Verizon Enterprise Solution has fallen victim to a serious security breach, according to Krebs On Security. Earlier this week contact details of more than 1.5 million of its customers were put up for sale on a Dark Web forum. As this branch of the company mainly handles B2B operations, the data is likely to belong to business customers.

The seller is asking $100,000 (about €89,500) for the entire database, which seems high in comparison to the usual rates in this environment. The inflated price probably reflects the higher value of data relating to business customers like big corporations—over 99% of Fortune 500 companies are Verizon customers, as Krebs on Security points out. Or perhaps the seller is putting the squeeze on Verizon to pressure the company into buying back its own data.

Read More

Suggestions

On the evening of Monday March 14th, several of the Canal Plus group’s websites, including Canalplus.fr and Canalplay.com, were briefly defaced by the pirates AMAR^SHG and Moroccanwolf.

For several hours yesterday evening, visitors looking to access several of the Canal Plus group’s pages were surprised to see a different homepage than usual. Indeed, several of the group’s sites were defaced by pirates: in other words, the home page was replaced by a page created by the hackers.

The page in question denounced the “horrors committed” by certain countries “at war”: “The war against Israel, Kosovo and Serbia, Morocco and Western Sahara, Somalia, Russia, the United States”.

Read More

Suggestions

As in any industry which has a large Business-to-Consumer (B2C) component, hotels are the target for various types of data theft and attempted fraud. The following is a brief overview of the possible scenarios.

Theft of bank cards

Hotels are under increasing threat of the theft of payment card numbers at terminal level (point-of-sale attack).

  1. The cybercriminals first succeed in penetrating the company’s networks.
  2. The infection then reaches the cash registers used to receive client payments.
  3. Information is intercepted and exfiltrated from payment cards with outdated methods of protection (e.g. magnetic strips).

Read More

Suggestions

Early in November, a cybercriminal on the Dark Web offered for sale a client database which he had previously stolen from Comcast, the US media group.

Although Comcast was the target on this particular occasion, the case is representative of current trends in terms of the theft and handling of databases.

The facts

On 5 November, an individual using the pseudonyms “Orion” and “Comcast” resorted to a Dark Market accessed via the Tor network to offer for sale a database allegedly belonging to Comcast. The database includes some 590,000 client accounts. The passwords for the accounts are in plain language (i.e. usable as they stand), which increases the value of the list for purchasers. The asking price was $300 for 100,000 accounts, or $1,000 for the whole database.

A few days later, the hacker updated his announcement, claiming to have learned that his sole customer had in fact bought the database on behalf of Comcast.

Having become aware of what the database contained, Comcast then sent an e-mail to one-third of the clients concerned, saying that their passwords had been reset in the wake of the cyberattack. The other two-thirds related to dormant accounts.

Read More

Suggestions

In July 2015, hackers claimed to have attacked the Ashley Madison dating site and threatened to publish its database. During the night of 19 August the database was made available on the Dark Web.

The Impact Team hackers targeted Ashley Madison for moral reasons: the site belongs in fact to Avid Life Media, and invites married men and women to enter into adulterous relationships. The hackers demanded the closure of the AshleyMadison.com site, and of other, similar sites operated by Avid Life Media, failing which the stolen data would be published on the Internet. Since Avid Life Media did not give way to these instructions, a Torrent link allowing the data to be downloaded was published on the TOR network on 19 August.

Read More

Suggestions

Windows 10 has been distributed since July 2015 by means of Windows notifications and e-mails. This is an interesting opportunity for hackers to employ social engineering methods to encourage users to download viruses.

  • The first malware based on faking Windows 10 distribution was CTB-Locker, a ransomware which is not uncommon. In this campaign, an e-mail, apparently sent by update@windows.com, contains an attachment which supposedly downloads Windows 10, but in reality is a .zip file which deploys CTB-Locker. Compared with other ransomware, such as Cryptowall, CTB-Locker differs by asking the victim to pay in bitcoins via a TOR site for his files to be released.
  • Another campaign, in Brazil, uses similar e-mails to make victims download malware. This is a VBE script to introduce further malware, which captures the victim’s data.

Read More

Suggestions

A team of IT researchers has revealed the fraudulent activities of a group of Nigerian cybercriminals specialising in the theft of bank logins by phishing and spear-phishing attacks.

  • Since the early 2000’s, these cybercriminals are believed to have misappropriated several million dollars by using social engineering techniques to infect the computers of thousands of victims.
  • People from 54 different countries have been targeted, mainly in India, Indonesia and Vietnam. The cybercriminals seem to have concentrated on persons whose first language is not English and are therefore less suspicious of the e-mails and documents sent. The target countries also appear to be those where the attackers probably have bank accounts to facilitate fraudulent transfers.
  • The techniques employed are relatively conventional. Using the Microsoft Word Intruder (MWI) exploit kit, the attackers created infected Microsoft Word documents which concealed keyloggers, such as HawkEye or KeyBase. The documents were then sent to the victims as attachments to apparently benign or legitimate e-mails. The bank login data collected by the keyloggers were then sent to a single Command & Control server belonging to the attackers.
  • The technical expertise of the cybercriminals hardly seems great, insofar as they used e-mail lists which were already available on the Dark Web to select their victims, and purchased tutorials on phishing and the use of keyloggers on the cybercrime market.

Read More

Suggestions