Entries with tag cybercrime.

European ATM Vulnerability Lets Crooks Cash Out

Interpol has discovered a vulnerability in cash machines that criminals can leverage to steal money. The international law-enforcement agency says it is investigating the matter and alerting countries in Europe, Latin America, and Asia that hackers have targeted. Security vendor Kaspersky Lab, which discovered the hack, says infected ATMs can be prompted to dispense 40 banknotes without a card simply by entering a series of digits on the keypad. Hackers infect machines with Tyupkin malware via a boot CD. They can then selectively unlock compromised machines and let hired thieves withdraw specified amounts of money. The cash is taken from the ATM’s store of money and not from a customer’s account. ATM security is notoriously weak and badly needs upgrading, according to Kaspersky. (BBC)(Kaspersky Lab SecureList)


US Officials: Military Acquisition Rules Don’t Keep Pace with Cyberthreats

Existing US military acquisition rules prevent fast responses to cyberattacks launched against US weapons and computer networks, according to experts. They say new approaches are needed to address these issues. Acquisition programs typically need two years to be initiated and executed. However, stated Kristina Harrington, director of the National Reconnaissance Office’s Signals Intelligence Directorate, “Two years … is too late in the cyberindustry.” After getting an item budgeted, there is still another two years for it to pass through the requirements process. This places the government at least three years behind the private sector in adopting technology. The Signals Intelligence Directorate is investigating changes in government contracting that would let it be more responsive. (Reuters)(Breaking Defense)

Criminal Ring Targets Small Retailers in Data-Theft Operation

A group of cybercriminals used point-of-sale malware to gather payment-card data from 24 million transactions in two months from small retailers in 11 countries, before investigators shut down its operations. The group used the ChewBacca Trojan in its called in its attacks, which took place in Australia, Canada, Russia, and the US, according to RSA FirstWatch security research-and-analysis organization. The US FBI used forensics information from RSA to shut down the hackers’ command-and-control server. Security vendor Kaspersky Lab said their malware stole data via keylogging and also scanned memory dumps for credit-card data that it sent to the system’s command-and-control server via the Tor anonymizing network. RSA researchers estimate the malware started gathering data about 25 October 2013. (Reuters)(ZD Net)(Kaspersky Lab Securelist)(RSA FirstWatch)

Newly Found Android Botnet Is Used in Multiple Spyware Campaigns

A newly discovered mobile botnet—which researchers from security vendor FireEye describe as “one of the largest advanced mobile botnets to date”—is being used for at least 64 spyware campaigns targeting Android devices. Once an Android device is compromised, the MisoSMS botnet uses malware to steal a user’s text messages and e-mail them to cybercriminals in China. The infection is prevalent on Android devices in Korea, explain researchers. They say the attackers appear to be using command-and-controls servers in Korea and China to access the text messages. (SlashDot)(FireEye)

Hackers Increasingly Target Mining Firms

A new survey by the Ernst & Young professional services firm found that metals and mining companies are increasingly vulnerable to hacking. The study said the threats come from many sources including criminals trying to gain financially from supply disruptions through commodity pricing changes, rivals seeking business secrets, governments and state-owned firms looking to gain an advantage in contract negotiations, and antimining activists. More than 40 percent of surveyed metals and mining companies stated that they had seen increased external threats in the past 12 months. Most vulnerable were small or mid-size firms, which don’t consider themselves to be hacking targets. (Reuters)(The Australian) 

