Cyber security weekly summary 31 July - 6 August

  • Roman Šulc
  • 13.8.2017 18:39

Last week's cyber news were dominated by publications from the whistleblowing platform WikiLeaks, a hacker attack on the TV channel HBO, and new activities of the APT group Carbanak specialising on financial cyber crimes.

Over the past week, WikiLeaks has made two big releases of non-public documents. On 31 July, stolen emails from Emmanuel Macron’s presidential campaign were published. The archive includes about 71,000 emails and 26,000 attachments dated from 20 March 2009 to 24 April 2017. As was the case of the data leaks during the US presidential election, it is speculated that the perpetrator is Russia, namely the hacker group APT28. The hypothesis, supported by several security companies, was not backed by French cyber security agency ANSSI, whose director, Guillaume Poupard, described the attack as so generic and simple that the hack could have been committed by virtually anyone.

In addition to the aforementioned emails, WikiLeaks also published CIA documents on the cyber tool named Dumbo, which is designed to detect webcams, microphones and other monitoring devices connected to computers using the Microsoft Windows platform and manipulating their records. Dumbo is able to interfere with the identified hardware and otherwise influence the output produced via ending the processes associated with their activity.

Strong publicity accompanied a cyber attack on the US TV channel HBO, which was reported on 31 July. In the previous week, unknown hackers have been able to penetrate HBO's systems and (according to their own claims) steal around 1.5 terabytes of data. HBO executives offered the hackers 250,000 dollars as a "financial reward for detecting security vulnerabilities." On 7 August, however, part of the stolen data, including screenplays for new episodes of the popular series Game of Thrones and internal technical documents, was released. The person or persons responsible for the attack also published a batch of emails from HBO's Vice President of Film Programming, Leslie Cohen. To prevent the attackers from releasing other files, HBO was asked to pay ransom amounting to six million dollars. The channel is currently investigating the incident in cooperation with security experts.

New activities of the APT group Carbanak, responsible, among other things, for record-breaking bank thefts with an estimated 1 billion dollars in financial losses in 2014, were uncovered on 31 July by researchers from the security company Proofpoint. The hackers used sophisticated phishing emails to infect the systems of US restaurant chains with Bateleur malware. The tool is capable of exfiltrating information about the configurations of victims' computers and running processes, and bypass sandbox simulations by which malware samples are analysed, giving the attackers the possibility to execute commands and PowerShell scripts.

About author: Roman Šulc

Partners

Tento web používá k analýze návštěvnosti soubory cookie. Používáním tohoto webu s tím souhlasíte. Další informace