dollar_fine_finra.jpg

Everyone is gearing up for the approaching holiday season, even threat actors are beefing up their PoS malware to hit the retail market. On the flip side, Chimera ransomware has been forced to shutdown after German companies are detecting it prior to files being encrypted.  After a security breach was discovered in Scottrade by federal officials, the investigation exposed Scottrade’s failure to follow industry standards enforced by FINRA.  Microsoft is adjusting to the ever changing landscape of cybersecurity by opening a new holistic approach.  Google’s VirusTotal is launching a new sandbox feature to help detect Mac malware.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 

Malware

Threat actors are amping up their malwares just in time for the holiday season.  Two new PoS malware strains, Cherry Picker and AbaddonPOS have been identified by two separate research teams.  Trustwave Spider Labs analyzed Cherry Picker, saying that it has been going undetected since 2011.  Proofpoint discovered AbaddonPOS in early October and have been peeling back the layers to identify its evasive techniques.

Why is this signficant?

  1. Just as retailers know, so do cyber-criminals know that holiday season shopping is at its peak. The cyber-criminals want their piece of this profitable pie. We shouldn’t be too surprised, especially considering that the Target attack occurred just about this time around (holiday season shopping), 2 years ago. 
  2. AbaddonPOS seeks credit card data by reading memory from all of the processes, skipping credit card data.  AbaddonPOS identifies credit card data in a nonchalant way, sending the found data  back to the command and control (C&C) server with a custom binary protocol.
  3. Cherry Picker has been undetected for so long due to its capability to self destruct after exfiltrating files holding credit card information. Trustwave researchers have identified Cherry Picker’s sneaky tactics with a tool box full of tools such as:  encryption, configuration files, command line arguments, obfuscation and the cleaner that deletes all traces in a self destructing manner.
  4. One of the problems with PoS-malware is that the retailer typically needs to remove the PoS – directly hitting the revenue of that location. Retailers need to make sure they can ensure that these devices continue to run smoothly and securely, despite malware on these devices to avoid these financial losses.

Read the full story on The Register

 

Chimera, a ransomware that threatened to leak files online- hit the scene in September, making its debut in Germany.  According to researchers at Bleeping Computer, the Chimera campaign was shut down by the attackers themselves.

Why is this signficant?

  1. Bleeping Computer’s researcher Lawrence Abrams identified that the threat of leaking the encrypted files online was an “empty threat”; Chimera was not capable of transferring files and also the fact that the encryption piece of the malware deletes itself in the process leaving nothing to be transferred.
  2. Emisoft's researcher Fabian Wosar believes that Chimera was forced to shutdown, after the focus of the campaign was identified as targeting Germany.

Read the full story on Threat Post

Cost of a Breach

FINRA, the Financial Industry Regulatory Authority, is fining Scottrade $2.6 million. FINRA determined that Scottrade did not have their business  record files in the required “WORM” format (Write-Once, Read-Many) and that outgoing emails failed to retain certain categories. 

Why is this signficant?

  1. Scottrade announced in early October of the cyber security breach that hit 4.6 million of its customers.  FINRA is claiming that Scottrade failed to meet the industry standards including those for storing and backing up more than 168 million emails.
  2. FINRA found the document processing and supervisory system was not up to standard from January 2011 to January 2014.  The mishandling of data was found only after October’s disclosed breach. 
  3. Similar as in many breaches, the breached organization was notified of the breach by a third party. In this case, it was the federal law enforcement officials that notified Scottrade.

Read the full story by FINRA

Security Landscape

Microsoft Holistic in investing in a security platform with a holistic approach, combining security features from Windows 10, Office 365, Azure and the Microsoft Enterprise Mobility Suite.

Why is this signficant?

  1. Microsoft’s new approach to a newly improved security platform stems from knowing that the cyber infiltrators' landscape is growing and security that existed five years ago may not be relevant to the expanding horizons of threat actors.  The importance of keeping a secure environment is changing so drastically, that an easy to adapt system is needed to secure customers' environments.
  2. The holistic approach will also bring new collaborations and integrate products from companies such as:  Azure Security Center, Barracuda, Checkpoint, Cisco Systems, CloudFlare, F5 Networks, Imperva, Incapsula, and Trend Micro. 
  3. Microsoft is churning its gears to make the transition near to seamless, by establishing a new division called the Microsoft Enterprise Cybersecurity Group that will be responsible for managing, monitoring and responding to cybersecurity incidents.
  4. Microsoft continues to recognize their key place in the security of systems and their efforts are certainly laudable. Since security must be applied across the eco-system of products Microsoft will have to continue working with the rest of the technological eco-system to ensure that data remains secure.

Read the full story on CSO Online

 

After Mac has been reported as vulnerable to malicious activity, Google’s VirusTotal will be launching a sandbox to detect malicious activity in Mac Apps.

Why is this signficant?

  1. Google’s VirusTotal may be a game changer for malware authors that will force them to write malware that  detects sandboxes.
  2. As of now, VirusTotal has announced that Mach-O executables, DMG and ZIP files can be analyzed with more most likely to follow.

Read the full story on The Register