US Authorities Charge Hackers in Huge, High Profile Attacks

US authorities have charged four Russians and a Ukrainian in connection with an extensive, eight-year hacking operation in which they allegedly stole 160 million credit-card numbers and sold them on the black market. The network’s targets included numerous high-profile payment processors, retailers, and financial institutions including the 7-Eleven convenience-store company, Dow Jones, the Hannaford Bros. supermarket chain, the J.C. Penney department stores, and Visa Jordan Card Services, a licensee of the Visa credit-card company in the country of Jordan. Hackers initially penetrated the networks via SQL injection attacks and then added a backdoor to enable easy ongoing access. They stole usernames, passwords, other types of personal identification used for verification, credit-card numbers, and debit-card information. The hackers sold the data to identity-theft wholesalers for $10 per US credit card and associated data; $15 per Canadian credit card and associated data; and $50 per European credit card and associated data. The wholesalers put the information onto blank credit or debit cards that could be used to withdraw money or make purchases. Authorities indicted the suspects on charges including conspiracy to gain unauthorized access to computers, conspiracy to commit wire fraud, and wire fraud. Two were arrested in the Netherlands and have been extradited to the US, but the other three are at large. (SlashDot)(SecurityWeek)(The New York Times)

Security Researcher Thwarts Attempt to Frame Him for Heroin Possession

A US-based Internet-security researcher has discovered and blocked a hacker’s attempt to frame him for possession of heroin. Researcher Brian Krebs claims a Russian cybercrime forum’s administrator devised a plan to purchase heroin using bitcoin donations from other forum members and deliver the drugs to Krebs. A compatriot was then supposed to pretend to be a concerned neighbor and call the police to raid the researcher’s house.Krebs, however, saw the plot unfold while monitoring the Russian website and contacted the FBI and local police, who took the drugs once they arrived. Krebs noted that this is not the first attempt by cybercriminals to cause problems for him that might dissuade him from reporting on them. “One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home,” he wrote. “Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in bogus PayPal donations from hacked accounts. Still more ‘admirers’ paid my cable bill for the next three years using stolen credit cards. Malware authors have even used my name and likeness to peddle their wares.” (BBC)(Krebs on Security) 

Report: Cybercrime Rising in Caribbean, Latin America

New research shows cybercrime is increasing in the Caribbean and Latin America, with the number of incidents reported in regional countries up by as much as 40 percent. The new report, in which security vendor Trend Micro , compared statistics from 2011 and 2012, for the Organization of American States (OAS), suggests the percentages may actually be low because of a lack of reporting or inadequate detection of problems. Critical infrastructure, industrial control systems, and financial institutions are frequent targets of attacks in the Caribbean and Latin America. Trend Micro contends the traditional organized crime syndicates are responsible for creating sophisticated cybercrime tools used in these attacks. The report also finds hacktivism, attacking sites in the name of promulgating a particular cause, on the rise; Mexico alone saw a 40 percent increase in such attacks, particularly during the presidential election campaign. Trend Micro worked on the study with the OAS’s Secretariat for Multidimensional Security. They invited all 32 OAS member states to participate, but only 20 responded. Despite the overall upward cybercrime trend, Chile and Columbia reportedly saw fewer attacks in 2012. (Dark Reading)(ZDNet)(Trend Micro)

New Threat: Computers with Factory-Installed Malware

Cybercriminals are now installing malware before computer systems leave the factory, according to newly released information from Microsoft. The company found botnet malware called Nitol that  lets criminals  steal information that can ultimately be used to steal money from infected users’ online bank accounts. Microsoft says the criminals responsible for Nitol exploited insecure supply chains to have viruses installed as PCs were being built. It says its investigators purchased 20 PCs --10 desktops and 10 laptops -- from different cities in China and found four viruses. The malware was traced to counterfeit software some Chinese PC makers were installing. Nitol is allegedly linked to a web domain that has been involved in cybercrime since 2008. Microsoft was given permission by a US court to seize the domain, blocking any trafficking of stolen data. Nitol infections  aren’t restricted to mainland China. Infected machines have been discovered in the US, Russia, Australia, Germany, and the Cayman Islands. Microsoft claims that this is its second such botnet disruption action in a six-month period. The court documents were unsealed today. (BBC)(Associated Press)(The Official Microsoft Blog)

Showing 9 results.