Posted April 14, 2015
Welcome to the Cyveillance Weekly Cyber Security Trends Report
Since threat intelligence is constantly evolving, we publish this weekly cyber security trends report to keep our customers updated on the latest threats across a variety of industries. You can read an abridged version below. Follow us on Twitter and subscribe to our blog to make sure you don’t miss any of the latest security articles from Cyveillance experts.
- Researchers said that an active campaign using a variant of Dyre malware has successfully stolen more than $1 million from targeted enterprise organizations. The campaign, named “The Dyre Wolf” shows a twist from the once-simple Dyre malware by adding sophisticated social engineering tactics likely to circumvent two-factor authentication. In recent incidents, organizations lost between $500,000 and $1.5 million to attackers.
- An article on D1net.com investigating the DDoS attacks targeting Github over the past weeks shows the evidence for the source of the attacks to be originated from China.
Legal and Regulations
- The Office of the U.S. Trade Representative last month released its fifth annual Notorious Markets List, a publication of select online and physical marketplaces that facilitate intellectual property violations. While many of the countries hosting the markets in the List are accused of intellectual property violations in other major studies, a number of online marketplaces are based in countries that have established intellectual property protections and are therefore not usually seen as offenders, such as Spain, Sweden, Germany, Canada, and the United Kingdom. While identifying notorious intellectual property offenders has proven effective for private and public entities to encourage reform by highlighted offenders, the list has no legal bearing.
- A new payment system breach is currently being investigated by hotel management company White Lodging at 10 of its properties across the United States. The intrusion is believed to have lasted for about 7 months, from July 3, 2014, until February 6, 2015, and impacted the point-of-sales systems at restaurants and lounges present on the premises of Marriott, Renaissance, Sheraton, and Courtyard hotels.
- “In the push for more revenue growth, Twitter has been building up its business in areas like advertising and commerce, but a move made late Friday night points to another area where the company is setting its sights: big data analytics. Twitter announced that it will be terminating agreements with third parties for reselling firehose data — the unfiltered, full stream of Tweets and all related metadata that goes along with them. Instead, it will use its own in-house big data analytics team, which it developed around its acquisition of Gnip in 2014, to seek to build direct relationships with the data companies, brands and others that use Twitter data to measure consumer sentiment, market trends and other moving targets that can be better understood by tracking online conversations — a transition it says it hopes to have completed by mid-August.
- Hackers have co-opted AlienSpy, a remote access tool, to deliver the Citadel banking Trojan and establish backdoors inside a number of critical infrastructure operations. AlienSpy is a descendent of the Adwind, Unrecom and Frutas Java-based remote access Trojans, according to security company Fidelis, which is owned by General Dynamics. Fidelis said today in its report that AlienSpy RAT infections have been reportedly been spreading via phishing messages, and have been discovered inside technology companies, financial services, government agencies, and energy utilities.
- An international task force created last year to combat cyber crimes scored an early victory this week, shutting down malicious servers that had infected at least 10,000 machines, mostly in the U.S. The new Joint Cybercrime Action Taskforce, which is collaborative effort with the FBI, Europol and other law enforcement agencies worldwide, managed to pull the plug on the Beebone botnet quickly.