Monday, March 07, 2016
Shocking! I thought everyone loved India.
Indian Officials Under a Barrage of Ongoing Cyber-Attacks
Named Operation Transparent Tribe, this campaign was first detected on February 11, 2016, when Proofpoint's security team was alerted by two different spear-phishing emails received by officials at the Indian embassies in Saudi Arabia and Kazakhstan, both sent from the same IP address.
This convinced Proofpoint researchers to take a closer look at the emails, and they're now saying in their most recent report that this attack is part of a larger operation that has targeted a large number of Indian officials, not just embassy employees.
… The threat group behind this attack is using spear-phishing emails that contain casual news snippets that are of interest for their targets, usually current news stories.
The links in these malicious emails redirect victims to various sites where the group carries out watering hole attacks, or sometimes have directly linked to applications that eventually infect the victim with a new RAT (Remote Access Trojan) which Proofpoint has named MSIL/Crimson.
Despite being a newly discovered threat, this RAT is quite an advanced cyber-espionage tool, capable of stealing various types of data from the local computer and sending it to a C&C server.
MSIL/Crimson can collect data through keyloggers, take screenshots of the desktop, record audio and video via the microphone and webcam, and of stealing data from email clients.
Proofpoint has not managed to identify who is behind this threat, but this may be because they don't have enough data to look at. In an interview with Threat Post, Kevin Epstein, VP of Proofpoint's threat operations center says that this campaign is still going on as we speak.
'Tis the season!
It used to be that in February and March, we’d see a number of reports of breaches involving employees’ W-2 tax statements that were due to printing or mailing errors. This year, we’re seeing reports of W-2 data theft via phishing.
Because a W-2 form provides the employee’s name, Social Security number, address, and earnings information for the year with how much had been deducted for taxes, etc. – as well as the employer’s name and address – it provides everything criminals need to engage in tax refund fraud.
Just in the past week alone, I’ve reported on incidents involving AmeriPride, Actifio, Evening Post Industries, Main Line Health, one at Mansueto Ventures impacting employees of Inc., and Fast Company, City of Hope, and one at GCI impacting all employees of GCI, Denali Media, UUI and Unicom.
Now add Seagate to the list. Brian Krebs reported the breach yesterday. The company has not revealed how many employees have been impacted.
And those are just the ones found in my online searching this past week. There are likely more that are being discovered or first reported that we’ll learn about in time.
That’s a lot of potential new tax refund fraud victims.
Perhaps because it is so easy to do?
Apple shuts down first-ever ransomware attack against Mac users
The incident is believed to be the first Apple-focused attack using ransomware, which typically targets computers running Windows.
… Security company Palo Alto Networks wrote on Sunday that it found the "KeRanger" ransomware wrapped into Transmission, which is a free Mac BitTorrent client.
Transmission warned on its website that people who downloaded the 2.90 version of the client "should immediately upgrade to 2.92."
Not smoking gun, but lots of simmering dumb.
Sanders tops 2016 field in newly deleted tweets
Democratic hopeful Bernie Sanders tops the list, with 58 deletions from January to March 4. In many of those cases, though, he just deleted retweets of others' social media posts. On the GOP side, John Kasich tops the list, with 31, ahead of the race's front-runner, Donald Trump, who has 28 deletions.
… Trump deleted a tweet accusing Ted Cruz of employing illegal tactics in the Iowa caucuses.
… A review of the archive over the past month shows the press took notice of most bombshell deletions almost instantly, as the intense scrutiny on this year's candidates carries over to social media.
… There are no set rules for campaigns to follow when deleting tweets, but digital operatives say there are best practices.
Deleting typos is the most frequent reason, and excusable, they say.
When a staffer accidentally sends a tweet from a boss's account, experts recommend quick deletion and acknowledgement of the mistake.
Too many self-imposed restrictions to succeed?
Peeple, the notorious "Yelp for people" app, arrives
It generated controversy and criticism when word of it first broke back in October, even though Peeple, a people-rating mobile app that was likened to being the "Yelp for people," hadn't launched yet. Now, after a number of tweaks to the concept, the people-rating app has finally arrived.
Starting today, Peeple is available to download for free for iPhones or iPads. The app, which was created by two friends in Calgary, Canada, allows users to rate other users in three categories: personal, professional, and romantic.
… However, the idea of people posting "reviews" of their neighbors, coworkers, dates and others prompted outrage from critics who saw its potential for abuse as an outlet for bullying or cyber revenge.
… Perhaps in response to that round of criticism last fall, the Peeple app going public today will not allow users to rate others without their permission