Friday Five: 7/22 Edition
It's Friday! Catch up on the top infosec headlines with our weekly news roundup.
1. CryptXXX Ransomware Now Hijacking Websites of Businesses to Infect Unsuspecting Users by India Ashok
Legitimate websites of businesses are being hijacked and serving CryptXXX ransomware to users. A botnet that goes by the name of SoakSoak is most likely behind the CrpytXXX campaign. When hijacking these websites, the SoakSoak botnet rooted a malicious code that led the users on the business websites to websites with malware. This malware is commonly sold on the dark web site known as the Neutrino Exploit Kit. To learn more about this destructive malware, read the full article on International Business Times.
Turkey blocked access to WikiLeaks after the website published emails from Turkey’s ruling political party, according to the censorship group, Turkey Blocks. WikiLeaks released 294,548 emails from President Recep Tayyip Erdoğan’s party AKP. This leak has come after the Turkish government faced a failed military coup which resulted in 50,000 soldiers, police, judges, and teachers being detained. Unfortunately, political hacks are not a new fad, and many government data breaches have occurred over the past few years, including the U.S. Office of Personnel Management breach and the Mexican voter database leak. For more information, read the full article on Motherboard.
3. Delilah Malware Secretly Taps Webcam, Blackmails and Recruits Insider Threat Victims by Darlene Storm
Delilah is the first malware that uses a webcam to blackmail its victims. People who visit popular adult or gaming sites and have a webcam, are being blackmailed by Delilah. Currently, Delilah is only being shared among “closed” criminal hacker groups and is not being sold on the dark web. Once Delilah has infected a device, it hides and lurks until it knows your secrets. This malware gathers your personal information and uses it to manipulate the victim into divulging secrets about the company. For more information on this new malware, read the full article on ComputerWorld.
The Lurk Trojan disappeared at the beginning of June with the arrest of the Lurk group in Russia. Now, experts believe that the Trojan was spread through legitimate sites including the Ammy website, where the company distributes its free remote desktop software. Many of the Lurk victims were found to have the Ammyy admin installed on their computers, indicating that the Trojan was downloaded with the software. Learn more about the ways in which Lurk has spread and whether or not you are at risk in SC Magazine's original article.
5. Avoid Letting Hackers Win the Gold By Stealing Your Data During the Summer Olympics by Ellen Chang
The 2016 Rio Olympics are just around the corner, and there has already been an increase in related malvertising and spear-phishing attacks. Criminals use the same branding schemes to imitate official Olympic channels in an attempt to scam the public. Like other large global sporting events, the Olympics have continued to serve as a source of noteworthy stories, which can be manipulated for fraudulent purposes. Check out the original article for tips on how to keep yourself safe from cybercriminals.