The Monday Media Wrap Up: Al Jazeera Hack, Cybersecurity Insurance, and Russia Election Hack

Share and earn Cybytes
Facebook Twitter LinkedIn Email

A new kind of Twitter hack is spreading fake news in Venezuela

The Verge | Russell Brandom | June 9, 2017

Activists from Venezuela to Bahrain are falling victim to a devious new account hack, according to a report from the digital rights group Access Now. Called a “DoubleSwitch” attack, the hack begins with a simple account takeover, but is followed by a number of name changes designed to cover the attacker’s tracks and bewilder followers. Once a given twitter account (say @russellbrandom) has been taken over, DoubleSwitch attackers will move the existing account to a new screenname (say, @fake_russell) and then establish a new account at the original screenname, often using the same profile picture and display name. When the target attempts to recover their account, they’ll go to the original screenname, which is now registered to the hacker’s email. At the same time, they have no easy way to find the original account, now bearing the original recovery emails and followers under a different name. So far, the attack has hit hardest on Twitter. The Access report describes Milagros Socorro and Miguel Pizarro, a journalist and an activist respectively, both dealing with turbulent protests in Venezuela. In each case, hijackers took control of the target Twitter account, switched the username, and began spreading misinformation from a new account registered under the original screenname. Followers of the original account wouldn’t carry over to the impostor account, but the impersonation still creates significant confusion for anyone seeing the new account’s tweets. In one case, the hijackers even deleted the original account, making account recovery far more difficult.

Would You Infect Someone Else With Ransomware To Save Your Own Files?

Inc. | Joseph Steinberg | June 9, 2017

Ransomware – computer malware that locks or steals your files until you pay a ransom – has reached epidemic levels, infecting businesses, people, and even hospitals. Over the last few months, some of the criminals operating ransomware schemes have become even more sinister – in many cases not restoring victims’ access to their files even if ransoms are paid. Furthermore, some crooks have instituted a new policy that really “goes low” – they offer to restore your files for free if you infect at least two more people with the ransomware. One variant of such ransomware – known as “Popcorn Time” – attacks computers running various versions of Windows, and, after infecting them and encrypting files, offers victims’ two choices: Pay a ransom within a week (The ransom is usually 1 Bitcoin = approximately $2800) Or: Pay nothing, but infect two other people’s computers by sending them a malicious link that when clicked will install the ransomware. (The link includes a unique identifier so the crooks can track who gets to have his or her files decrypted for free.) Of course, intentionally attempting to infect someone else’s computer is both illegal and immoral, but criminals seem to believe that people will do so in order not to pay ransoms. And, of course, by requiring people to infect two people’s computers in order to get the decryption key that they need to regain their files, the crooks hope to double their reach and revenue. What should you do? By far, the best way to combat ransomware is to be proactive – protect yourself from getting infected in the first place. Practice good cyber hygiene, and backup your data often – keeping the backups disconnected physically and logically from the primary sources: if you somehow do get infected by ransomware, you do not want it to encrypt the backups as well.

Al Jazeera TV says it is combating hack, all entities operational: source

Reuters | Staff | June 8, 2017

Pan-Arab satellite network Al Jazeera is combating a large-scale cyber attack on its media platform, but all its entities remain operational, a company source said on Thursday. “There were attempts made on the cyber security of Al Jazeera but we are combating them and currently all our entities are operational,” said a senior employee who declined to be named. Al Jazeera is the flagship broadcaster for Qatar, which is in a stand-off with fellow Arab states which accuse it of ties to terrorism, in a row that is endangering stability in the region. Al Jazeera’s English- and Arabic-language channels and its websites appeared to be still functioning on Thursday after the network tweeted it was “under cyber attack on all systems, websites & social media platforms”. A later tweet said Doha-based media platforms were undergoing “continual hacking attempts”. It was the third reported hack of Qatari organizations in the last 14 months.

