Vulnerabilities and exploits

Expansion of the Internet makes ICS easier prey to attackers. Taking into account that initially many ICS solutions and protocols were designed for isolated environments, such availability often provides a malicious user with multiple capabilities to cause impact to the infrastructure behind the ICS due to lack of security controls.

A threat actor, likely operating from India, was undertaking aggressive cyber-espionage activity in the Asian region, targeting multiple diplomatic and government entities with a particular focus on China and its international affairs.

Last week we reported on the xDedic underground marketplace. The day after, an anonymous source posted the links pointed to a series of pastes on the Pastebin, which in turn contained long lists of IP addresses. The author of the comment mentioned that the list of pastes is related to hacked servers from the xDedic marketplace.

Kaspersky Lab discovers CVE-2016-4171 used in limited targeted attacks to compromise high profile victims.

Over the last two years, deep in the slums of the Internet, a different kind of underground market has flourished. The short, cryptic name perhaps doesn’t say much about it: xDedic. However, on this obscure marketplace anyone can purchase more than 70,000 hacked servers from all around the Internet.

We caught another zero-day Adobe Flash Player exploit deployed in targeted attacks. We believe these attacks are launched by an APT Group we call “ScarCruft”.

How safe is it to charge your phone using USB ports? Our experiment shows that it is far from being safe – it comes with risks of losing data or even gaining access to the device by cybercriminal.

Cyberespionage attacks conducted by different groups across the Asia-Pacific (APAC) and Far East regions share one common feature: in order to infect their victims with malware, the attackers use an exploit for the CVE-2015-2545 vulnerability.

Malware writers have learnt to upload malware apps onto Android devices of unsuspecting users by using JavaScript. Publically available remote-code-execution vulnerability use cases written by antivirus software experts were used as a handy manual by malware writers.

2016 has only just got underway, but the first three months have already seen the same amount of cybersecurity events that just a few years ago would have seemed normal for a whole year. The main underlying trends remained the same, while there was significant growth in trends related to traditional cybercrime, especially mobile threats and global ransomware epidemics.

Our contributions on targeted attack activity and other areas to a report like this one over the past several years is important to help to improve cyber-security awareness and education both in the security industry and the general public.

Instead of developing customized hacking tools or buying them from third-party suppliers on the criminal underground, cyberespionage threat actors are using tools available on the web for research purposes. Several cyberespionage campaigns utilizing such tools have been spotted recently by experts.

Millions of people around the world now use ATMs every day to withdraw cash, pay in to their account or make a variety of payments. Unfortunately, ATM manufacturers and their primary customers – banks – don’t pay much attention to the security of cash machines.

These sensors are the lowest tier of ‘smart city’ infrastructure – they collect raw data about traffic and pass it on; without that data, no analysis can be done and systems cannot be configured properly. Therefore, the information coming from the sensors has to be accurate. But is that actually the case?

The year 2016 started with a quite a number of security incidents related to hacks of hospitals and medical equipment. They include a ransomware attack on a Los Angeles hospital, the same in two German hospitals, an attack on a Melbourne hospital and so on – in just two months of 2016!