The Monday Media Wrap Up

Share and earn Cybytes
Facebook Twitter LinkedIn Email

DomainTools | January 23, 2017

Minecraft linked to Mirai botnet web attacks

Newsweek | Anthony Cuthbertson | January 20, 2017

A security expert has linked the popular computer game Minecraft to the most powerful cyberattacks on the internet that took place through the so-called Mirai botnet in 2016. Security researcher Brian Krebs was one of the victims of Mirai, the botnet behind a series of devastating attacks on the internet. After his website was knocked offline by the attack, he spent “hundreds of hours” investigating the botnet. “If you’ve ever wondered why it seems that so few internet criminals are brought to justice, I can tell you that the sheer amount of persistence and investigative resources required to piece together who’s done what to whom (and why) in the online era is tremendous,” Krebs wrote in a blogpost on January 17. In October, the botnet knocked dozens of major websites offline, including Twitter, Reddit and Netflix, and in November there were further attacks on Russian banks. Mirai works by scanning the internet looking for particular kinds of devices that have an open communication channel—known as a port—through which it can deliver its infection. Most of these devices are part of the Internet of Things (IoT), meaning unsecured items such as webcams, smart fridges and automated heating systems. According to research by the security firm BullGuard, up to 185 million devices may be at risk of being compromised by Mirai.

St. Louis’ public library computers hacked for ransom

CNN | Jose Pagliery | January 19, 2017

Hackers have infected every public computer in the St. Louis Public Library system, stopping all book borrowing and cutting off internet access to those who rely on it for computers. The computer system was hit by ransomware, a particularly nasty type of computer virus that encrypts computer files. This form of attack renders computers unusable — unless victims are willing to pay an extortion fee and obtain a key to unlock the machines. According to the library, hackers demanded $35,000 in the electronic currency Bitcoin — but the library refuses to pay. Instead, it’ll wipe the entire computer system and reset it, which could take days or weeks. The cyberattack hit 700 computers at all of the city’s 16 library branches, according to spokeswoman Jen Hatton. The entire checkout system is on hold. No one can walk out with any of the library’s 4 million books, magazines and videos. And all computers are frozen, she said. The city’s libraries are overwhelmingly used by school children and the city’s poorer residents. “For many of our patrons, we’re their only access to the internet,” Hatton said. “This is their only access to a computer. Some of them have a smartphone, but they don’t have a data plan. They come in and use the WiFi.” According to the library, the criminals managed to infect a centralized computer server, destroying the staff’s email system as well.

That critical “ImageTragick” bug Ars warned you about? It cost Facebook $40k

Ars Technica | Dan Goodin | January 18, 2017

Last May, Ars reported that a critical vulnerability in a widely used image-processing application left a huge number of websites open to attacks that allowed hackers to execute malicious code on the underlying servers. More than five months later, Facebook paid a $40,000 bounty after discovering it was among those at risk. On Tuesday, researcher Andrey Leonov, said he was able to exploit the vulnerability in the ImageMagick application by using a tunneling technique based on the domain name system that bypassed Facebook firewalls. The firewalls had successfully protected against his earlier exploit attempts. Large numbers of websites use ImageMagick to quickly resize images uploaded by users. “I am glad to be the one of those who broke the Facebook,” Leonov wrote in a blog post that gave a blow-by-blow account of how he exploited the ImageMagick vulnerability. Two days after the researcher privately shared the exploit with Facebook security personnel, they patched their systems. Ten days after that, they paid Leonov $40,000, one of the biggest bounties Facebook has ever paid.

Do you have a cyber A-team?

CSO | Jeremy King | January 18, 2017

Companies of all sizes should ask themselves: do we have a real cyber A-team of executives and outside experts? Companies should strongly consider re-evaluating their approach to risk management and cyber defense and be more vigilant in making cyber a priority. In short, the cumulative risk equation – the combination of threat, vulnerability and impact – arguably is growing in magnitude, but most certainly in complexity. Today, virtually everyone is playing a high-stakes catch-up game. A survey from Ponemon Institute and Fidelis shows a lack of trust, limited visibility and knowledge gaps between boards, C-Suite and IT security professionals. The survey asked more than 650 board members and IT security professionals (mainly CIOs, CTOs and CISOs) for their perspectives regarding board member knowledge and involvement in cybersecurity governance. Among their findings: 59 percent of board members believe their organizations’ cybersecurity governance practices are very effective, while only 18 percent of IT security professionals believe the same. This underscores the gap in understanding, communicating and acknowledging the threat landscape.

