Hackers are preparing for battle and have the cyberweapons to kick off what President Obama recently described as a cyber arms race. In this week’s Hacker Tracker, the stealthy moves of cybercriminals take center stage, and we examine why the private and public sectors may need a new cybersecurity game plan — STAT.
President Barack Obama had a stern warning for the world this week: The potential for an all-out cyber arms race is upon us.
At the G20 international summit in China, President Obama told the media that, as countries continue to build up their arsenals of cyberweapons, the chance for a “free-for-all” to break out in the cyberspace is likely, unless everyone starts acting responsibly — and fast.
“[We] cannot have a situation where this becomes the wild, wild West, where countries [that] have significant cyber capacity start engaging in … unhealthy competition or conflict through these means,” the president stated.
His remarks come as the U.S. continues to investigate an onslaught of serious sovereign state-sponsored hacking threats facing the country. Many experts are looking directly at Russia for these attempts and breaches. Russian officials, however, have rejected any accusations of political hacking.
According to Sophos’ Naked Security blog, media outlets have accused Russia of trying to tamper with political computer systems in order to breed public distrust and spread false information. The recent breach of email servers belonging to the Democratic National Committee (DNC) is listed as one such example, especially considering the political firestorm that ensued shortly after.
“We’ve had problems with cyber intrusions from Russia in the past, from other countries in the past,” Obama explained. “We’re moving into a new area here where a number of countries have different capacities.”
He added that the intention was to not “duplicate a cycle of escalation” that has been seen in the past.
Russian Hackers Strike Again?
Speaking of Russia…
Another massive cyberattack hit a Russian website and email service this week, leaving the personal information of millions of people exposed.
Quartz reported that the site Rambler was targeted by hacks dating back to 2012, and as a result, roughly 98 million accounts were compromised. The sensitive data, which the Yahoo-like site supposedly did not encrypt, included usernames, email addresses and passwords.
The onslaught of compromised information could potentially allow hackers to log onto users’ accounts, as well as assemble other personal data based off the passwords and email addresses exposed as part of the hack.
This cyberattack on Rambler is just the latest in a string of massive breaches to hit the country. Earlier this year, a hacker obtained 171 million user accounts from social networking site VK.com, which is said to be one of the largest social networks in Russia.
Though the VK.com hack is also believed to have taken place sometime between late 2012 and early 2013, the hacker behind the breach recently began selling a smaller subset of the database on a Dark Web marketplace for 1 bitcoin (a value of approximately $580). The stolen database contains full names, email addresses and passwords, plus locations and phone numbers in some cases.
Android Users Can’t Catch A Break
Android users are no strangers to malware threats, and Kaspersky Lab recently discovered another malicious software to add to the list.
The security researchers identified a malware that can reportedly circumvent security features on the Android Marshmallow (version 6) mobile phone operating system. The malware targets users’ banking apps and steals credit card information. Kaspersky Lab follows the activity of cyberthreats, including such malware, which steals data using an overlay screen on real mobile banking apps and in the Google Play Store.
The malware is believed to be an altered Trojan malware known as Gugi, which was first detected in June. Gugi malware affects mobile devices by way of a text message enticing users to click on a link, tricking them with an “additional rights needed” prompt. From there, the malware receives more of the user’s information. If it’s unsuccessful, the malware blocks the device, and the user must attempt to remove the malware.
Scammers Are Just A Tweet Away
Fraudsters are posing as PayPal’s own customer service representatives on Twitter in order to perpetrate phishing attacks against unsuspecting PayPal users.
The scammers have been able to trick users into divulging their bank account details by pretending to be customer support staff from PayPal, then sending PayPal users malicious links via interactions on Twitter.
In a report from cybersecurity firm Proofpoint about the rise in social media fraud, the new form of social media-based phishing attack, referred to as “angler phishing,” is discussed, and recent examples of attempts from two fraudulent PayPal Twitter accounts are shown.
“The attack technique takes its name from the anglerfish, which uses a glowing lure to entice and attack smaller prey. In an angler phishing attack, a fake customer support account promises to help customers but instead attempts to steal credentials,” Proofpoint staff explained in a blog post.
“Social media angler phishers create fake customer support accounts that target customers of a wide variety of industries, but we have seen a majority of angler phish attacks focus on customer support accounts for financial services brands,” the post continued.