Blog

By Andrew Paulette

1.) This Dark Web Site Creates Robocalls to Steal People’s Credit Card PINs (June 20, 2017)

https://motherboard.vice.com/en_us/article/3knz98/dark-web-site-robocalls-to-steal-credit-card-pins

Summary: A new service offers cybercriminals automated social engineering as a service. In the internet underground, cybercriminals regularly exchange stolen credit card and debit card numbers and people’s personal information—data they usually refer to as “dumps.” But having someone’s credit card number isn’t great if you just want to get some cash. For that you’d need their ATM pin too.

Why it matters: Software-as-a-Service, Security-as-a-Service – why not Social Engineering-as-a-Service? As automation and the desire for cost savings drives the IT and Cyber Security​ industry to offer new products to simplify the lives of their customers, cyber criminals will also attempt to line their pockets by offering products to make the lives of their fellow cyber criminals easier.  Regardless of the service’s current effectiveness, these types of offerings will continue to grow in the future, creating more attack vectors for cybersecurity professionals to monitor.

2.) RESEARCHERS FIND BLACKENERGY APT LINKS IN EXPETR CODE (July 3, 2017)

https://threatpost.com/researchers-find-blackenergy-apt-links-in-expetr-code/126662/

Summary: Researchers have found links between the BlackEnergy APT group and threat actors behind the ExPetr malware used in last month’s global attacks. According to researchers at Kaspersky Lab, there are strong similarities between older versions of BlackEnergy’s KillDisk ransomware compared to ExPetr code.

Why it matters: ​While threat actors may not leave their name on their malware, attribution in cybersecurity helps give analysts insight into the probable attacker, which also providing perspective on their motives. Linking the NotPetya/ExPetr attacks to the BlackEnergy APT sheds light on the intent of the attackers, while also providing a somewhat concerning revelation that the techniques and tactics used by this group have accelerated quickly, going from spearphishing attempts to steal credentials from admins within an organization to breaching the supply chain of a software vendor to launch wiper attacks against Ukraine’s business sector.

3.) Ukrainian police seize software company’s servers (July 5, 2017)

https://apnews.com/fbb32bb07f7047ba945360e8cbd522cf

Summary: Ukraine’s national cybercrime unit seized servers belonging to a small company at the center of a global outbreak of malicious software after “new activity” was detected there, the service said in a statement early Wednesday.

Why it matters: While Ukrainian company M.E. Doc has continued to deny that its servers were compromised and used as the initial vector for the spread of the NotPetya “Ransomware,” analysis from multiple security firms and intervention by Ukrainian law enforcement seems to all but definitively confirm that this company was compromised and used as the vector to start this attack. There are two lessons learned from the NotPetya attack:

1) cybersecurity is not only about securing your company’s infrastructure, but analyzing access to your network from partners and other third parties, and

2) cybersecurity matters for all companies, big and small.

While all accounts suggest that M.E. Doc is a smaller company compared to some of the more obvious targets for threat actors, the reality is that even as a small organization, their software’s use across much of Ukraine’s business sector ensured that as a company with vulnerabilities in their software and update service, they became the perfect target to attack a larger number of businesses.

4.) In quest to replace Common Access Card, DoD starts testing behavior-based authentication (July 5, 2017)