It's that time again: time to wrap up some of the top research findings and headlines about Internet security threats that intrigued the AlienVault Labs team in October.
October was as busy a month for security news as ever; it even went mainstream in national press with Adobe having at least 38 million accounts being breached. Having been immersed in the infosec community for quite a few years now, it’s been interesting to see how threats and the issues they bring with them are not just for a limited audience anymore; rather they are becoming part of everyday life. In the interest of sharing what we think have been the most noteworthy news stories for our community, here are the top picks from the AlienVault Labs team this month:
Microsoft Office Zeroday used to attack Pakastani targets
As we reported in our blog last week, Microsoft released a security advisory about a new Microsoft Office vulnerability being exploited in the wild. The vulnerability affects Office 2003/2007 and Office 2010 only running on Windows XP/2003.
Ransomware accepts Bitcoin as a payment method
Known as Cryptolocker, this ransomware has been around for a few months and it is one of the first to accept Bitcoins. This threat uses public crypto, so it is virtually impossible to recover your files once they have been taken ransom. However - in theory - once you pay, the attacker will send you a private key so you can recover your files. Our advice: You should never pay to release your files. Clean your computer with an anti-virus tool and use your back-ups. Look for help and IT assistance, or even contact your local authorities.
Israeli tunnel hit by cyber attack
While the origins are unclear, this attack on the Carmel Tunnels in Haifa is one of the most sophisticated seen to date and is an example of how a targeted attack can affect physical infrastructure. In this case, it appears hackers managed to close down the tunnel for two days by a computer Trojan horse that accessed the CCTV network.
Blackhole exploit kit author arrested
Blackhole has dominated the crimeware market in recent years, but now we are seeing other exploit kits being used more and more as, since the arrest, the authors have not been able to update the exploit kit to avoid detection. The upshot of this is that, although cyber criminals are still using Blackhole, the detection rate is increasing. It is our hope that, eventually, it will start to die out in the wild as it stops evolving.
PHP.net compromised
Here, the attackers were able to compromise the infrastructure used by PHP.net and research revealed malware, which had modified the Javascript and spread it to try and infect visitors. We traced this to the Magnitude/Popads exploit kit. In fact, our OTX system flagged that IP address a few days before as a harmful server due to the serving of Exploit Code. The site was down for about 24 hours and an infection of the website may have led to drive-by downloads for visitors.
But it's not just about the news; at AlienVault, we collect our own data from the Open Threat Exchange (OTX) in order to share the findings and keep "the good guys" one step ahead. Here are the latest findings:
OTX Snapshot: Top Exploits Detected
OTX Snapshot: Top Malicious Filetypes
OTX Snapshot: Top Malware Detected
OTX Snapshot: Top Countries by Number of Malicious IPs
Visit OTX to learn more about how you can benefit from collaborative threat intelligence.
