Security Brief: POS Malware, Sabu’s Sentencing, RedHack Attacks, Hacked Fridges

Security brief for January 13 – 19, 2014

If you haven’t been online much over the past week, this is your chance to catch up on the IT security stories you might have missed.

There has been a lot of talk about point-of-sale (POS) malware over the past week, mainly because such threats have been used in the recent attacks against some US retailers, including Target and Neiman Marcus.

Shortly after Target’s CEO admitted that cybercriminals had installed malware on the company’s POS registries, more and more details surfaced not only about the malware itself, but also about the people who might have developed it.

Seculert has determined that the attackers had stolen around 11 Gb of information from Target’s systems by using a piece of malware that’s based on BlackPOS. BlackPOS is said to be developed by a Russian teenager who has been selling his creation for $2,000 (€1,500).

In the meantime, IntelCrawler has identified a new POS malware, dubbed Decebal, apparently developed by Romanians. The threat has been written in VBScript and its functionality code is made up of less than 400 lines.

This past week was pretty quiet on the hacktivism front. However, two of the world’s most notorious groups, RedHack and the Syrian Electronic Army, have been very busy.

RedHack launched DDOS attacks, leaked data, and exposed cross-site scripting vulnerabilities on high-profile sites. The group exposed the wrongdoings of the mayor of Turkey’s capital city of Ankara, and leaked the phone numbers of government officials and Turkcell employees. The hacktivists have also disrupted the official site of Turkey’s Central Bank.

As far as the Syrian Electronic Army is concerned, the hackers started the week by demonstrating that they’ve hacked a lot of online accounts associated with Microsoft, including an Xbox Twitter account, the Microsoft News Twitter account, and the emails of some employees.

Later in the week, Turkish hackers of Turkguvenligi breached and defaced the official website of the Syrian Electronic Army through its hosting provider. However, the Syrian group highlighted the fact that this incident would not impact their operations.

And they were right. A couple of days later, the SEA announced breaching a total of 16 Saudi Arabian government websites in protest against terrorism.

Pakistani hackers proudly announced breaching the systems of the Montenegro (.ME) domain registrar. TeaM MaDLeeTs claimed to have defaced a total of 3,500 parked domains. Representatives of the registrar provided clarifications regarding the attack, highlighting the fact that it wasn’t as bad as it looked.

The sentencing of Hector Monsegur, better known as Sabu of the LulzSec hacker group, has been delayed once again. Sentencing has been postponed for April 2.

In the meantime, the Free Jeremy Hammond group has revealed that Jeremy Hammond, the hacker who’s currently serving a 10-year sentence for breaching Stratfor, will serve his time at FCI Manchester.

Researchers from Proofpoint have been monitoring an interesting cyberattack as part of which over 750,000 spam emails had been sent out from 100,000 compromised devices. What’s interesting about the attack is that some smart devices have been abused, including multimedia centers, routers, TVs, and even a fridge.

The story sounds interesting, but some experts are questioning the accuracy of the research.

Here are some other stories worth reading, in case you’ve missed them:

Man admits to hacking the email accounts of AOL employees, including the company’s CEO

Vulnerability that could have been exploited to hijack Mt.Gox accounts fixed

AVG confirms that one of its webservers has been breached and defaced

Wickr launches bug bounty program

TeamBerserk leaks data from DHS Intelligence Fusion Centers


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s