Security Alerts & News
by Tymoteusz A. Góral

History
#1879 New variant of ploutus ATM malware observed in the wild in Latin America
Ploutus is one of the most advanced ATM malware families we’ve seen in the last few years. Discovered for the first time in Mexico back in 2013, Ploutus enabled criminals to empty ATMs using either an external keyboard attached to the machine or via SMS message, a technique that had never been seen before.

FireEye Labs recently identified a previously unobserved version of Ploutus, dubbed Ploutus-D, that interacts with KAL’s Kalignite multivendor ATM platform. The samples we identified target the ATM vendor Diebold. However, minimal code change to Ploutus-D would greatly expand its ATM vendor targets since Kalignite Platform runs on 40 different ATM vendors in 80 countries.

Once deployed to an ATM, Ploutus-D makes it possible for a money mule to obtain thousands of dollars in minutes. A money mule must have a master key to open the top portion of the ATM (or be able to pick it), a physical keyboard to connect to the machine, and an activation code (provided by the boss in charge of the operation) in order to dispense money from the ATM. While there are some risks of the money mule being caught by cameras, the speed in which the operation is carried out minimizes the mule’s risk.

This blog covers the changes, improvements, and Indicators of Compromise (IOC) of Ploutus-D in order to help financial organizations identify and defend against this threat.
#1878 Beware new WhatsApp scam offering “free internet without Wi-Fi”
It seems that the number of scams spreading through the messaging app WhatsApp keeps on increasing, with deceptive campaigns coming up with with novel ways of luring in victims. Today we will show you a new example of this.

This particular WhatsApp scam promises users a free internet service, without needing to use Wi-Fi. Despite being complete nonsense from a technical point of view, the offer may nevertheless appear tempting to those unaware of the realities. And it’s also selling something pretty amazing …

Imagine being able to navigate with your smartphone wherever you are, without mobile data from your carrier or a Wi-Fi network. Who wouldn’t like that while on holiday abroad? It’s like magic … because it’s not real. Clicking on this scam won’t change that.
#1877 APT28: At the center of the storm
On Jan. 6, 2017, the U.S. Director of National Intelligence released its Intelligence Community Assessment: Assessing Russian Activities and Intentions in Recent US Elections. Still, questions persist about Russian involvement. Did the Russian government direct the group responsible for the breaches and related data leaks? If so, is this simply a matter of accepted state espionage, or did it cross a line? Was the breach at the Democratic National Committee part of a concerted effort by the Russian government to interfere with the U.S. presidential election?

The most consequential question remains unasked: How will Russia continue to employ a variety of methods – including hacks and leaks – to undermine the institutions, policies and actors that the Russian government perceives as constricting and condemning its forceful pursuit of its state aims?

FireEye’s visibility into the operations of APT28 – a group we believe the Russian government sponsors – has given us insight into some of the government’s targets, as well as its objectives and the activities designed to further them.

We have tracked and profiled this group through multiple investigations, endpoint and network detections, and continuous monitoring. Our visibility into APT28’s operations, which date to at least 2007, has allowed us to understand the group’s malware, operational changes and motivations. This intelligence has been critical to protecting and informing our clients, exposing this threat and strengthening our confidence in attributing APT28 to the Russian government.
#1876 Security scare over hackable heart implants
A US government probe into claims that certain heart implants are vulnerable to hacking attacks, has resulted in emergency security patches being issued for devices that cardiac patients have in their homes.

The medical devices under the microscope come from St Jude Medical, recently acquired by Abbott Laboratories, who were informed by researchers last year that their devices could be forced to malfunction by administering a mild electric shock, pacing at a potentially dangerous rate, or tricked into suffering a high-risk battery drain.

Controversially, research company MedSec Holdings and hedge fund Muddy Waters reportedly profited by short selling stock in St Jude Medical, before telling the manufacturer about the serious vulnerabilities.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12