Friday Five: 8/11 Edition
It's Friday! Catch up on the latest infosec headlines with this week's news roundup.
British cybersecurity researcher Marcus Hutchins, who was responsible for finding the kill switch for WannaCry, was arrested at DEF CON for alleged involvement in the malware Kronos, which targeted bank accounts. If found guilty, Hutchins could face up to 40 years in prison. The cybersecurity community has been offering its support to Hutchins, with one expert saying he would stop collaborating with law enforcement. Hutchins was accused of creating and selling Kronos in 2015, but malware researcher Jake Williams, who had worked on a project with Hutchins at that time, says things don’t add up and that Hutchins is a “good guy”. Not only did he not accept payment from Williams for the project but he also donated his $10,000 reward for his role in stopping WannaCry to charity. The US justice department has not provided extensive evidence against Hutchins and prosecutors will have to show he sold Kronos with intent to further crime. For more information, read the full article.
2. Leaked email from HBO hacker shows network offered $250,000 payoff as 'bug bounty' by Jason Murdock
The hacker responsible for the HBO breach that resulted in stolen scripts, shows, and employee information (including Game of Thrones spoilers) reportedly received an email from an HBO employee offering a $250,000 payoff as a “bug bounty”. HBO first confirmed the breach July 31st, four days after the employee had sent out the bounty email. An inside source to HBO says that the email was used as a stalling tactic to figure out the extent of the attack. However, on August 8th, the hacker had sent a video message to HBO CEO Richard Pepler demanding millions of dollars and later released 3.4GB worth of files, which including company emails. Read the full article on IB Times.
The official Google Play store and other third-party app stores have been flooded by over 1,000 spyware apps. These spyware apps infect devices with SonicSpy, a malware that can record calls, take photos, make calls, send text messages, and monitor call logs, contacts, and information about wi-fi access points. The application is used as a messaging app for Android users, while stealing and transferring user information to a command and control server. There have been three versions of the spyware apps discovered with one version having been downloaded between 1000-5000 times, though it's unclear how many people have actually been affected. The developer of Soniac, one of the apps that was on Google Play, is presumed to be Iraqi and there were references to Iraq in SonicSpy's code. Head over to ZDNet for the full story.
4. Steganography attacks - using code hidden in images – increasing by Rene Millman
Security researchers are finding an upwards trend in attacks using steganographic techniques, which use images to conceal data and code. These malware operations have been aimed at cyber-espionage and stealing financial information. As of now, the security industry has not found a way to detect the data exfiltration. Manual analysis is an option but is limited to only a number of images a day per security analyst. Thomas Fischer, threat researcher and security advocate at Digital Guardian, comments that steganography poses such a threat because it requires advanced image analytics that may not be allocated in security budgets. For more, read the full article.
TalkTalk, which received a £400K penalty after their major data breach that exposed personal information of more than 156,000 customers, was recently fined £100K by the ICO for breaching the Data Protection Act and allowing Wipro employees to access data of 25,000-50,000 TalkTalk customers. TalkTalk was first made aware of the issue in 2014 but failed to utilize “least privilege” best practices and waited too long to tighten their security protocols. As a result several TalkTalk customers received spam phone calls impersonating tech support personnel. Real the full article on Infosecurity Magazine.