OTX Snapshot and top Threat Intelligence headlines from the last month

November 14, 2013 | Jaime Blasco
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

It's that time again: time to wrap up some of the top research findings and headlines about Internet security threats that intrigued the AlienVault Labs team in October.

October was as busy a month for security news as ever; it even went mainstream in national press with Adobe having at least 38 million accounts being breached. Having been immersed in the infosec community for quite a few years now, it’s been interesting to see how threats and the issues they bring with them are not just for a limited audience anymore; rather they are becoming part of everyday life. In the interest of sharing what we think have been the most noteworthy news stories for our community, here are the top picks from the AlienVault Labs team this month:

Microsoft Office Zeroday used to attack Pakastani targets

As we reported in our blog last week, Microsoft released a security advisory about a new Microsoft Office vulnerability being exploited in the wild. The vulnerability affects Office 2003/2007 and Office 2010 only running on Windows XP/2003.

Ransomware accepts Bitcoin as a payment method

Known as Cryptolocker, this ransomware has been around for a few months and it is one of the first to accept Bitcoins. This threat uses public crypto, so it is virtually impossible to recover your files once they have been taken ransom. However - in theory - once you pay, the attacker will send you a private key so you can recover your files. Our advice: You should never pay to release your files. Clean your computer with an anti-virus tool and use your back-ups. Look for help and IT assistance, or even contact your local authorities.

Israeli tunnel hit by cyber attack

While the origins are unclear, this attack on the Carmel Tunnels in Haifa is one of the most sophisticated seen to date and is an example of how a targeted attack can affect physical infrastructure. In this case, it appears hackers managed to close down the tunnel for two days by a computer Trojan horse that accessed the CCTV network.

Blackhole exploit kit author arrested

Blackhole has dominated the crimeware market in recent years, but now we are seeing other exploit kits being used more and more as, since the arrest, the authors have not been able to update the exploit kit to avoid detection. The upshot of this is that, although cyber criminals are still using Blackhole, the detection rate is increasing. It is our hope that, eventually, it will start to die out in the wild as it stops evolving.

PHP.net compromised

Here, the attackers were able to compromise the infrastructure used by PHP.net and research revealed malware, which had modified the Javascript and spread it to try and infect visitors. We traced this to the Magnitude/Popads exploit kit. In fact, our OTX system flagged that IP address a few days before as a harmful server due to the serving of Exploit Code. The site was down for about 24 hours and an infection of the website may have led to drive-by downloads for visitors.

But it's not just about the news; at AlienVault, we collect our own data from the Open Threat Exchange (OTX) in order to share the findings and keep "the good guys" one step ahead. Here are the latest findings:

OTX Snapshot: Top Exploits Detected

OTX Snapshot: Top Malicious Filetypes

OTX Snapshot: Top Malware Detected

OTX Snapshot: Top Countries by Number of Malicious IPs

Visit OTX to learn more about how you can benefit from collaborative threat intelligence.

Jaime Blasco

About the Author: Jaime Blasco
Jaime Blasco is a renowned Security Researcher with broad experience in network security, malware analysis and incident response. At AlienVault, Jaime leads the Lab Intelligence and Research team that leads the charge of researching and integrating threat intelligence into detection mechanisms. Prior to working at AlienVault he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. He is based in San Francisco. Jaime's work in emerging threats and targeted attacks is frequently cited in international publications such as New York Times, BBC, Washington Post and Al Jazeera.
Read more posts from Jaime Blasco ›

TAGS:

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL