Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
Last week, researchers at Proofpoint reported an attack campaign, which was dubbed “Smash & Grab,” targeting customers of JP Morgan Chase. Based on intelligence from the Phishlabs R.A.I.D. (Research, Analysis, and Intelligence Division), the “Smash & Grab” operations have been active since at least mid-June using the same phishing and malware combination tactics described in the initial report. Our analysis also indicates a possible connection to cybercriminal actors currently or previously involved in GameOver Zeus operations.
Around 97,000 early testers of the Bugzilla bug tracking software have been warned that their email addresses and encrypted passwords were exposed for three months. The accidental exposure is the second disclosed by the Mozilla Foundation this month. On August 1st, the organization revealed that around 76,000 Mozilla Developer Network email addresses and 4,000 hashed and salted passwords had been left on a public-facing server for 30 days.
- DQ Breach? HQ Says No, But Would it Know? (KrebsOnSecurity)
Sources in the financial industry say they’re seeing signs that Dairy Queen may be the latest retail chain to be victimized by cybercrooks bent on stealing credit and debit card data. Dairy Queen says it has no indication of a card breach at any of its thousands of locations, but the company also acknowledges that nearly all stores are franchises and that there is no established company process or requirement that franchisees communicate security issues or card breaches to Dairy Queen headquarters.
- Syrian Malware Team Makes Use of Enhanced BlackWorm RAT (SC Magazine)
A hacking group believed to have ties to the Syrian Electronic Army (SEA) has made use of an enhanced version of BlackWorm, a remote access trojan (RAT) used to infiltrate organizations. Researchers at FireEye revealed in a blog post that the Syrian Malware Team (a largely pro-Syrian government group of hackers) has operated as far back as 2011 and now primarily uses the “Dark Edition” version of BlackWorm in its campaigns.
- Malicious Advertisements Found on Java.com, Other High-Profile Sites (The Hacker News)
A New York—based online ad network company, AppNexus, which provides a platform specializing in real-time online advertising, has again been spotted as the origin of a recent "malvertising" campaign that makes use of the Angler Exploit Kit to redirect visitors to malicious websites hosting the Asprox malware. AppNexus servers process 16 billion ad buys per day, making it the biggest reach on the open web after Google. Back in May, AppNexus was serving malicious ads targeting Microsoft’s Silverlight platform. The world’s largest Internet Video Subscription service Netflix runs on Silverlight, and because of its popularity, hackers have been loading exploit kits with Silverlight.