Mysterious malware campaign targets just 13 iPhones in India

An application-warping malware campaign in India is aimed at just 13 iPhones in what researchers are calling a “highly targeted” operation. The attackers are using an open-source mobile device management (MDM) server to distribute the malware through popular apps like Telegram and WhatsApp, researchers from Talos, Cisco’s threat intelligence unit, revealed Thursday. The use of MDM, a popular enterprise tool for administering mobile apps, allows hackers to control how their malware is interacting with the target phones. “This campaign is of note since the malware goes to great lengths to replace specific mobile apps for data interception,” researchers Warren Mercer, Paul Rascagneres, and Andrew Williams wrote in a blog post. The researchers don’t know who was targeted in the campaign, who carried out the attack, or why. While the hackers apparently tried to plant a “false flag” by posing as Russian, evidence suggests they were operating in India, according to Talos. […]

The post Mysterious malware campaign targets just 13 iPhones in India appeared first on Cyberscoop.

Continue reading Mysterious malware campaign targets just 13 iPhones in India

Russian-linked VPNFilter malware is even worse than originally thought, new research suggests

A malware framework that’s already infected hundreds of thousands of routers across the globe appears to be even more dangerous than originally thought, according to new findings by Cisco’s internal cybersecurity unit Talos. The latest results show that the malware, “VPNFilter,” affects a wider array of devices, including more than 11 different hardware vendors, and carries several previously unknown infection capabilities, such as the potential to manipulate internet traffic on the end device in novel ways. The Talos researchers revealed the additional analysis Wednesday after having first publicly documented the botnet last week. A significant percentage of the devices infected through VPNFilter are based in Ukraine, leading domestic security services to claim that the malware symbolized a national security threat. Broadly speaking, VPNFilter works by traversing the web and automatically targeting unpatched routers and servers that carry outdated software.  The term “botnet” is used to describe an army of zombie computers […]

The post Russian-linked VPNFilter malware is even worse than originally thought, new research suggests appeared first on Cyberscoop.

Continue reading Russian-linked VPNFilter malware is even worse than originally thought, new research suggests

The Shared Security Podcast Weekly Blaze – Real-time Location Tracking, VPNFilter Router Malware, Apple’s GDPR Updates

This is the Shared Security Weekly Blaze for May 28, 2018 sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions, Silent Pocket and CISOBox.  This episode was hosted … Continue reading The Shared Security Podcast Weekly Blaze – Real-time Location Tracking, VPNFilter Router Malware, Apple’s GDPR Updates

‘TeleGrab’ malware again shows how hackers can evade encryption to read private messages

Researchers with Talos, Cisco’s cybersecurity division, have identified malware that allows a hacker to steal information from victims using the messaging service Telegram. Detailed in a Talos blog post published Wednesday, Talos says the TeleGrab malware targets Russian-speaking victims and is designed to hijack chat sessions and capture contacts and previous chats. It’s worth noting that the malware only affects Telegram’s desktop and browser client, which does not have the same security features as the mobile app. “The malware abuses the lack of Secret Chats which is a feature, not a bug,” the researchers write, referring to Telegram’s client-to-client encrypted chat feature. Telegram’s desktop clients don’t have the feature because they don’t support local storage, according to a Telegram FAQ page. For that reason, Talos says the malware does not exploit any vulnerability. “The problem is the lack of transparency, users are never warned that by using Telegram Desktop their […]

The post ‘TeleGrab’ malware again shows how hackers can evade encryption to read private messages appeared first on Cyberscoop.

Continue reading ‘TeleGrab’ malware again shows how hackers can evade encryption to read private messages

Secrets of the Wiper: Inside the World’s Most Destructive Malware

The actors behind this kind of code, whether they’re bent on sending a political message or simply wanting to cover their tracks after data exfiltration, have adopted various techniques to carry out those activities. Continue reading Secrets of the Wiper: Inside the World’s Most Destructive Malware

Amid ongoing geopolitical tension, researchers find Pakistani hacking operation aimed at India

As well-crafted hacking tools become more ubiquitous, long simmering rivalries between developing nations take on a new dimension: cyber espionage runs rampant. Research released Thursday by Talos Security, Cisco’s internal cybersecurity unit, describes how a long running computer spying campaign against India was likely controlled by operators in Pakistan. Researchers highlighted a stealthy remote access trojan, dubbed “GravityRAT,” that’s been repetitively used to target Indian organizations since at least 2016. During that timeframe, the author of GravityRAT added new features and changed certain capabilities to make it more difficult to detect. This also included making the malware multilingual, so that whenever it was packaged inside a phishing email it had a better chance at tricking people who speak Chinese, Italian, French, German or Spanish. India’s computer emergency response team (CERT) previously published an advisory about GravityRAT, which suggests it targeted multiple Indian entities, according to Talos. The Indian CERT, however, only […]

The post Amid ongoing geopolitical tension, researchers find Pakistani hacking operation aimed at India appeared first on Cyberscoop.

Continue reading Amid ongoing geopolitical tension, researchers find Pakistani hacking operation aimed at India

Nation-state hackers hit Cisco switches

Hackers, some of them backed by a nation-state, have attacked Cisco switches in multiple countries, the tech giant’s cyberthreat intelligence division has revealed. Some of the attacks “are believed to be associated with nation-state actors, such as those described” in a recent Department of Homeland Security report that said Russian government hackers were targeting multiple U.S. industries, Cisco said. The campaign disclosed by Cisco exploits a protocol in a tool called Cisco Smart Install Client that installs switches. The protocol can be abused to conduct a series of actions, including modifying a server setting, to let an attacker execute Cisco networking software commands. Cisco used the scanning tool Shodan to identify more than 168,000 systems that could be vulnerable to this attack. A March 15 DHS report blamed Russian government hackers for a multi-stage hacking campaign against the nuclear, critical manufacturing, and other U.S. sectors. The U.S. effort to call out alleged […]

The post Nation-state hackers hit Cisco switches appeared first on Cyberscoop.

Continue reading Nation-state hackers hit Cisco switches