The war for cybersecurity talent hits the Hill

Computerworld | Matt Hamblen | January 17, 2017

Many analysts and business leaders believe there is a severe need for qualified cybersecurity professionals in the U.S., something that has caught the eye of at least one key congressman. U.S. House Homeland Security Committee Chairman Michael McCaul (R-Texas) on Wednesday said more needs to be done to address the cybersecurity labor shortage. “I agree 110% that we need to strengthen the workforce” of cybersecurity professionals, McCaul said during a meeting with reporters at the National Press Club. McCaul was referring not only to cybersecurity workers needed for U.S. government agencies, but also for U.S. businesses that control the nation’s critical infrastructure, including the electric grid and electronic healthcare records. “Eighty percent of the malicious codes are in the private sector,” he said. The need to fill cybersecurity jobs has been top of mind recently because of cyber exploits like the two massive Yahoo breaches announced late last year. Also, intelligence community revelations that Russia tried to influence the U.S. elections with various cyber-exploits have galvanized some U.S. lawmakers, including McCaul. Several experts have estimated the workforce shortage of cybersecurity workers in the U.S. — across multiple job titles — currently at 300,000 or more. The most recently available analysis, from the U.S. Bureau of Labor Statistics, said the shortage of such workers in 2015 reached 209,000. Globally, the shortfall of cybersecurity professionals is expected to reach 1.5 million by 2020, according to data published by the National Institute of Standards and Technology. Despite such dire projections, there is at least one contrary point of view. A DHS official said in a blog post in November that the cybersecurity skills shortage is a myth.

Can a DDoS attack on be a valid protest?

PCWorld | Michael Kan | January 17, 2017

When Donald Trump is inaugurated as the U.S. President on Friday, Juan Soberanis intends to protest the event—digitally. His San Francisco-based protest platform is calling on Americans to oppose Trump’s presidency by visiting the site and overloading it with too much traffic. In effect, he’s proposing a distributed denial-of-service attack, an illegal act under federal law. But Soberanis doesn’t see it that way. “It’s the equivalent of someone marching on Washington, D.C,” he said on Monday. “Civil disobedience has been part of the American democratic process.” Soberanis’s call to action is raising eyebrows and highlights the isssue of whether DDoS attacks should be made a legitimate form of protest. Under the Computer Fraud and Abuse Act, sending a command to a protected computer with the intent to cause damage can be judged a criminal offense. But that hasn’t stopped hacktivists and cyber criminals from using DDoS attacks to force websites offline. In 2013, the U.S. charged 13 people affiliated with the hacktivist group Anonymous for launching DDoS attacks on government entities, trade groups and law firms. Typically, hackers launch such attacks by using several servers, or huge numbers of infected PCs called botnets, to flood their targets with an overwhelming amount of traffic.

Report: Attacks based on open source vulnerabilities will rise 20 percent this year

CSO | Maria Korolov | January 17, 2017

As open source code becomes more prevalent in both commercial and home-grown applications, the number of attacks based on its vulnerabilities will increase by 20 percent this year, predicted Black Duck Software, which collects statistics about open source projects. The number of commercial software projects that were composed of 50 percent or more of free, open source software went up from 3 percent in 2011 to 33 percent today, said Mike Pittenger, vice president of security strategy at Black Duck Software. The average commercial application uses more than 100 open source components, he said, and two-thirds of commercial applications have code with known vulnerabilities in it. Worst of all, there’s often no way for buyers to know what open source components are in the software they’re buying.

This Gmail Phishing Attack Is Fooling Even Savvy Users

Forbes | Lee Mathews | January 16, 2017

There’s a new phishing campaign targeting Gmail users. Security researchers say that it’s highly effective and that even experienced, tech-savvy users are being tricked by it. Whoever is behind this campaign is either employing a team that’s ready to pounce on newly-compromised accounts or their code includes some fairly sophisticated automation features. As soon as a victim submits a password, the criminals log in to the victim’s Gmail account. Once they’re in, they start gathering information to launch secondary attacks. They’re after a couple things. First, they’ll look for an attachment that the victim has previously sent to his or her contacts and a relevant subject line from an actual sent email. Then they’ll start gathering up contact email addresses. Those contacts become the new targets, which is a big part of what makes this attack so effective. The phishing emails are coming from someone the victim knows. The fraudsters send over a message with a thumbnailed version of the attachment. When clicked, it doesn’t open the Gmail previewer. Instead, a convincing Gmail login box is displayed. It’s a trap.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About DomainTools
DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at
Promoted Content
The Distribution of Malicious Domains
In our previous reports, we profled malicious domains by describing patterns in theirregistration details: top level domain (TLD), free email provider, Whois privacy provider, andhosting location. In this edition, we compared the distributions of malicious domains vs neutraldomains across a measure of age (both of the domain and of the name server domain) anda measure of the entropy of the domain name. We also examined malicious domains acrossregistrars to fnd additional clues as to how and when these domains were registered.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?