Goznym_malware_fraud.png

In the news, a couple of new malware are hitting. A new hybrid malware termed Goznym is reportedly targeting banking customers in the U.S. and Canada; there is a new ransomware dubbed Jigsaw and an abundance of Oracle patch releases may have us putting the microscope on the accuracy of CVSS scoring.  

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 


Malware

1. A new hybrid banking malware has targeted banking customers from Canada to the United States stealing an estimated $4 million during the month of April 2016.

why is this signficant?


  • Malware authors have no need to reinvent malware.  The malware authors can simply extract two existing strains and create a new strain that is stronger and less likely to be detected then prior strains.
  • This new tricky malware enters the bank user/victims' machine when clicking on attachments or links in emails, staying stagnant until the victim accesses their bank account.
  • This hybrid malware termed Goznym, seems to have the authors originating in Eastern Europe, "Nymain Trojan executes first as a means to breach systems, then launches Gozi ISFB to complete the financial fraud."

Read the full story on Fortune

 

2. A new wave of ransomware strain dubbed BitcoinBlackmailer.exe or Jigsaw deletes victims’ files as they cough up the ransom. 

why is this signficant?

  • Ransomware writers are adding a bit of creativity to this new ransomware request.  These malware writers spent time creating "a real-time scrolling text and countdown timer increasing ransom amount as the clock tick, deleting the files slowly at first.”
  • While the malware writers invested effort into their extortion creativity, their efforts were lacking as their malware is developed in .NET, allowing for an easy way to get around this ransomware.

Read the full story on The Register

Vulnerabilities

Oracle's range of products released 136 security patches which may be a reflection of them upgrading their Common Vulnerability Scoring System to the 3.0 version (CVSSv3).

why is this signficant?

  • This is the first time that Oracle is using the CVSS 3.0 rating. For some background, a non-profit organization, FIRST has established a "standard" vulnerability test that scores vulnerabilities on a 1-10 range, 10 being the most vulnerable.  Due to CVSSv2's flaws that many complained about, FIRST releases CVSSv3 that is claimed to have addressed the flaws of V2 giving systems a more accurate measurement of vulnerabilities.
  • Complaints regarding CVSS scores centered around inconsistency and illogical rating mechanisms. For instance, the AVulnerability the enSilo researchers found in Kaspersky received a very low rating score even though that flaw enabled threat actor to bypass the security mechanisms of the underlying operating system. In fact, Symantec that suffered from that same flaw gave it a different score and Microsoft itself rated the issue as 7.
  • Vulnerabilities are becoming more common as technology is evolving with the malicious actor being ahead of the game; usually honing into the security holes targeting and exploiting vulnerabilities as a means for making profit or some sort of recognition. One would think that the real focus should be on a more accurate way to detect or prevent exploitation, although the rapid revolution of malware is making it nearly impossible. Detection is failing and exploitation detection/ prevention should be questioned for consistency as we are seeing an endless rise in critical vulnerabilities in an endless number of products.

Read the full story on PCWorld