September 14, 2014

Phishing and cyber-attacks likely to rise during the World Cup

World-Cup-2014-logo(LiveHacking.Com) – As is often the case with large, well known events, cyber-criminals and spammers will be using the World Cup as a chance to steal more personal information and disrupt services in “cyber protests.”

According to TrendLabs phishing campaigns have intensified and are evening targeting Brazilian nationals in a attempt to steal from them during the fervor of the World Cup. Typical campaigns try to solicit information like credit card numbers or personal identifiable information (including name, date of birth and even national identity numbers), from unsuspecting victims. This data is later sold on the black market.

The example given by TrendLabs was for a $2.2 million lottery. As with legitimate lotteries you need to pay to enter. Since the lottery is a scam the credit details entered are harvested for sale. TrendLabs has  identified more than 80,000 people whose credentials have been stolen. Of those 83% had email address from providers with domain names in the .br top-level domain.

But it isn’t only phishing that will be increasing during the World Cup. According to reports by Reuters, the hacker group Anonymous is preparing cyber-attacks on the corporate sponsors of the World Cup.

“We have already conducted late-night tests to see which of the sites are more vulnerable,” said the hacker who operates under the alias of Che Commodore. “We have a plan of attack.”

The threats by Anonymous and the increased amount of phishing are just another problem for the Brazilian government. The event has been marred by delays in the building of the stadiums and widespread discontent among Brazilians over the excessive cost of hosting the event in a country.

Recently Anonymous attacked the Brazil’s Foreign Ministry computer networks and leaked dozens of confidential emails. In what is a massive security breach, Anonymous posted 333 Foreign Ministry documents including documents about the briefing of talks between Brazilian officials and U.S. Vice President Joe Biden, and a list of sport ministers that plan to attend the World Cup.

The World Cup 2014 kicks off on 12 June with a game between hosts Brazil and Croatia. The event continues until Sunday 13 July when the final will be held in Rio de Janeiro.

Dropbox investigating how spammers got hold of email addresses

(LiveHacking.Com) – Dropbox is investigating why some of its users have been receiving spam to email addresses associated with their accounts. The problems began during Tuesday when some European Dropbox users started complaining  on the support forums that they had started to receive spam. There is nothing unusual about spam nowadays, but this spam was going to email addresses that had been specially created for use with Dropbox and aren’t used anywhere else.

Later, at around 3 p.m. ET, Dropbox went down and users were unable to log in and access their files.  Then by early evening (USA time) Dropbox issued a statement: “We‘re aware that some Dropbox users have been receiving spam to email addresses associated with their Dropbox accounts. Our top priority is investigating this issue thoroughly and updating you as soon as we can. We know it’s frustrating not to get an update with more details sooner, but please bear with us as our investigation continues.”

According to a post in the forums by someone who appears to be a Dropbox employee, the site outage (at around 3 p.m. ET) “was incidental and not caused by any external factor or third-party.” In the same post “Joe G.” wrote “We wanted to update everyone about spam being sent to email addresses associated with some Dropbox accounts. We continue to investigate and our security team is working hard on this. We’ve also brought in a team of outside experts to make sure we leave no stone unturned.” He also wanted to assure users that Dropbox hasn’t had “any reports of unauthorized activity on Dropbox accounts.”

The BIG question is how have the spammers got hold of the email addresses? There are two possibilities. First, Dropbox has suffered a security breach in which email addresses have been stolen. During such a breach hackers could have also taken the account passwords but have chosen not to use them but rather use only the email addresses to try to generate money via spam, or the passwords where hashed and salted and the hackers have been unable to crack them. The second possibility is that there is a vulnerability in Dropbox’s APIs, either web or in the SDK/protocols, that are allowing the spammers to capture email addresses without knowning any other user details.

Which ever it is, this could be a serious dent in the credibility for Dropbox and cloud storage in general.

Scammers targeting London Olympics

(LiveHacking.Com) – As the countdown to the 2012 London Olympics continues security researchers at McAfee have re-iterated their call for vigilance as spammers and scammers attempt to trick unsuspecting users with Olympic related emails and offers. McAfee has collected a large sample of Olympic related lottery and sweepstakes spam message which tempt users to pass over private and confidential information in return for cash prizes. The scammers ask for details such as passport information, national ID numbers, or driver’s license details. Once this personal information has been collected, identity theft is almost guaranteed.

“These mails inform the recipients that they have won a substantial amount of money. After contacting the lottery manager, the victims of these rip-offs will be asked to pay ‘processing fees’ or ‘transfer charges’ so that the winnings can be distributed,” wrote Francois Paget.

It is expected that the number of attacks and volume of spam will increase as the opening ceremony draws near. As well as identity theft these schemes can also be used to spread malware, especially banking trojans. All email users should exercise caution when following links in Olympic related emails.

Here is a sample of the emails collected by McAfee:

McAfee to Patch Two Vulnerabilities in its SaaS for Total Protection

(LiveHacking.Com) – Two vulnerabilities have been found in McAfee’s SaaS for Total Protection, one of which allows a customer’s system to be used as a spam relay. The problem, which was exposed on British art firm Kaamar Limited’s blog earlier this week, has been gaining more and more public attention and now McAfee has started to release information about the issues and details of patches.

As spammers have started to exploit the flaw a number of McAfee’s customers have had their emails blocked after their IP addresses were blacklisted by anti-spam services. “It is believed that thousands of computers have been compromised so far, with more being affected every day,” said Kaamar in its original blog.

“The second issue has been used to allow spammers to bounce off of affected machines, resulting in an increase of outgoing email from them. Although this issue can allow the relaying of spam, it does not give access to the data on an affected machine. The forthcoming patch will close this relay capability,” wrote David Marcus Director, Security Research at McAfee.

According to an update on McAfee’s blog, the the patch for the spam issue is now rolling out to customers, and everyone should have the update shortly.