Security News Bytes (Aug Sept 2017)

Apurv Singh Gautam
Apurv Singh GautamSecurity Researcher | Threat Intelligence | Cybersecurity@GeorgiaTech
Security News Bytes
BY - APURV SINGH GAUTAM
WireX Android DDoS Botnet
• Security Researchers have uncovered a new, widespread botnet
• WireX detected as “Android Clicker”, includes Android devices running one of the
thousands malicious apps installed from Google Play store
• It is designed to conduct massive application layer DDoS attacks
• It has infected 120,000 Android smartphones by this month.
• Researchers noticed massive DDoS attacks (primarily HTTP GET requests) originated
from more than 70,000 infected mobile devices from over 100 countries
• There are more than 300 malicious apps on Google Play which include the malicious
WireX code.
• You can be protected if you have a newer version of Android that include Google Play’s
Protect feature, the company will automatically remove WireX apps from your device.
• Google removed around 500 Android apps utilising the rogur SDK that secretly
distribute spywares to the users.
Email Address exposed from SpamBot Server
• 630 million email addresses used by a spambot to send large amounts of spam
• Hosted in Netherlands and stored without any access
• Used to send out spam and spread a banking trojan called Ursnif
Wikileaks Website Defaced by OurMine
• The notorious hacking group is known for breaching high-profile figures and companies’
social accounts
• Including Facebook CEO Mark Zuckerberg, Twitter CEO Jack Dorsey, Google CEO Sundar
Pichai, HBO, Game of Thrones, etc.
• There is no sign of WikiLeaks servers and website been compromised instead their
website has been redirected to a hacker-controlled server using DNS poisoning attack.
• Soon WikiLeaks recovered their website.
Security News Bytes (Aug Sept 2017)
Instagram Data Breach
• Hackers gained email addresses and phone numbers of many high-profile users.
• The flaw resides in Instagram’s application programming interface (API), which the
service uses to communicate with other apps.
• The Instagram’s mobile API contains flaw specifically in the password reset option,
which exposed mobile numbers and email addresses of the users in JSON response
• Instagram declined to name the high-profile users targeted in the breach
• The hacker name was unknown
• No account password were exposed
AngelFire CIA Malware
• Used by CIA to gain persistent remote access on Windows
• It does so by modifying its partition boot sector
• It modifies the partition boot sector to load and execute Wolfcreek every time the
system boots up
• It contains a self loading driver that loads other drivers and user-made applications
• It also has a covert file system that attempts to install itself in non-partitioned space
available on the targeted computer
• AngelFire needs administrative privileges on a target computer for successful
installation
• It has variants in 32-bit version as well as 64-bit version
Locky Ransomare
• Emails are being sent containing Locky ransomware
• Around 23 million messages have been sent in 24 hours
• The emails set out in the attack were extremely vague with subjects such as “please
print”, “documents”, “images”, etc.
• The email comes with a zip attachment that contains a Visual Basic Script (VBS) file
need inside a secondary ZIP file
• Once opened the VBS installs the ransomware and encrypts all the files
• The malware displays a ransomware message on the victim's desktop that instructs the
victim to download and install Tor browser and visit the attacker's site for further
instructions and payments
• The ransomware demands sum of 0.5 Bitcoin from victims to pay for a “Locky
decryptor” in order to get their files back.
Tiranga Data Breach
• A popular social networking site geared towards Latin American users (just like Reddit)
• Users create and share thousands of posts every day on general topics like life hacks,
tutorials, recipes, reviews and art
• According to LeakBase (breach notification service), 28,722,877 accounts which
includes usernames, email addresses and hashed passwords for Tiranga was obtained
by hackers
• Hashed passwords use an ageing algorithm called MD5 which is somewhat outdated so
it will be easy for hackers to unhash it.
Security News Bytes (Aug Sept 2017)
Dolphin Attack: Controlling Siri, Alexa and more
• Dolphin attack works by feeding the AI assistants commands in ultrasonic frequencies,
which are too high for humans to hear but are perfectly audible to the microphones
• Cyber criminals can silently whisper commands to hijack Siri or Alexa and could force
them to open malicious apps
• It can be used to visit malicious website, spying, injecting fake information and much
more
Thank You
1 of 14

