Screen Shot 2017-09-01 at 07.19.25.png
This week stolen credentials were evident in a Pastebin post that potentially could be used in an IoT attack; 23 million emails were launched in the newest Locky campaign in a 24 hour period;  Onliner spambot is locked and ready to launch and ready to infect millions.

  

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

Stolen Credentials

More than 1,700 login credentials were discovered that could be used for an IoT attack.

Why is this significant?

          • A Pastebin address posted a list of telnet-accessible devices containing login credentials for 8,233 unique IP addresses, 2,174 of which were still running open telnet servers.
          • This release signifies weak IoT security. Of the 8,233 hosts, only 144 were unique and the majority of devices are default passwords and user names are “Admin”.
          • 2 takeaways: 1. It is crucial to change user names from the factory issued default, on anything “Smart”, (routers, televisions, refrigerators, printers, etc.) and be sure to create a unique password with 12 or more characters. 2. Disable remote access and restrickedly enable only when needed.

Read the full story in ArsTechnica

Locky Campaign

23 million emails have been launched in a new Locky ransomware campaign

Why is this significant?

              • These campaigns are launched to hit as many email inboxes as possible preying on the smaller percent of users that will trigger the ransomware.
        • Researchers claim that this Locky campaign is "one of the largest malware campaigns seen in the latter half of 2017".
        • Locky has been hitting more headlines in recent weeks after it was dormant for some time. The success of this campaign depends only on a small percentage of the 23 million users hit,  to click that will pay the ransomware demand of 0.5 bitcoin/$2300.

Read the full story in ZD Net

 

Potential Spam Campaign

711 million email accounts prepared to issue a spam campaign via Onliner spambot.

Why is this significant?

          • This spam campaign includes lacing emails with data-stealing malware Ursnif and sending spam mail through legitimate email servers.
          • Credentials that are leveraged are generated from already infected machines with Ursnif , phishing campaigns, data-stealing attacks and a list from other public leaks such as in 2016’s LinkedIn breach.  This is being dubbed by a breach notification site- Have I Been Pwned- as the "largest" batch of data to enter the breach notification site in its history”.   
      • In order to bypass the email filters, the attacker is using a list of SMTP credentials which authenticates the spam mail to be sent out as legitimate email, which is a sneaky way to bypass "spam alerts" increasing the amount of vulnerable users that will click the malicious email.

Read the full story in ZDNet