Recent Posts

Recent Blog Posts

The PhishLabs Blog

Smash & Grab Attacks, Mozilla Leak, Dairy Queen Breach and more | TWIC - August 29, 2014

Posted by Stacy Shelley on Aug 29, '14

TWIC_branding

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Last week, researchers at Proofpoint reported an attack campaign, which was dubbed “Smash & Grab,” targeting customers of JP Morgan Chase. Based on intelligence from the Phishlabs R.A.I.D. (Research, Analysis, and Intelligence Division), the “Smash & Grab” operations have been active since at least mid-June using the same phishing and malware combination tactics described in the initial report. Our analysis also indicates a possible connection to cybercriminal actors currently or previously involved in GameOver Zeus operations. 

Around 97,000 early testers of the Bugzilla bug tracking software have been warned that their email addresses and encrypted passwords were exposed for three months. The accidental exposure is the second disclosed by the Mozilla Foundation this month. On August 1st, the organization revealed that around 76,000 Mozilla Developer Network email addresses and 4,000 hashed and salted passwords had been left on a public-facing server for 30 days.

Sources in the financial industry say they’re seeing signs that Dairy Queen may be the latest retail chain to be victimized by cybercrooks bent on stealing credit and debit card data. Dairy Queen says it has no indication of a card breach at any of its thousands of locations, but the company also acknowledges that nearly all stores are franchises and that there is no established company process or requirement that franchisees communicate security issues or card breaches to Dairy Queen headquarters.

A hacking group believed to have ties to the Syrian Electronic Army (SEA) has made use of an enhanced version of BlackWorm, a remote access trojan (RAT) used to infiltrate organizations. Researchers at FireEye revealed in a blog post that the Syrian Malware Team (a largely pro-Syrian government group of hackers) has operated as far back as 2011 and now primarily uses the “Dark Edition” version of BlackWorm in its campaigns.

A New York—based online ad network company, AppNexus, which provides a platform specializing in real-time online advertising, has again been spotted as the origin of a recent "malvertising" campaign that makes use of the Angler Exploit Kit to redirect visitors to malicious websites hosting the Asprox malware. AppNexus servers process 16 billion ad buys per day, making it the biggest reach on the open web after Google. Back in May, AppNexus was serving malicious ads targeting Microsoft’s Silverlight platform. The world’s largest Internet Video Subscription service Netflix runs on Silverlight, and because of its popularity, hackers have been loading exploit kits with Silverlight.

Topics: The Week in Cybercrime

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all