Recommended

NewsByte Mumbai October 2017 by
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017chauhananand17
45 views16 slides
NewsBytes - Nullhyd by
NewsBytes - Nullhyd NewsBytes - Nullhyd
NewsBytes - Nullhyd n|u - The Open Security Community
684 views21 slides
DDOS ATTACK - MIRAI BOTNET by
DDOS ATTACK - MIRAI BOTNET DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET Sukhdeep Singh Sandhu
241 views22 slides
Null hyderabad - October Newsbytes by
Null hyderabad - October NewsbytesNull hyderabad - October Newsbytes
Null hyderabad - October Newsbytesn|u - The Open Security Community
685 views12 slides
News Bytes - December 2015 by
News Bytes - December 2015News Bytes - December 2015
News Bytes - December 2015n|u - The Open Security Community
657 views17 slides
IoT Lock Down - Battling the Bot Net Builders by
IoT Lock Down - Battling the Bot Net BuildersIoT Lock Down - Battling the Bot Net Builders
IoT Lock Down - Battling the Bot Net BuildersAdam Englander
218 views31 slides

More Related Content

What's hot

Wirelurker by
WirelurkerWirelurker
Wirelurkeranupriti
1.1K views24 slides
Regin by
ReginRegin
Reginanupriti
1.4K views35 slides
Weaponizing Intelligence: Interdiction in Today’s Threat Landscape by
Weaponizing Intelligence:  Interdiction in Today’s Threat LandscapeWeaponizing Intelligence:  Interdiction in Today’s Threat Landscape
Weaponizing Intelligence: Interdiction in Today’s Threat LandscapePriyanka Aash
289 views38 slides
hacking ,bluetooth by
hacking ,bluetoothhacking ,bluetooth
hacking ,bluetoothThrivikram Lycan
692 views20 slides
How to stay protected against ransomware by
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
2.4K views39 slides
Hacking by Pratyush Gupta by
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush GuptaTenet Systems Pvt Ltd
732 views29 slides

What's hot(20)

Wirelurker by anupriti
WirelurkerWirelurker
Wirelurker
anupriti1.1K views
Regin by anupriti
ReginRegin
Regin
anupriti1.4K views
Weaponizing Intelligence: Interdiction in Today’s Threat Landscape by Priyanka Aash
Weaponizing Intelligence:  Interdiction in Today’s Threat LandscapeWeaponizing Intelligence:  Interdiction in Today’s Threat Landscape
Weaponizing Intelligence: Interdiction in Today’s Threat Landscape
Priyanka Aash289 views
How to stay protected against ransomware by Sophos Benelux
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
Sophos Benelux2.4K views
The EU Data Protection Regulation and what it means for your organization by Sophos Benelux
The EU Data Protection Regulation and what it means for your organizationThe EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organization
Sophos Benelux628 views
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux... by Edureka!
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Edureka!788 views
Ransomware- What you need to know to Safeguard your Data by Inderjeet Singh
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your Data
Inderjeet Singh3.9K views
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker by Dan Vasile
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Vasile8.1K views
How to Protect Your Organization from the Ransomware Epidemic by Tripwire
How to Protect Your Organization from the Ransomware EpidemicHow to Protect Your Organization from the Ransomware Epidemic
How to Protect Your Organization from the Ransomware Epidemic
Tripwire1.6K views
Newsbytes_NULLHYD_Dec by Raghunath G
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_Dec
Raghunath G314 views
Advantage Technology - Ransomware and the NIST Cybersecurity Framework by Jack Shaffer
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Jack Shaffer470 views
NormShield Cyber Threat & Vulnerability Orchestration Overview by NormShield, Inc.
NormShield Cyber Threat & Vulnerability Orchestration OverviewNormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield, Inc.1.3K views
Developing secure mobile apps by Alexandru Catariov Endava by Moldova ICT Summit
Developing secure mobile apps by Alexandru Catariov EndavaDeveloping secure mobile apps by Alexandru Catariov Endava
Developing secure mobile apps by Alexandru Catariov Endava

