Security Alerts & News
by Tymoteusz A. Góral

History
#1824 Census outage marked boom year for global DDoS attacks
The magnitude of distributed denial of service (DDoS) attacks rose consistently throughout 2016, a report from communications and analysis firm, Neustar has revealed.

The company said in a new report that the frequency of DDoS attack mitigations by Neustar has increased by 40 per cent compared to the same period of time in 2015.

Based on the firm’s global survey of more than 1,000 IT security professionals, results also showed that 85 per cent of attacked organisations were attacked more than once and 44 per cent were attacked more than five times.
#1823 Strong protection for MacOS Sierra: 12 packages put to the test
Every MacOS Sierra user can fortify their system protection with a good security solution. While Apple does provide good proprietary system protection for MacOS Sierra, infections do occur consistently. Many of the 12 packages currently tested offer good protection and put hardly any load on the Mac. Some of them are even available as freeware.

Even if there are far fewer malware samples out there for MacOS Sierra than for windows, this does not make them any less dangerous. Too often, the danger of a successful malware attack is played down and described as improbable. But when it does happen, it wreaks total havoc. One of the improbable cases involving hundreds of thousands of hijacked Macs was in fact called Flashback. There continue to be malware programs with a valid Apple certificate, in which case they are not stopped by the protection integrated in MacOS Sierra.
#1822 Cyber criminal jailed for five years for his part in £840k fraud
A 29-year-old cyber criminal has been jailed following an investigation by the Metropolitan Police’s Falcon Cyber Crime Unit. Detectives identified the man as being a key player in an organised criminal network that was illegally accessing online bank accounts around the world to steal around £840,000 from victims.

Tomasz Skowron (10.09.87) of Meredith Road, Worthing was sentenced on Monday, 19 December at Croydon Crown Court to five years and three months’ imprisonment after he pleaded guilty to conspiracy to defraud, fraud and money laundering offences.

Skowron was linked to a major online banking fraud after detectives from the Met’s Falcon (Fraud and linked crime online) Cyber Crime Unit identified that he was responsible for several fraudulent payments into money mule accounts, and that several thousand pounds had also been paid directly into accounts under his control.

In December 2014, a malware virus infected computers and victims around the world, with several victims and companies in Australia being affected. From intelligence received from the banking industry, officers identified several fraudulent payments had been made from the Commonwealth Bank of Australia into UK bank accounts. Working closely with the banks involved, officers managed to identify a common IP address that was linked to several of the payments made into UK accounts.
#1821 Op-ed: Why I’m not giving up on PGP
Every once in a while, a prominent member of the security community publishes an article about how horrible OpenPGP is. Matthew Green wrote one in 2014 and Moxie Marlinspike wrote one in 2015. The most recent was written by Filippo Valsorda, here on the pages of Ars Technica, which Matthew Green says "sums up the main reason I think PGP is so bad and dangerous."

In this article I want to respond to the points that Filippo raises. In short, Filippo is right about some of the details, but wrong about the big picture. For the record, I work on GnuPG, the most popular OpenPGP implementation.
#1820 Google using Project Wycheproof to scan crypto software for security holes
The Google Security Team has a new set of security tests to check cryptographic software libraries for known weaknesses. The company has already used Project Wycheproof to create more than 80 test cases that have so far uncovered more than 40 security bugs.

The project is developed and maintained by members of the Google Security Team, but isn’t an official Google product. It’s named after Mount Wycheproof, the smallest mountain in the world.

“The main motivation for the project is to have a goal that is achievable,” Google security engineers Daniel Bleichenbacher and Thai Duong wrote in the company’s security blog. “The smaller the mountain the more likely it is to be able to climb it!”

Security holes already uncovered using Project Wycheproof include the ability to recover the private key of widely used DSA and ECDHC implementations. As part of the project, the team provides “ready-to-use” tools to check Java Cryptography Architecture providers such as Bouncy Castle and the default providers in OpenJDK.
#1819 Cyberattack suspected in Ukraine power outage
Security experts are investigating whether a power outage that affected parts of the Ukrainian capital, Kiev, and the surrounding region this weekend was the result of a cyberattack. If confirmed, it would be the second blackout caused by hackers in Ukraine.

The incident affected the automation control systems at the northern power substation near Novi Petrivtsi, a village near Kiev, close to midnight between Saturday and Sunday. This resulted in complete power loss for the northern part of Kiev on the right bank of the Dnieper river and the surrounding region.

Engineers from Ukrenergo, Ukraine's national power company, switched the equipment to manual control mode and started restoring power within 30 minutes, said Vsevolod Kovalchuk, acting director of Ukrenergo, in a post on Facebook. Full power was restored to all affected areas in about an hour and 15 minutes.
#1818 Protect your PC from ransomware with RansomFree
Cybereason’s mission is to put an end to cyber crime. And in order to put an end to one of the most profitable cyber operations of the recent years – ransomware – we have to make it unprofitable for the criminals. That’s why we are launching RansomFree: free, easy-to-install ransomware protection software, available for download for every individual and business that lacks the budget and skills to fight back.
#1817 The many evolutions of Locky
First spotted in February 2016, the Locky crypto-ransomware has become a dangerous threat to both large organisations and residential users alike. In this blog we give a brief overview of what Locky is and cover the significant aspects of its infamous history.
#1816 Report: $3-5M in ad fraud daily from Methbot
New research suggests that an elaborate cybercrime ring is responsible for stealing between $3 million and $5 million worth of revenue from online publishers and video advertising networks each day. Experts say the scam relies on a vast network of cloaked Internet addresses, rented data centers, phony Web sites and fake users made to look like real people watching short ad segments online.

Online advertising fraud is a $7 billion a year problem, according to AdWeek. Much of this fraud comes from hacked computers and servers that are infected with malicious software which forces the computers to participate in ad fraud. Malware-based ad fraud networks are cheap to acquire and to run, but they’re also notoriously unstable and unreliable because they are constantly being discovered and cleaned up by anti-malware companies.

Now researchers say they’ve uncovered a new class of ad robot or “bot” fraud that was designed from the ground up to keep its nose clean — running not on infected hosts but instead distributed across a vast, rented network of dedicated Web servers and computers.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12