A new kind of banking trojan has just appeared in the United States and Canada by attacking the customers of 24 different banks and e-commerce websites since early April.

A condensed technology

GozNym resembles a traditional banking malware in the same vein as Zeus and Citadel. It uses a rather conventional method of infection and goes through an infected attachment or a drive-by download (automatic download after simply visiting a website).

But the peculiarity of Goznym lies more in its code, because the Trojan is actually a mixture of two malwares, Gozi and Nymaim – hence the name “Goznym” given by the researchers from IBM X-Force Research who are behind the discovery.

Read More

Suggestions

Verizon Enterprise Solution has fallen victim to a serious security breach, according to Krebs On Security. Earlier this week contact details of more than 1.5 million of its customers were put up for sale on a Dark Web forum. As this branch of the company mainly handles B2B operations, the data is likely to belong to business customers.

The seller is asking $100,000 (about €89,500) for the entire database, which seems high in comparison to the usual rates in this environment. The inflated price probably reflects the higher value of data relating to business customers like big corporations—over 99% of Fortune 500 companies are Verizon customers, as Krebs on Security points out. Or perhaps the seller is putting the squeeze on Verizon to pressure the company into buying back its own data.

Read More

Suggestions

IT security researchers at Kaspersky Lab have detected and analyzed a banking Trojan thought to be one of the most dangerous ever seen on Android application platforms.

This malware, known as Acecard, has the capacity to attack users of around fifty apps and online payment services available to download from Google Play. It would be able to bypass the security measures demanded by the app store.

A full range of functionality

This malware is equipped with currently available features, allowing it to steal users’ personal and banking details. For example, it can capture a bank’s text and voice messages and can also display a login form, overlaid on a genuine app, in an attempt to steal credit cards as well as usernames and passwords.

Read More

Suggestions

Over a one-week period, the IT network of a Californian hospital was completely paralysed by a cyberattack and forced to declare an emergency.

A group of hackers, whose identities remain unknown, infected the IT networks of the Hollywood Presbyterian Medical Center, using malware to encrypt all the hospital’s data. The hackers initially demanded a ransom of 9,000 bitcoins (3.3 million euros) to allow the hospital to regain control over its data. A few days later, the pirates changed their minds and adjusted the demand to 40 BTC (approximately 15,000 euros), which the hospital eventually paid.

Unexpected consequences

The encryption of data, combined with the rapid propagation of the malware through the hospital’s user terminals and servers, rendered several items of hospital equipment unusable. No longer able to provide full care services, or to access patients’ data, the hospital was forced to put safety first and moved almost 900 persons to another hospital in the region.

Read More

Suggestions

In 2015, the most frequently-used password was (and still is) “123456”. For reasons of security, and because users cannot always remember a strong, unique password for each account, businesses are taking the bull by the horns and testing new ways of authentication. This article will take you on a quick tour of intrusion-prevention methods.

Simple authentication

On the decline, but certainly the most-used, this method of authentication greatly simplifies the user experience and consists of a password combined with a user name.

Level of security: The method is relatively fallible, since it is not complicated to steal a user’s password, using a phishing operation or even by brute force.

Services using the method: All.

Read More

Suggestions

At the end of October, a group of experts from major cybersecurity companies issued a highly detailed description of the economics of Cryptowall ransomware.

This threat, which has spread widely since June 2014, is thought to have cost hundreds of thousands of victims 325 million dollars. On October 22, a senior FBI employee said the following on the subject of Cryptowall: “To be honest, we often advise people simply to pay the ransom”.

Cryptowall is one of the most widespread ransomwares, along with TorrentLocker, TeslaCrypt and CTB-Locker. This malware is distributed through phishing e-mails (about two-thirds of infections) and via infected websites (approximately one third of infections) :

Read More

Suggestions

Despite a joint operation launched in mid-October by the US FBI and the British National Security Agency, Dridex malware is again active, mainly targeting French users.

The Dridex malware specialises in the theft of banking data. It records the victim’s login details when they visit their bank website:

  • This is a more sophisticated version of Cridex, which dates from 2011.
  • Whereas Cridex propagated itself through infected websites, Dridex is based on documents containing booby-trapped macros.
  • When identified in November 2014, Dridex had infected businesses in more than 26 countries, causing heavy financial losses ($10 million in the United States and £20 million in the United Kingdom).

The campaign launched by the United States and the United Kingdom resulted in several arrests and seizures of machines involved in the botnet which maintained the propagation and operation of the malware.

However, Dridex has become active again, mainly targeting French internet users:

Read More

Suggestions