Similar to Security News Bytes (Aug Sept 2017)

Protection from hacking attacks by
Protection from hacking attacksProtection from hacking attacks
Protection from hacking attacksSugirtha Jasmine M
160 views50 slides
I haz you and pwn your maal by
I haz you and pwn your maalI haz you and pwn your maal
I haz you and pwn your maalHarsimran Walia
603 views61 slides
Hacking your Android (slides) by
Hacking your Android (slides)Hacking your Android (slides)
Hacking your Android (slides)Justin Hoang
3.2K views51 slides
Cloud Security Engineering - Tools and Techniques by
Cloud Security Engineering - Tools and TechniquesCloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesGokul Alex
1K views127 slides
AtlSecCon 2016 by
AtlSecCon 2016AtlSecCon 2016
AtlSecCon 2016Earl Carter
193 views57 slides
Botnets Attacks.pptx by
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptxMuhammadRehan856177
5 views38 slides

Similar to Security News Bytes (Aug Sept 2017)(20)

Hacking your Android (slides) by Justin Hoang
Hacking your Android (slides)Hacking your Android (slides)
Hacking your Android (slides)
Justin Hoang3.2K views
Cloud Security Engineering - Tools and Techniques by Gokul Alex
Cloud Security Engineering - Tools and TechniquesCloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and Techniques
Gokul Alex1K views
Mobile platform security models by G Prachi
Mobile platform security modelsMobile platform security models
Mobile platform security models
G Prachi1.2K views
Cyber espionage - Tinker, taylor, soldier, spy by b coatesworth
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
b coatesworth3.1K views
Hacking your Droid (Aditya Gupta) by ClubHack
Hacking your Droid (Aditya Gupta)Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)
ClubHack4.6K views
Lacework | Top 10 Cloud Security Threats by Lacework
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security Threats
Lacework879 views
Entrepreneurship & Commerce in IT - 11 - Security & Encryption by Sachintha Gunasena
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Sachintha Gunasena394 views

More from Apurv Singh Gautam

Automating Threat Hunting on the Dark Web and other nitty-gritty things by
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsAutomating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsApurv Singh Gautam
919 views36 slides
Threat Hunting on the Dark Web by
Threat Hunting on the Dark WebThreat Hunting on the Dark Web
Threat Hunting on the Dark WebApurv Singh Gautam
210 views28 slides
All about Cyber Security - From the perspective of a MS student by
All about Cyber Security - From the perspective of a MS studentAll about Cyber Security - From the perspective of a MS student
All about Cyber Security - From the perspective of a MS studentApurv Singh Gautam
216 views28 slides
SIT Summer School (Cyber Security) by
SIT Summer School (Cyber Security)SIT Summer School (Cyber Security)
SIT Summer School (Cyber Security)Apurv Singh Gautam
147 views60 slides
Cyber Security Seminar Day 2 by
Cyber Security Seminar Day 2Cyber Security Seminar Day 2
Cyber Security Seminar Day 2Apurv Singh Gautam
133 views32 slides
Cyber Security Seminar Day 1 by
Cyber Security Seminar Day 1Cyber Security Seminar Day 1
Cyber Security Seminar Day 1Apurv Singh Gautam
136 views21 slides

More from Apurv Singh Gautam(15)

Automating Threat Hunting on the Dark Web and other nitty-gritty things by Apurv Singh Gautam
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsAutomating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty things
Apurv Singh Gautam919 views
All about Cyber Security - From the perspective of a MS student by Apurv Singh Gautam
All about Cyber Security - From the perspective of a MS studentAll about Cyber Security - From the perspective of a MS student
All about Cyber Security - From the perspective of a MS student
Apurv Singh Gautam216 views

