Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
The cybersecurity community was buzzing this week following the news that Target's CEO resigned in the wake of the company's very high profile data breach last year. It's not clear whether the breach was truly the cause of the ouster, but it certainly didn't help the embattled CEO.
- Cyber extortion: To pay or not to pay? (SC Magazine)
Once a company is known for paying, they may become a favorite target. The opposite is true as well and can serve as a deterrent against future attacks by the same actor or by copy-cats. We absolutely suggest that targeted organizations do everything they can to avoid impact and recover without paying their attackers. It might be more costly in the short term, but the attackers depend on their victims not fighting back. The internet security community, including PhishLabs, is almost always able to stop these attacks, trace them, and pursue action against the source - which is a much better mid-to-long term outcome.
- IU computer scientists develop tool for uncovering bot-controlled Twitter accounts (Indiana University)
As anyone who has spent much time on Twitter can attest, there are quite a few bot accounts. While some are relatively harmless, a significant portion are used to support cybercrime (scams, malicious links, C&C, etc.). Researchers at Indiana University have created BotOrNot, at tool that can determine if a given Twitter account is a social bot by analyzing the account's posts, their timing, and who else is in their Twitter network.
- Cryptolocker-Like Ransomware Moves to Android (Threatpost)
A ransomware kit that targets Android mobile devices has been uncovered. It is being distributed through malicious domains that are also hosting exploit kits for distributing PC-based malware. If an Android user hits one of the domains, they are redirected to a website that will download the malware in an APK (application package file). If the user installs the APK, the ransomware locks down access to all apps and demands a $300 payment.
One of the features being planned for the next version of Chrome is to replace full URLs with domains. The objective is to make it easier for users to spot lookalike domains, which are frequently used in phishing and other cybercrime attacks. While this has potential to reduce the impact of phishing attacks, we don't expect it to slow phishers down. In our experience, there's still a large number of people that ignore visual indicators regarding the trustworthiness of a site they're visiting.