Tuesday 3 June 2014

FBI issues arrest warrant over Gameover Zeus botnet

Malware cyber criminal
THE FBI announced on Tuesday that it believes Russian citizen Evgeniy Mikhaylovich Bogachev is the leader of the gang behind the Gameover botnet, and has issued a warrant for his arrest.
Bogachev, also said to be known as "lucky12345" and "slavik" joins the Agency's Cyber Most Wanted list. In a press conference, the FBI said that Russian authorities have been "productive", although it is believed that Bogachev may have escaped the country by boat.
Gameover first hit headlines on Monday, with the UK National Crime Agency (NCA) having issued a botnet warning about the latest botnet set to attack thousands of unprotected machines. It is estimated that 15,000 machines in the UK have already been infected out of the one million worldwide, and internet service providers (ISPs) have said that they will be writing to customers that they believe have been affected.
However, it has been around for some time, and we reported back in March how hackers had been using the malware to target users of Monster.com.
Gameover Zeus (GOZ), sometimes known as P2P Zeus or GO Zeus, is a relative of the ransomware known as Cryptolocker, which has seen a resurgence in recent months with an Android variant attacking porn users.
Gameover Zeus has already resulted in the illegal transfer of millions of pounds around the world and the NCA claims that its appearance in the UK could cost computer users losses running to millions more.
The NCA has worked on a global initiative to put procedures in place that disrupt information flow between victim machines and servers. However, the Stay Safe Online website has been experienced issues, with the website crashing for some users. At time of writing it has been partially restored but appears to be struggling under the weight of traffic.
Andy Archibald, deputy director of the NCA's National Cyber Crime Unit, said, "Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals. By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them."
MD of Tagadab Steve Rawlinson was keen to emphasise that this is more than just another virus. He said, "The scale of this operation is unprecedented. This is the first time we've seen a coordinated, international approach of this magnitude, demonstrating how seriously the FBI takes this current threat.
"Botnets enable malicious activity which costs the global economy billions of pounds. Because of the way these particular botnets work it is very difficult to find the people behind the crime or to stop the botnet from spreading. This joint operation from law enforcement agencies, ISPs, and IT security vendors is a carefully coordinated strike designed to disable the botnet for a few days.
"The operation relies on public awareness and ultimately this is the key to its success or failure. If users fail to update their security in the window of opportunity then there's little the FBI or anyone else can do for them. Consumer education is hugely important because it prevents criminals from gaining the advantage, but we need a coordinated, long-term awareness campaign backed by businesses and governments across the world if we want messages about the dangers of Trojans and malware to really hit home."
Users are advised to backup all valuable data, avoid shonky looking email attachments and ensure anti-malware packages are up to date. As important, however, is the need to pass on information about the threat in order to ensure that as many people are protected during the window created by the global malware server distruption.

Russian Evgeniy Bogachev sought over cybercrime botnet

Evgeniy Bogachev 
 Evgeniy Bogachev was believed to be living in Russia, the FBI said 
 
The US has charged a Russian man with being behind a major cybercrime operation that affected individuals and businesses worldwide.
Evgeniy Bogachev, said to be known as "lucky12345" and "slavik", is accused of being involved in attacks on more than a million computers.
The charges came as authorities seized control of a botnet used to steal personal and financial data.
Computer users were urged to run checks to protect themselves from the threat.
In a press conference held on Monday, the US Department of Justice said it believed Mr Bogachev was last known to be residing in Anapa, Russia.
Cooperation with Russian authorities had been "productive", a spokesman added.
In a entry added to the FBI's Cyber Most Wanted list, it stated: "He is known to enjoy boating and may travel to locations along the Black Sea in his boat."
His charges, filed in a court in Pittsburgh, included conspiracy, wire, bank and computer fraud, and money laundering.
The UK's National Crime Agency (NCA) said people probably had "two weeks" before the criminals would get the botnet functioning again, and posted advice on how to best protect computers.
Internet service providers (ISPs) will be contacting customers known to have been affected by either letter or email. The first notices were sent out on Monday, the BBC understands.

New Point-of-Sale Terminal Malware Compromises 1,500 Devices Worldwide

Point of Sale malware 
In past few months, the malware developers are more focusing on proliferating and upgrading malicious malwares to target Point-of-Sale (POS) machines. Due to the lack of concern and security measures, point-of-sale (POS) systems have become an attractive target for cybercriminals and malware writers.
BlackPOS malware caused massive data breaches in various US retailers targeting POS machines and the largest one is TARGET data breach occurred during the last Christmas holidays. The third-largest U.S. Retailer in which over 40 million Credit & Debit cards were stolen, used to pay for purchases at its 1500 stores nationwide in the U.S.
Neiman Marcus, Michaels Store were also targeted involving the heist of possibly 110 million Credit-Debit cards, and personal information. BlackPOS malware was embedded in point-of-sale (POS) equipment at the checkout counters to collect secure data as the credit cards were swiped during transactions.

Now the latest one is the ‘Nemanja botnet,' a recently discovered new piece of malware that has infected almost 1,500 point-of-sale (POS) terminals, accounting systems and other retail back-office platforms from businesses across the world.
"The bad actors combine several attack vectors in order to infect operators’ stations – “drive-by-download” and remote administration channels hacking." researchers said.
This massive, global botnet campaign was unearthed by the Security researchers at the cybercrime intelligence firm IntelCrawler, which includes more than 1,478 hosts in almost 35 countries worldwide, including the U.S., UK, Canada, Australia, China, Japan, Israel and Italy, as well as other developing countries.
The analyzed botnet has affected various small businesses and grocery stores in different parts of the world, making the problem of retailers’ insecurity more visible after past breaches. Past incidents showed high attention from modern cybercriminality to retailers and small business segments having Point-of-Sale terminals.” Intercrowler explained in a blog post.
IntelCrawler is the company that most actively investigate the electronic crimes related to the Point-of-Sale (POS) systems. IntelCrawler is also the same firm that discovered the BlackPOS malware used in Target data breach and it also had traced the malware author of BlackPOS malware in the beginning of the year.
Nemanja botnet was discovered by the cyber intelligence company in March. It includes POS malware with keylogging capabilities that is highly being used by cybercriminals to steal sensitive information such as username and passwords and in this case, attackers used this feature to steal payment or personal identifiable data from various bank office systems and databases.
"IntelCrawler predicts that very soon modern POS malware will become a part of RAT/Trojans and other harmful software acting as a module, which may be used along with keylogger and network sniffing malware." Intercrowler explained.
IntelCrawler predicts a significant increase for the number of data breaches in the future and that in coming days modern PoS malware will be incorporated as modules into malicious remote access tools (RATs) or other Trojan programs and will be used along other components, like those for keylogging or network traffic sniffing.
Point-of-sale (POS) systems are critical components in any retail environment and users are not aware of the emerging threats it poses in near future, so to overcome the upcoming threats we should know its architecture, the areas of attacks and the defense measures. For this you can refer a Book 'Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions' to grab the in-depth research of the point-of-sale (POS) systems, how it works, how it could be exploited, and what protection measures should be taken.