of professional fraudsters to devise his own hacking tool kit, but the judge described him as an “enthusiastic follower” of a forum on how to commit fraud, according to a report in the Grimsby Telegraph.
Tremberg said Morgan had played the “senior operational role” organizing multiple attacks.
He also imposed a Serious Crime Prevention Order which means Morgan cannot change his name for Internet purposes and he must keep a verifiable history of all Internet use for five years.
Accomplices included Ashton Leach, 21, of Immingham, who admitted conspiracy to commit fraud and two drug offenses, including the supply of cannabis and methadrone in November 2011.
He received eight months in prison suspended for 18 months and 80 hours of unpaid work for the fraud offenses and a further eight months suspended for 18 months and 80 hours unpaid work for the drugs offenses.
Amanda Gollings, 32, of Immingham, admitted conspiracy to commit fraud between August and September last year.
She said she had signed for goods three times but pleaded guilty on the basis that she only dishonestly signed for two of them. She received a 12-month community order and 60 hours of unpaid work.
Her cousin Sarah Louise McIntyre, 22, of Immingham, admitted using criminal property, a Nintendo DS for her son, but said she was not part of the conspiracy of her former partner, Morgan.
Prosecuting, Craig Lowe said Proceeds of Crime proceedings will end up taken against Morgan. He said Leach had received goods in 50 transactions in one month.
Lowe said Morgan hacked into confidential information held electronically by various companies, which he had learned how to do by going on websites that provide a tool kit to obtain email address and passwords.
Firms like Amazon set up accounts that store details on secure servers and end up used each time a customer makes a purchase, using a “one click” system so the customer doesn’t have to give details each time they order.
One of the stipulations of opening an Amazon account is that the billing or home address should be the same as the delivery address, to try to reduce fraud, the court heard.
On one hackers’ forum, Morgan said he had been doing fraud for two years and had “blasted it for four months with Paypal, Amazon and shops.”