Recently uploaded

20231123_Camunda Meetup Vienna.pdf by
20231123_Camunda Meetup Vienna.pdf20231123_Camunda Meetup Vienna.pdf
20231123_Camunda Meetup Vienna.pdfPhactum Softwareentwicklung GmbH
45 views73 slides
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading... by
Webinar : Desperately Seeking Transformation - Part 2:  Insights from leading...Webinar : Desperately Seeking Transformation - Part 2:  Insights from leading...
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...The Digital Insurer
24 views52 slides
Melek BEN MAHMOUD.pdf by
Melek BEN MAHMOUD.pdfMelek BEN MAHMOUD.pdf
Melek BEN MAHMOUD.pdfMelekBenMahmoud
17 views1 slide
SUPPLIER SOURCING.pptx by
SUPPLIER SOURCING.pptxSUPPLIER SOURCING.pptx
SUPPLIER SOURCING.pptxangelicacueva6
20 views1 slide
PharoJS - Zürich Smalltalk Group Meetup November 2023 by
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023Noury Bouraqadi
139 views17 slides
Unit 1_Lecture 2_Physical Design of IoT.pdf by
Unit 1_Lecture 2_Physical Design of IoT.pdfUnit 1_Lecture 2_Physical Design of IoT.pdf
Unit 1_Lecture 2_Physical Design of IoT.pdfStephenTec
15 views36 slides

Recently uploaded(20)

Webinar : Desperately Seeking Transformation - Part 2: Insights from leading... by The Digital Insurer
Webinar : Desperately Seeking Transformation - Part 2:  Insights from leading...Webinar : Desperately Seeking Transformation - Part 2:  Insights from leading...
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...
PharoJS - Zürich Smalltalk Group Meetup November 2023 by Noury Bouraqadi
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023
Noury Bouraqadi139 views
Unit 1_Lecture 2_Physical Design of IoT.pdf by StephenTec
Unit 1_Lecture 2_Physical Design of IoT.pdfUnit 1_Lecture 2_Physical Design of IoT.pdf
Unit 1_Lecture 2_Physical Design of IoT.pdf
StephenTec15 views
HTTP headers that make your website go faster - devs.gent November 2023 by Thijs Feryn
HTTP headers that make your website go faster - devs.gent November 2023HTTP headers that make your website go faster - devs.gent November 2023
HTTP headers that make your website go faster - devs.gent November 2023
Thijs Feryn26 views
SAP Automation Using Bar Code and FIORI.pdf by Virendra Rai, PMP
SAP Automation Using Bar Code and FIORI.pdfSAP Automation Using Bar Code and FIORI.pdf
SAP Automation Using Bar Code and FIORI.pdf
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... by Bernd Ruecker
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
Bernd Ruecker48 views
Data Integrity for Banking and Financial Services by Precisely
Data Integrity for Banking and Financial ServicesData Integrity for Banking and Financial Services
Data Integrity for Banking and Financial Services
Precisely29 views
"Node.js Development in 2024: trends and tools", Nikita Galkin by Fwdays
"Node.js Development in 2024: trends and tools", Nikita Galkin "Node.js Development in 2024: trends and tools", Nikita Galkin
"Node.js Development in 2024: trends and tools", Nikita Galkin
Fwdays17 views
Igniting Next Level Productivity with AI-Infused Data Integration Workflows by Safe Software
Igniting Next Level Productivity with AI-Infused Data Integration Workflows Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Safe Software317 views
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f... by TrustArc
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc72 views
Five Things You SHOULD Know About Postman by Postman
Five Things You SHOULD Know About PostmanFive Things You SHOULD Know About Postman
Five Things You SHOULD Know About Postman
Postman38 views
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N... by James Anderson
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
James Anderson126 views

