“Faceliker” Facebook Trojan Making Comeback

“Faceliker” is malware that has been around for a few years, but recently in 2017 McAfee is reporting surges in the use of Faceliker (9.8% of all new malware in Q1/Q2 are Faceliker strains). Faceliker uses JavaScript to basically hijack the users’ clicks and generates likes on Facebook. The malware is becoming increasingly common to be embedded within malicious Chrome extensions.

Why would someone want to hijack clicks from users? Well, it seems as though Faceliker is being used to promote “fake news” (*cough* propaganda), and is also used to promote advertisements and games that aren’t popular, but seem popular due to the likes accumulated by Faceliker. It also can promote fake pages of companies or users in order to make them seem real or reputable, and possibly result in possible catfishing.

McAfee is not certain, but it appears that Faceliker is only being used to promote content by spoofing likes. It is possible different Faceliker strains are being used to steal passwords or other sensitive data, but there isn’t a clear cut answer.

-Ryan Corrao

https://www.komando.com/happening-now/422202/watch-out-facebook-hijacking-malware-is-spreading

https://themerkle.com/faceliker-facebook-malware-makes-a-surprising-comeback/

Advertisements

Hackers Exploit Microsoft Servers to Mine Cryptocurrency

Mining for cryptocurrency is becoming an extremely profitable investment. One of the most popular currencies, bitcoin, is skyrocketing in value. One bitcoin is currently worth $4297 U.S. dollar. These currencies are becoming more and more popular to use online for illegal activity because it’s more difficult to trace, and increasing in value so quickly.

Now to this recent attack on servers running Windows server 2003. An exploit in this software was discovered in March of this year (2017), the exploit targets the web server in Windows server 2003. Hackers have now taken to attacking servers that have not patched to the most recent update that fixes the exploit. The exploit infects the server and adds it to a botnet for the hacker to control and mine for cryptocurrency. In this attack the hackers were mining for a currency called Monero, this currency is completely untraceable and anonymous. Hackers prefer mining for Monero because it uses an algorithm called CryptoNight which works on CPUs and GPUs and unlike Bitcoin requires no special hardware to begin mining. This currency is currently significantly less valuable than bitcoin, at the time of writing 1 Monero is worth $90 U.S. dollars but, like all cryptocurrency the value fluctuates quite frequently. This attack gained the hackers $63,000 worth of Monero in 3 months. There are quite a few pieces of malware that exploit servers to mine this currency. One piece of malware called Adylkuzz uses the EternalBlue exploit, which was actually created by the NSA and released by a group called the Shadow Brokers this exploit was used in the WannaCry ransomware attack. BondNet is another form of malware that also creates a botnet to mine Monero.

 

– Levi Walker

 

Sources:

https://thehackernews.com/2017/09/windows-monero-miners.html

https://en.bitcoin.it/wiki/CryptoNight

https://coinmarketcap.com/currencies/monero/

 

 

 

How Equifax got Hacked

I’m sure almost everyone has heard about the Equifax data breach at this point, but what we haven’t really known at this point was how exactly the hack was done. Information was just recently released by the hackers themselves to a writer on the website spuz.me. What we know know is this breach is entirely Equifax’s fault.

Basically, Equifax had many “management panels” on their servers, each with a different function. Some of these panels were even publicly available to see, can be found on the IoT searching site shodan.io. In these panels, there was barely any security. The password for one of them was “admin:admin” Now the hackers confirmed not all the passwords were that easy, but the private keys for the panels were actually stored in the panels themselves. Not only that, but over 300 employee admin usernames and passwords were stored in plaintext in a javascript file.

The hackers are currently asking for 600BTC (~$2.2 million at the time of writing) for a full public dump of the data, or 4BTC (~$15k) for 1 million entries of the data. At the time of writing, no money has been sent to the bitcoin address.

It’s very scary how bad the security practices were in this scenario. This is a credit agency after all, and their security was laughable. How many other huge corporations out there have practices this bad? I guess only time will tell.

– Noah Kalinowski

Source

Apache Struts 2 vulnerability possibly linked to Equifax breach

apache-struts-vulnerability

Equifax (EFX), one of the big 3 of credit reporting companies, recently had their systems breached; leaking 140+ million records of individual’s personally identifiable information including SSNs’, credit card info, credit scores and more.

Apache’s Struts 2 framework is now under scrutiny after security researchers discovered a critical Remote Code Execution (RCE) vulnerability that is being deemed as the possible culprit behind Equifax’s breach. A report from Baird Equity Research report is claiming that the Struts 2 vulnerability was the root cause of the incident.

Neither Equifax nor Apache have publicly released a statement that the incident was a result of the flaw present in Struts 2. EFX was also breached in mid-May, months before CVE-2017-9805 was publicly disclosed, leaving it as the unlikely vulnerability that was the cause.

The more likely case was that hackers took advantage of a flaw that Strut’s fixed in March, CVE-2017-5638, another RCE vulnerability. Hackers likely went after unpatched systems and took advantage of this exploit, as was indicated by an attack on the Canadian Revenue Agency utilizing this exploit.

René Gielen, VP of Apache Struts released the following in a public statement: “Any complex software contains flaws; Don’t build your security policy on the assumption that supporting software products are flawless, especially in terms of security vulnerabilities.”

–  Matthew Turi

Sources

https://thehackernews.com/2017/09/apache-struts-vulnerability.html

http://www.eweek.com/security/equifax-breach-potentially-triggered-by-apache-struts-vulnerability

https://www.scmagazine.com/apache-struts-vulnerability-likely-behind-equifax-breach-congress-launches-probes/article/687955/

“Equifax Data Breach Could Affect half the U.S. Population”

Equifax is a very large credit reporting company who has experienced a cyber attack over the summer. The attack was discovered on July 29 but didn’t become public information until last Thursday, the 5th of September. This data breach could have affected 143 million people. The information that was exposed includes social security numbers, address, and birthday information. Equifax is also saying 209,000 credit cards were exposed including some from the UK and Canada. A big problem with this attack is Equifax was a service used to protect from identity theft but now the integrity of the site has been compromised by this attack.

Once Equifax discovered the breach they began working with private security companies to figure out what happened and how they should go about fixing it. The FBI is also investigating the attack to try and find who is responsible. Another big problem with this breach is it could affect you even if you have never been a customer of Equifax. Equifax collects info. from credit card companies to create credit scores so it is possible your card is one of the ones exposed.

The hack has been reported to have been caused by a vulnerability from a “website application” Not much has been said on the details of the hack. Another problem has popped up from this attack. Equifax has created a website to enter your information and see if you have been exposed to this attack. According to George Weidman Founder of the security firm Shevirah “It’s teaching people entirely the wrong things about using the internet securely”. If this new website has vulnerabilities it could expose even more people.

-Levi Walker

Sources:

http://abcnews.go.com/Technology/wireStory/equifax-data-breach-49724230

https://www.nbcnews.com/tech/security/massive-equifax-data-breach-could-impact-half -s-population-n799686