Vulnerabilities and exploits

Kaspersky Lab discovers CVE-2016-4171 used in limited targeted attacks to compromise high profile victims.

Over the last two years, deep in the slums of the Internet, a different kind of underground market has flourished. The short, cryptic name perhaps doesn’t say much about it: xDedic. However, on this obscure marketplace anyone can purchase more than 70,000 hacked servers from all around the Internet.

We caught another zero-day Adobe Flash Player exploit deployed in targeted attacks. We believe these attacks are launched by an APT Group we call “ScarCruft”.

How safe is it to charge your phone using USB ports? Our experiment shows that it is far from being safe – it comes with risks of losing data or even gaining access to the device by cybercriminal.

Cyberespionage attacks conducted by different groups across the Asia-Pacific (APAC) and Far East regions share one common feature: in order to infect their victims with malware, the attackers use an exploit for the CVE-2015-2545 vulnerability.

Malware writers have learnt to upload malware apps onto Android devices of unsuspecting users by using JavaScript. Publically available remote-code-execution vulnerability use cases written by antivirus software experts were used as a handy manual by malware writers.

2016 has only just got underway, but the first three months have already seen the same amount of cybersecurity events that just a few years ago would have seemed normal for a whole year. The main underlying trends remained the same, while there was significant growth in trends related to traditional cybercrime, especially mobile threats and global ransomware epidemics.

Our contributions on targeted attack activity and other areas to a report like this one over the past several years is important to help to improve cyber-security awareness and education both in the security industry and the general public.

Instead of developing customized hacking tools or buying them from third-party suppliers on the criminal underground, cyberespionage threat actors are using tools available on the web for research purposes. Several cyberespionage campaigns utilizing such tools have been spotted recently by experts.

Millions of people around the world now use ATMs every day to withdraw cash, pay in to their account or make a variety of payments. Unfortunately, ATM manufacturers and their primary customers – banks – don’t pay much attention to the security of cash machines.

These sensors are the lowest tier of ‘smart city’ infrastructure – they collect raw data about traffic and pass it on; without that data, no analysis can be done and systems cannot be configured properly. Therefore, the information coming from the sensors has to be accurate. But is that actually the case?

The year 2016 started with a quite a number of security incidents related to hacks of hospitals and medical equipment. They include a ransomware attack on a Los Angeles hospital, the same in two German hospitals, an attack on a Melbourne hospital and so on – in just two months of 2016!

Microsoft releases thirteen bulletins this month, patching a total of 44 vulnerabilities. More than half of the critical vulnerabilities fixed this month support the web browsers, Internet Explorer and Microsoft Edge. Vulnerabilities rated critical also exist in Opentype font parsing kernel components, Windows Media Player, and the Windows PDF library.

Yesterday a blog post on “The Linux Mint Blog” caught our attention. Apparently criminals managed to compromise a vulnerable instance of Wordpress which the project used to run their website. The attackers modified download links pointing to backdoored ISO files of Linux Mint 17.3 Cinnamon edition.

Kaspersky Lab security researchers Santiago Pontirol and Roberto Martinez explain how ATM malware works in Latin America and why it’s difficult to discover ‘jackpotting’ malware.