How Britney Spears’s Instagram Became Part Of A Malware Attack

Refinery29 | Madeline Buxton | June 8, 2017

Celebrity Instagram accounts are prey to all manner of bizarre comments that, strange as they may be — “LBs” and posts about shopping discounts, included — are usually harmless. But this was not the case for Britney Spears, whose account recently unwittingly became part of a malware attack. As reported by Popular Mechanics, one now deleted comment, added to a photo posted by Spears in January, was from the user asmith2155 (who is nonexistent on Instagram). It read: “#2hot make loved to her, uupss #Hot #X.” To most people, this looks like the random nonsense that’s standard fare for celebrity accounts. In reality, it was a hidden web address connected to malware. According to a report published this week by IT security firm ESET, the comment came from a cyber espionage group with malware known as Turla. The group has been suspected of having ties to the Russian state, and usually targets governments and diplomats. The way the malware works through the Instagram comment is complicated and involves multiple steps. “You first have to be infected with a particular Firefox add-on,” Marcus Moreno, a supervisor of threat research at cybersecurity company Webroot, told Refinery29. “Once infected with the add-on, the user will have to view the Britney Spears Instagram photo comments. There, the ‘#2hot’ comment left by a particular user will get interpreted [by the Firefox add-on] into a link.” Finally, that link connects back to the group’s server, completing the attack. While it’s concerning to see the malware hidden on Instagram, your chances of being affected by such an attack are low.

Cybersecurity insurance: A new answer to online crime

PCWorld | Violet Blue | June 8, 2017

Cybersecurity insurance has been gaining prominence over the past couple years across a variety of sectors. Now it’s poised to be the next big thing for consumers. For a barometer, look no further than American International Group Inc.’s newest consumer product called Family CyberEdge. According to AIG executives who spoke to press, it “offers coverage for expenses that arise from online bullying, extortion and other digital misdeeds.” They said Family CyberEdge would include “public relations and legal services, as well as at-home assessments of family electronic devices.” Before you get too excited about adding cyberstalking to your home or renter’s policy, know that AIG’s fancy cyberinsurance is meant for high net-worth individuals. Same goes for New York-based Pure Insurance, which launched its rich-people’s cyberinsurance product in 2015. According to press at the time, Pure’s offering came with a hefty price tag: “Through a partnership with Concentric Advisors, a Kirkland, Wash.-based cyber- and personal-security firm,” it was reported, “the insurer provides a one-day audit of home networks starting at $1,500.” For an additional “$500 to $3,000 monthly, it will monitor a client’s home-computer networks for intrusions.”

Move Over, Mirai: Persirai Now the Top IP Camera Botnet

Dark Reading | Jai Vijayan | June 8, 2017

The success of the massive Mirai botnet-enabled DDoS attacks of last year has spawned a lot of me-too malware designed to break into and exploit vulnerable Internet of Things devices. One such malware family that appears to have achieved more success than rivals is Persirai, a botnet malware targeting Internet Protocol (IP) cameras. Researchers from Trend Micro recently discovered Persirai targeting over 1,000 IP camera models based on multiple original equipment (OEM) products. Like other IoT malware, Persirai takes advantage of open Universal Plug and Play (UPnP) ports on IP cameras to infect them. Once on an IP camera, the malware is designed to connect to a command-and-control server and download software for launching DDoS attacks against specific targets. “Business users need to be aware that IoT devices like cameras are potential attack vectors,” says Mark Nunnikhoven, vice president of cloud research at Trend Micro. “Even if the device doesn’t have valuable data, it might be connected to valuable resources, like bandwidth, or provide access to internal networks.” One interesting feature of Persirai, according to Trend Micro’s research, is its ability to start infecting other IP cameras by exploiting three known vulnerabilities. One of the vulnerabilities allows attackers to bypass authentication and gain access to the administrative password, another allows for remote code execution, while the third lets an attacker with admin credentials deploy other malware on the device.

