News briefs, November 2015
»FireEye Labs discovered the first multi-vendor ATM malware specifically targeting cardholders. Backdoor.ATM.Suceful, or SUCEFUL, is capable of retention or ejection of the card on demand, which could be used to steal the physical card. In Diebold or NCR ATMs, SUCEFUL can read data and suppress ATM sensors to avoid detection. Control of the malware is also possible via the ATM PIN pad.
»For a second time, adult website xHamster was used as part of a malvertising campaign. This latest campaign might be related to one that impacted Yahoo.com and MSN.com, leveraged free cloud-based platforms and served ads via TrafficHaus. Users were pushed to the Angler Exploit Kit, which infected their systems with malware. TrafficHaus stopped the initial attack, but days later the team observed more malvertising where browlock, a browser-based ransomware, was distributed.
»PNI Digital Media, CVS and Costco issued statements that some customers' personal information might have been compromised following a cyberattack that shut down PNI-run online photo print operations at six retailers. PNI, which is owned by the office supply superstore chain Staples, said malware was inserted into their system and this may have led to some data being captured.
»Rochester, N.Y.-based Excellus Bluecross BlueShield (BCBS) and affiliate Lifetime Healthcare Companies (LTHC) were breached. The health insurance organizations learned in early August that unauthorized access was gained to IT systems in late 2013, and personal information on 10.5 million individuals may have been compromised. An investigation conducted along with Mandiant revealed that personal data, and in some cases clinical information, could have been affected.
»Anonymous launched another online battle against members of the Islamic State (IS, formerly ISIS/ISIL) group. The hacktivists targeted and attacked the online network of supporters and suspected websites of the IS. A recent developing offshoot of the Anonymous group, known as GhostSec or Ghost Security, revealed that their members are attacking thousands of publicity websites and social media accounts operated by the ISIS group.
»During September, malware disguised as an Android game twice made its way into the Google Play store and each time had between 100,000 and 500,000 downloads – making for a potential total infection rate of one million users. The threat is a working game called Brain Test and it was identified by researchers with Check Point Software Technologies. It has only been observed pushing ads, but the advanced malware uses tricks to bypass app vetting system Google Bouncer, uses privilege escalation exploits to gain root access on the device, and takes steps to maintain persistence so it cannot easily be deleted.
»South Korea's National Intelligence Service (NIS) is blaming North Korea for hacking into the Seoul Metro subway breaking into and infecting 210 employee computers between March and August in 2014. The NIS said the hackers implanted 58 malicious codes into the computers using the Advanced Placement Threat (APT), which is the same methodology that the North Koreans used in 2013 to attack banks and broadcasters in South Korea.