Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
Tenn. Firm Sues Bank over $327K Cyberheist (KrebsOnSecurity)
Tennessee Electric Company Inc., which was the victim of a corporate account takeover scheme, has sued TriSummit Bank, alleging negligence, breach of contract and fraudulent concealment in relation to the bank’s handling of unauthorized transfers. Currently businesses lack the rigorous fraud liability limits that consumers enjoy. This lawsuit could help standardize who is at fault and for how much when businesses are the victims of cybercrime.
More than 75,000 iPhones have been targeted by Chinese AdThief malware, stealing nearly $22 million in advertisements. AdThief is designed to rely on Cydia Substrate, a platform for modifying existing processes, which only works on jailbroken iOS devices. Hackers were able to manipulate advertiser identities, redirecting the revenue each time an end-user viewed or clicked on a given advertisement.
- ‘Secure’ Blackphone Hacked in 5 Minutes (WeLiveSecurity)
The Blackphone, known as an ultra-secure smartphone, apparently fell victim to a hack perpetrated by a security researcher during a presentation at the DEF CON security conference. Three vulnerabilities within the phone have been described. Blackphone has responded by pushing out one patch, as well as preparing a second one.
Two New Gameover Zeus Variants in the Wild (SC Magazine)
Bitdefender Labs researchers discovered two new Gameover Zeus variants using a domain-generation algorithm as an obfuscation technique. One variant primarily affects U.S. users, while the other affects users in the Ukraine and Belarus. Both botnets’ operators appear to be handling quality assurance tasks before employing the botnets in cybercrimes.