Sleeping giant, botnets pose threat as ransomware attacks decline

SC Magazine | Robert Abel | June 7, 2017

While ransomware attacks are making headlines and are even on the decline according to some reports, researchers warn botnets may soon pose a greater threat. Botnet operators are capable of using their malicious networks to execute virtually any task with a success rate of close to 100 percent, according to a June 7 ESET security blog post. These tasks could be anything from sending spam, distributing ransomware, carrying out DDoS attacks, or cheating advertising networks, or mining Bitcoin, all of which could change on a whim. The biggest threat botnets pose however, is the potential for its operators to encrypt every single computer within the botnet. Concerning an infected device, the botnet could attempt to break into the device owner’s bank account or steal any credentials it can glean from network traffic. Botnets are also becoming harder to detect to improve resiliency and have abandoned the simplest client-server model and have switched to the P2P (Peer-to-Peer) model where bots perform as both server and client, the report said. The Mirai botnet was a good example of the potential for truly frightening levels of damage that a botnet could carry out, ESET security researcher Lysa Myers told SC Media.

Russia’s attempt to hack US election officials, explained

Vox | Timothy B. Lee | June 6, 2017

Russia’s GRU intelligence agency attempted to hack the computers of voting officials across the country in the days before the 2016 presidential election, according to a top secret National Security Agency document that was leaked to the Intercept. The attacks focused on voter registration systems rather than voting machines themselves, so there’s no evidence that the Russian government directly changed anyone’s vote. But there’s also a lot we can’t tell from the report about what the Russians might have accomplished — and whether they could have altered the election result, directly or indirectly. We can speculate, though, on what the Russians could have done after they gained access to the election officials’ computers. For example, they could have deleted records for voters registered with one party to help candidates of the other party. Deleted voters would have still been able to vote, but they would have had to cast provisional ballots — a cumbersome process that could have discouraged some from casting their votes. Attackers could also have simply caused registration systems to crash in precincts that were likely to vote heavily for one candidate over the other. That could have caused delays and long lines that would suppress turnout in those precincts. At least one jurisdiction using EV Systems voting technology experienced serious glitches on election day: Durham, North Carolina. The voter registration system there malfunctioned, leading to long lines. Officials there say they don’t believe they were hacked — they say the problems they encountered appeared to be the result of user error. But Alex Halderman, a computer security expert at the University of Michigan, points out that if a sophisticated hacker were targeting American elections, it would do what it could to make any glitches appear to be accidents rather than deliberate sabotage.

Ponzi Scheme Meets Ransomware for a Doubly Malicious Attack

The New York Times | Sheera Frenkel | June 6, 2017

The first message to pop up on the computer screen let the victims know they had been hacked. The second message gave them a way out. The victim had a choice: Pay the hackers a ransom of one bitcoin, a digital currency worth roughly $2,365, in exchange for regaining access to the computer, or try to infect two new people on behalf of the attackers. If someone the victim knew fell for the bait and became infected, the attackers would consider the ransom paid and cede control of the infected computer. The attack late last year was, according to the cybersecurity researchers who discovered what they now call the Popcorn Time ransomware, the first Ponzi scheme for one of the internet’s oldest types of cyberattacks. Ransomware, a type of malicious software that infects a system and then holds it hostage, demanding a ransom for its release, is one of the most popular and lucrative ways to attack computers. Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool MAY 12, 2017

Security companies estimate that criminals raked in roughly $1 billion from ransomware attacks in 2016. This year, the number is likely to be much higher, as ransomware schemes multiply. One strain, WannaCry, made global headlines last month by infecting hundreds of thousands of computers in 74 countries in about a day. The scheme has become more successful as more of what we do goes online, from business client lists to family photos. With the click of a button, an entire system can be infected. With another click, criminals can wipe information from a computer or expose it to the public. It all depends on what commands a bigger ransom: losing information or exposing it. Security researchers warn that WannaCry, which exploited a wide-ranging vulnerability in Windows systems and then used a clever mechanism to spread itself across new systems, is just the tip of the iceberg.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About DomainTools
DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at
Promoted Content
The Distribution of Malicious Domains
In our previous reports, we profled malicious domains by describing patterns in theirregistration details: top level domain (TLD), free email provider, Whois privacy provider, andhosting location. In this edition, we compared the distributions of malicious domains vs neutraldomains across a measure of age (both of the domain and of the name server domain) anda measure of the entropy of the domain name. We also examined malicious domains acrossregistrars to fnd additional clues as to how and when these domains were registered.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?