Select Page
Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail

Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail

Three young hackers who were sentenced late last year for creating and spreading the notorious Mirai botnet are now helping the FBI to investigate other “complex” cybercrime cases in return to avoid their lengthy prison terms.

Paras Jha, 21 from New Jersey, Josiah White, 20 from Washington, and Dalton Norman, 21 from Louisiana, plead guilty in December 2017 to multiple charges for their role in creating and hijacking hundreds of thousands IoT devices to make them part of a notorious botnet network dubbed Mirai.

Mirai malware scanned for insecure routers, cameras, DVRs, and other Internet of Things (IoT) devices which were using their default passwords and then made them part of a botnet network.

The trio developed the Mirai botnet to attack rival Minecraft video gaming hosts, but after realizing that their invention was powerful enough to launch record-breaking DDoS attacks against targets like OVH hosting website, they released the source code of Mirai.

The release of source code eventually led to more cyber attacks conducted by various criminals against websites and Internet infrastructure, one of which was the popular DNS provider Dyn which made much of the Internet unusable on the East Coast in October 2016.

The Mirai botnet attacks were then investigated by the FBI in 2017, and the cybercriminals were sentenced by the Chief U.S. District Judge in Alaska in December 2017.

images from Hacker News

New Malware Combines Ransomware, Coin Mining and Botnet Features in One

New Malware Combines Ransomware, Coin Mining and Botnet Features in One

Windows and Linux users need to beware, as an all-in-one, destructive malware strain has been discovered in the wild that features multiple malware capabilities including ransomware, cryptocurrency miner, botnet, and self-propagating worm targeting Linux and Windows systems.

Dubbed XBash, the new malware, believed to be tied to the Iron Group, a.k.a. Rocke—the Chinese speaking APT threat actors group known for previous cyber attacks involving ransomware and cryptocurrency miners.

According to the researchers from security vendor Palo Alto Networks, who uncovered the malware, XBash is an all-in-one malware that features ransomware and cryptocurrency mining capabilities, as well as worm-like ability similar to WannaCry or Petya/NotPetya.

In addition to self-propagating capabilities, XBash also contains a functionality, which is not yet implemented, that could allow the malware to spread quickly within an organisation’s network.

Developed in Python, XBash hunts for vulnerable or unprotected web services and deletes databases such as MySQL, PostgreSQL, and MongoDB running on Linux servers, as part of its ransomware capabilities.

images from Hacker News

Hackers Steal Customers’ Credit Cards From Newegg Electronics Retailer

Hackers Steal Customers’ Credit Cards From Newegg Electronics Retailer

The notorious hacking group behind the Ticketmaster and British Airways data breaches has now victimised popular computer hardware and consumer electronics retailer Newegg.

Magecart hacking group managed to infiltrate the Newegg website and steal the credit card details of all customers who entered their payment card information between August 14 and September 18, 2018, according to a joint analysis from Volexity and RiskIQ.

Magecart hackers used what researchers called a digital credit card skimmer wherein they inserted a few lines of malicious Javascript code into the checkout page of Newegg website that captured payment information of customers making purchasing on the site and then send it to a remote server.

Active since at least 2015, the Magecart hacking group registered a domain called neweggstats(dot)com on August 13, similar to Newegg’s legitimate domain newegg.com, and acquired an SSL certificate issued for the domain by Comodo for their website.

A day later, the group inserted the skimmer code into the Newegg website at the payment processing page, so that it would not come into play until or unless the payment page was hit.

So, when customers add a product in their shopping cart, enter their delivery information during the first step of the check-out, and validate their address, the website takes them to the payment processing page to enter their credit card information.

As soon as the customer hit submit button after entering their credit card information, the skimmer code immediately sends a copy that data to the attacker’s domain, i.e., neweggstats(dot)com without interrupting the checkout process.

images from Hacker News

UK Regulator Fines Equifax £500,000 Over 2017 Data Breach

UK Regulator Fines Equifax £500,000 Over 2017 Data Breach

Atlanta-based consumer credit reporting agency Equifax has been issued a £500,000 fine by the UK’s privacy watchdog for its last year’s massive data breach that exposed personal and financial data of hundreds of millions of its customers.

Yes, £500,000—that’s the maximum fine allowed by the UK’s Data Protection Act 1998, though the penalty is apparently a small figure for a $16 billion company.

In July this year, the UK’s data protection watchdog issued the maximum allowed fine of £500,000 on Facebook over the Cambridge Analytica scandal, saying the social media giant Facebook failed to prevent its citizens’ data from falling into the wrong hands.

Flashback: The Equifax Data Breach 2017

Equifax suffered a massive data breach last year between mid-May and the end of July, exposing highly sensitive data of as many as 145 million people globally.

The stolen information included victims’ names, dates of birth, phone numbers, driver’s license details, addresses, and social security numbers, along with credit card information and personally identifying information (PII) for hundreds of thousands of its consumers.

The data breach occurred because the company failed to patch a critical Apache Struts 2 vulnerability(CVE-2017-5638) on time, for which patches were already issued by the respected companies.

images from Hacker News

Flaw in 4GEE WiFi Modem Could Leave Your Computer Vulnerable

Flaw in 4GEE WiFi Modem Could Leave Your Computer Vulnerable

A high-severity vulnerability has been discovered in 4G-based wireless 4GEE Mini modem sold by mobile operator EE that could allow an attacker to run a malicious program on a targeted computer with the highest level of privileges in the system.

The vulnerability—discovered by 20-year-old Osanda Malith, a Sri Lankan security researcher at ZeroDayLab—can be exploited by a low privileged user account to escalate privileges on any Windows computer that had once connected to the EE Mini modem via USB.

This, in turn, would allow an attacker to gain full system access to the targeted remote computer and thereby, perform any malicious actions, such as installing malware, rootkits, keylogger, or stealing personal information.

4G Mini WiFi modem is manufactured by Alcatel and sold by EE, a mobile operator owned by BT Group— Britain’s largest digital communications company that serves over 31 million connections across its mobile, fixed and wholesale networks.

images from Hacker News