[inma_display_ads type="banner"]

Intelligence Briefing – Q1, 2015

New “LusyPOS” malware uses Tor for C&C Communications.
Dec. 3 — CBTS researchers analyzed a new variant of malware dubbed “LusyPOS” that leverages the Tor network to deploy a technique known as RAM scraping to collect payment card data from infected systems. The malware is similar to the ChewBacca variant which was used to steal payment data from several dozen retailers in the U.S. and other countries.

_____________________________________________________

Iranian CLEAVER hacks through airport security, Cisco boxen.
Dec. 3 — Researchers with Cylance published a report on a suspected Iranian hacking group that has compromised a variety of targets including government and military systems, telecommunications companies, research facilities, airports, defense contractors, and utilities in a campaign dubbed Operation Cleaver. The researchers stated that the group compromised critical infrastructure assets and Cisco networking equipment but did not engage in manipulation of those systems.

_____________________________________________________

DNSimple suffers downtime due to 25 Gbps DDoS attack.
Dec. 3 — Florida-based DNS provider DNSimple reported that it experienced a distributed denial of service (DDoS) attack Dec. 1 that peaked at 25 Gbps and lasted around 12 hours, causing outages for the company and its customers. The company stated that DNSimple was not targeted but was affected by the DDoS attack after domains already under attack were delegated to the company.

_____________________________________________________

Investigation reveals how Florida man ripped off DEA.
Dec. 3 — A report from the U.S. Department of Justice’s Office of the Inspector General found that a now-deceased Jacksonville man who ran the FEBG Bond Fund operated the fund as a Ponzi scheme that defrauded around 130 individuals of over $30 million, more than half of whom were current or former Drug Enforcement Agency (DEA) employees or connected to DEA employees. The report found that some DEA personnel exercised poor judgment in giving the man access to DEA personnel and facilities, and receiving gifts from the man.

_____________________________________________________

“DeathRing” malware found preinstalled on smartphones.
Dec. 4 — Researchers with Lookout published a report that found that low-cost and counterfeit smartphones manufactured in Asia and Africa that come with a piece of pre-loaded malware known as “DeathRing” that originates from China. The command and control server for the malware appears to be offline, and the malware could be used for SMS or browser phishing.