Security News Bytes (Aug Sept 2017)

  • 1. Security News Bytes BY - APURV SINGH GAUTAM
  • 2. WireX Android DDoS Botnet • Security Researchers have uncovered a new, widespread botnet • WireX detected as “Android Clicker”, includes Android devices running one of the thousands malicious apps installed from Google Play store • It is designed to conduct massive application layer DDoS attacks • It has infected 120,000 Android smartphones by this month. • Researchers noticed massive DDoS attacks (primarily HTTP GET requests) originated from more than 70,000 infected mobile devices from over 100 countries • There are more than 300 malicious apps on Google Play which include the malicious WireX code.
  • 3. • You can be protected if you have a newer version of Android that include Google Play’s Protect feature, the company will automatically remove WireX apps from your device. • Google removed around 500 Android apps utilising the rogur SDK that secretly distribute spywares to the users.
  • 4. Email Address exposed from SpamBot Server • 630 million email addresses used by a spambot to send large amounts of spam • Hosted in Netherlands and stored without any access • Used to send out spam and spread a banking trojan called Ursnif
  • 5. Wikileaks Website Defaced by OurMine • The notorious hacking group is known for breaching high-profile figures and companies’ social accounts • Including Facebook CEO Mark Zuckerberg, Twitter CEO Jack Dorsey, Google CEO Sundar Pichai, HBO, Game of Thrones, etc. • There is no sign of WikiLeaks servers and website been compromised instead their website has been redirected to a hacker-controlled server using DNS poisoning attack. • Soon WikiLeaks recovered their website.
  • 7. Instagram Data Breach • Hackers gained email addresses and phone numbers of many high-profile users. • The flaw resides in Instagram’s application programming interface (API), which the service uses to communicate with other apps. • The Instagram’s mobile API contains flaw specifically in the password reset option, which exposed mobile numbers and email addresses of the users in JSON response • Instagram declined to name the high-profile users targeted in the breach • The hacker name was unknown • No account password were exposed
  • 8. AngelFire CIA Malware • Used by CIA to gain persistent remote access on Windows • It does so by modifying its partition boot sector • It modifies the partition boot sector to load and execute Wolfcreek every time the system boots up • It contains a self loading driver that loads other drivers and user-made applications • It also has a covert file system that attempts to install itself in non-partitioned space available on the targeted computer • AngelFire needs administrative privileges on a target computer for successful installation • It has variants in 32-bit version as well as 64-bit version
  • 9. Locky Ransomare • Emails are being sent containing Locky ransomware • Around 23 million messages have been sent in 24 hours • The emails set out in the attack were extremely vague with subjects such as “please print”, “documents”, “images”, etc. • The email comes with a zip attachment that contains a Visual Basic Script (VBS) file need inside a secondary ZIP file • Once opened the VBS installs the ransomware and encrypts all the files • The malware displays a ransomware message on the victim's desktop that instructs the victim to download and install Tor browser and visit the attacker's site for further instructions and payments
  • 10. • The ransomware demands sum of 0.5 Bitcoin from victims to pay for a “Locky decryptor” in order to get their files back.
  • 11. Tiranga Data Breach • A popular social networking site geared towards Latin American users (just like Reddit) • Users create and share thousands of posts every day on general topics like life hacks, tutorials, recipes, reviews and art • According to LeakBase (breach notification service), 28,722,877 accounts which includes usernames, email addresses and hashed passwords for Tiranga was obtained by hackers • Hashed passwords use an ageing algorithm called MD5 which is somewhat outdated so it will be easy for hackers to unhash it.
  • 13. Dolphin Attack: Controlling Siri, Alexa and more • Dolphin attack works by feeding the AI assistants commands in ultrasonic frequencies, which are too high for humans to hear but are perfectly audible to the microphones • Cyber criminals can silently whisper commands to hijack Siri or Alexa and could force them to open malicious apps • It can be used to visit malicious website, spying, injecting fake information and much more