Gear to Block ‘Juice Jacking’ on Your Mobile

June 18, 2014 – 4:41 AM

Ever since I learned about the threat of “juice-jacking” — the possibility that plugging your mobile device into a random power charging station using a USB cord could jeopardize the data on that device — I’ve been more mindful about bringing a proper power-outlet charging adapter on my travels. But in the few cases when I forgot or misplaced the adapter, I’ve found myself falling back on one of two devices I’ll review today that are both designed to block USB charging cords from transmitting data.

Juice-jacking as a threat probably first crept into the collective paranoia of gadget geeks in the summer of 2011, after I wrote a story about two researchers at the DefCon hacker convention in Vegas who’d set up a mobile charging station designed to educate the unwary to the fact that many mobile devices (particularly Apple devices) are set up to connect to a computer and immediately sync data.

Their proof-of-concept was a reminder that in the (admittedly unlikely) event that a clever attacker managed to hide a small computer inside of a USB charging kiosk, he might be able to slurp up your device’s data.

Since that story, several products have sprung up to help minimize such threats. These small USB pass-through devices are designed to allow charging yet block any data transfer capability. The two products I’ve been using over the past few months include the “USB Condom” and a device called the “Juice-Jack Defender.”

Source:
http://krebsonsecurity.com/2014/06/gear-to-block-juice-jacking-on-your-mobile/

New powerful banking malware called Dyreza emerges

June 17, 2014 – 4:34 AM

Security researchers said they’ve spotted a new type of banking malware that rivals the capabilities of the infamous Zeus malware.

The malware, which is being called “Dyreza” or “Dyre,” uses a man-in-the-middle attack that lets the hackers intercept unencrypted web traffic while users mistakenly think they have a secure connection with their online banking site.

Although Dyreza has similarities with Zeus, “we believe this is a new banker trojan family and not yet another offspring from the Zeus source code,” according to a writeup by CSIS, a Danish security company.

Dyreza uses a technique called “browser hooking” to view unencrypted web traffic, which involves compromising a computer, capturing unencrypted traffic and then stepping in when a user tries to make a secure SSL (Secure Sockets Layer) connection with a website.

During an attack by Dyreza, a user thinks their authentication credentials are going to a legitimate bank, but the malware actually redirects the traffic to their own servers, wrote Ronnie Tokazowski, a senior researcher at PhishMe, another security company that has studied the attack. Users mistakenly think they have connected over SSL to their bank’s server.

Dyreza is programmed to intercept credentials when a person navigates to the websites of Bank of America, NatWest, Citibank, RBS and Ulsterbank, wrote Peter Kruse, who is head of CSIS’s eCrime Unit and CTO for CSIS’s Security Group.

The malware is being distributed through spam messages, some of which supposedly contain an invoice as a “.zip” file. To help evade URL scanners that might block messages with known suspicious domains, the attackers have been hosting the malware on legitimate domains.

Source:
http://www.pcadvisor.co.uk/news/security/3525247/new-powerful-banking-malware-called-dyreza-emerges/

You must avoid the Cryptowall

June 15, 2014 – 9:10 PM

The dreaded Cryptolocker virus made an unwelcome return over the last few weeks in the form of a new variant named Cryptowall.

If you were not aware of Cryptolocker, it is a nasty malware that computer users may be tricked into opening by way of an e-mail attachment. When opened, it executes malicious code that travels across your computer network and encrypts all the data it finds, making the files inaccessible. You are presented with a pop-up telling you that your data is encrypted and that if you want the decryption key, you have to pay a $300 ransom to the hackers who created this malware in order to get the decryption code to recover your data.

In many cases, you may be able to restore from a backup, but if not caught in time, your backup may become encrypted.

The Cyrptowall malware is the latest variant. It was most widely distributed by way of an e-mail that said you had received a fax. The body of the message includes a link to click to retrieve your fax. When you click the link, it downloads the Cryptowall malware. Instead of a $300 ransom, the ransom is now $500 and if you wait more than 48 hours, it rises to $1,000.

You may have also read how the Durham Police Department was recently hit by this malware, taking a few days to fully recover from having all its data encrypted. It was confirmed that the fax e-mail with the fake link was the culprit.

It is extremely important to be as cautious as possible before opening e-mail attachments and clicking e-mail links. It’s very easy to make an e-mail look legitimate when it’s really fake.

Source:
http://www.seacoastonline.com/articles/20140615-BIZ-406150328

AT&T customer data compromised in scheme to unlock smartphones

June 14, 2014 – 1:32 PM

Personal information of an unknown number of AT&T Mobility customers was compromised by employees of a third-party vendor seeking to unlock phones, AT&T confirmed.

Accounts were accessed without authorization between April 9 and April 21 by employees of one of AT&T’s service providers and would have provided access to social security numbers and dates of birth, AT&T said in a letter sent to customers. While accessing customer accounts, AT&T said the employees would also have been able to view Customer Proprietary Network Information, which includes the time, date, duration and destination number of phone calls.

“We recently learned that three employees of one of our vendors accessed some AT&T customer accounts without proper authorization,” AT&T said in a statement. “This is completely counter to the way we require our vendors to conduct business…We have taken steps to help prevent this from happening again, notified affected customers, and reported this matter to law enforcement.”

AT&T did not say how many customers were affected, but California law requires company to make disclosures of incidents that affect at least 500 customers in the state. AT&T declined to offer more details on the breach.

AT&T said the accounts were accessed as “part of an effort to request codes from AT&T that are used to ‘unlock’ AT&T mobile phones in the secondary mobile phone market.” Customers can request that phones be unlocked once they’ve fulfilled their wireless contract, a process most wireless carriers are willing to accommodate. Unlocked cell phones can be used on a wireless network other than that of the originating carrier, making them more valuable on the second-hand market. AT&T believes the breach was a means for the employees to spoof customer identities in order to unlock phones.

AT&T has notified law enforcement of the breach. They are also offering affected customers on year of free credit monitoring.

Source:
http://www.cnet.com/news/at-t-customer-data-compromised-to-unlock-smartphones/#ftag=CAD590a51e

The first mobile encryptor Trojan

June 12, 2014 – 5:49 PM

In the middle of May a unique encryption Trojan that works on Android went on sale on a virus writers’ forum. The asking price – $5,000. A few days later on May 18, we saw the appearance of a new mobile encryptor Trojan in the wild that we detect as Trojan-Ransom.AndroidOS.Pletor.a.

By June 5, we had detected over 2,000 infections in 13 countries, located mainly in the former USSR: Azerbaijan, Belarus, Canada, Georgia, Germany, Greece, Kazakhstan, South Korea, Russia, Singapore, Tajikistan, Ukraine and Uzbekistan. The peak in Trojan-Ransom.AndroidOS.Pletor.a distribution came on May 22 when we recorded over 500 new infections.

At the time of writing, we have managed to identify over 30 modifications of the Trojan that can be broken down into two groups. The first uses the Tor network for communicating with its owners; the second uses more standard HTTP and SMS channels. Also, when the modifications from the second group demand money from the user, they display the victim’s image using the smartphone’s front camera.

Source:
http://www.securelist.com/en/blog/8225/The_first_mobile_encryptor_Trojan