1
WEEKLY IT SECURITY BULLETIN 16 November 2018 In the news this Week IT TOOK 4 YEARS TO TAKE DOWN ‘AVALANCHE,’ A HUGE ONLINE CRIME RING ON THURSDAY, A group of international law enforcement agencies announced that it had completed an ambitious takedown of an extensive online criminal infrastructure called "Avalanche." It's one of the largest botnet takedowns ever, a four-year effort that turned up victims in 180 countries worldwide. Which is to say, nearly all of them. The scale of Avalanche is overwhelming, as was that of the effort to unwind it. Criminals have been using the platform since 2009 to mount phishing attacks, distribute malware, shuffle stolen money across borders, and even act as a botnet in denial of service attacks. It specialized in targeting both financial institutions and people's personal financial data, to great success. The Department of Justice pegs the monetary losses associated with Avalanche's malware attacks as "in the hundreds of millions of dollars worldwide." Taking down an operation of that magnitude required globe- spanning coordination. Officials from agencies in 30 countries—including the US Justice Department, Europol, and the United Kingdom's National Crime Agency—collaborated with private cybersecurity companies and academics. The final tally for the operation was five people arrested, 221 servers taken offline, another 37 seized, and more than 800,000 domains seized, blocked, or otherwise disrupted. If that last number sounds exceptionally large, that's because it is. Typical botnet takedowns will target more like 1,000 domains per day, according to the non-profit Shadowserver Foundation, which worked on the Avalanche project. The Avalanche operation was particularly complicated because it involved dismantling the service's "fast-flux" hosting method, which hid its botnet's actions (like malware distribution and phishing) behind proxy IP addresses that were constantly changing, making their origins very difficult to trace. To combat the 20 families of malware the system spread, the takedown operation used a process called "sinkholing," which cuts off communication channels between the infected computers of victims and the servers sending malicious commands. The method disrupted copies of malware that were spread by Avalanche, but it doesn't eliminate whole malware strains, or remove malicious software from infected computers. Still, experts see this as a victory with implications that expand beyond a single criminal enterprise. Fallout - Even operations on this scale can only be a hindrance to cyber criminals, not a permanent obstacle. But they act as a vital deterrent and protection for consumers. "These kinds of investigations are difficult and lengthy but they yield profound changes," Jérôme Segura, the lead malware intelligence analyst at Malwarebytes, wrote to WIRED. "Identifying and prosecuting the people behind the infrastructure is what can have the longest-lasting impact. The public display of law enforcement breaking down doors and handcuffing malicious operators has a chilling effect." (Read the whole story at www.wired.com) Threat Level’s explained GREEN or LOW indicates a low risk. BLUE or GUARDED indicates a general risk of increased hacking, virus, or other malicious activity. YELLOW or ELEVATED indicates a significant risk due to increased hacking, virus, or other malicious activity that compromises systems or diminishes service. ORANGE or HIGH indicates a high risk of increased hacking, virus, or other malicious cyber activity that targets or compromises core infrastructure, causes multiple service outages, causes multiple system compromises, or compromises critical infrastructure. RED or SEVERE indicates a severe risk of hacking, virus, or other malicious activity resulting in widespread outages and/or significantly destructive compromises to systems with no known remedy or debilitates one or more critical infrastructure sectors. Author: Chris Bester On November 14, 2018, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded) due to multiple vulnerabilities in Cisco, Microsoft, Apache, and Google products. Awareness: Understanding Firewalls for Home and Small Office Use When your computer is accessible through an internet connection or Wi - Fi network, it is susceptible to attack. However, you can restrict outside access to your computer and the information on it with a firewall. What do firewalls do? Firewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary network traffic. Firewalls can also prevent malicious software from accessing a computer or network via the internet. Firewalls can be configured to block data from certain locations (i.e., computer network addresses), applications, or ports while allowing relevant and necessary data through. (See Understanding Denial - of - Service Attacks and Understanding Hidden Threats: Rootkits and Botnets for more information.) What type of firewall is best? Categories of firewalls include hardware and software. While both have advantages and disadvantages, the decision to use a firewall is more important than deciding which type you use. • Hardware Typically called network firewalls, these physical devices are positioned between your computer and the internet (or another network connection). Many vendors and some internet service providers (ISPs) offer integrated small office / home office routers that also include firewall features. Hardware - based firewalls are particularly useful for protecting multiple computers and controlling the network activity that attempts to pass through them. The advantage of hardware - based firewalls is that they provide an additional line of defense against attacks reaching desktop computing systems. The disadvantage is that they are separate devices that require trained professionals to support their configuration and maintenance. • Software Most Operating Systems include a built - in firewall feature that you should enable for added protection, even if you have an external firewall. Firewall software is also available separately from your local computer store, software vendor, or ISP. If you download firewall software from the internet, make sure it is from a reputable source (i.e., an established software vendor or service provider) and offered via a secure site. (See Understanding Web Site Certificates for more information.) The advantage of software firewalls is their ability to control the specific network behaviour of individual applications on a system. A significant disadvantage of a software firewall is that it is typically located on the same system that is being protected. Being located on the same system can hinder the firewall’s ability to detect and stop malicious activity. Another possible disadvantage of software firewalls is that if you have a firewall for each computer on a network you will need to update and manage each computer’s firewall individually. How do you know what configuration settings to apply? Most commercially available firewall products, both hardware and software based, come preconfigured and ready to use. Since each firewall is different, you will need to read and understand the documentation that comes with it to determine whether the default firewall settings are sufficient for your needs. This is particularly concerning because the “default” configuration is typically less restrictive, which could make your firewall more susceptible to compromise. Alerts about current malicious activity (e.g., NCCIC’s Alerts) sometimes include information about restrictions you can implement through your firewall. Though properly configured firewalls may effectively block some attacks, do not be lulled into a false sense of security. Firewalls do not guarantee that your computer will not be attacked. Firewalls primarily help protect against malicious traffic, not against malicious programs (i.e., malware), and may not protect you if you accidentally install or run malware on your computer. However, using a firewall in conjunction with other protective measures (e.g., anti - virus software and safe computing practices) will strengthen your resistance to attacks. (See Good Security Habits and Understanding Anti - Virus Software for more information.) (Source: https://www.us-cert.gov/ncas/tips/ST04-004) - Author: NCCIS For Reporting Cyber Crime go to the Internet Crime Compliant Center (IC3) www.ic3.gov TOP - LOCAL INFECTIONS IN THE LAST WEEK (USA) # KNOWN AS (%) 1 DangerousObject.Multi.Generic 24.37% 2 Trojan - Ransom.Win32.Blocker.gen 8.15% 3 Trojan - Downloader.MSOffice.SLoad.gen 5.57% 4 Trojan.Script.Generic 3.68% 5 Hoax.Win32.Uniblue.gen 3.55% 6 HackTool.Win64.HackKMS.b 1.62% 7 Hoax.Win32.PCRepair.b 1.51% 8 Trojan - Ransom.AndroidOS.Svpeng.snt 1.41% 9 Hoax.MSIL.Optimizer.a 1.20% 10 Hoax.Win32.DeceptPCClean.t 1.02% Source: Kaspersky Labs

WEEKLY IT SECURITY BULLETIN 16 November 2018c2csmartcompliance.com/wp-content/uploads/2018/11/Weekly... · 2018. 11. 17. · WEEKLY IT SECURITY BULLETIN 16 November 2018 In the news

  • Upload
    others

  • View
    2

  • Download
    0

Embed Size (px)

Citation preview

Page 1: WEEKLY IT SECURITY BULLETIN 16 November 2018c2csmartcompliance.com/wp-content/uploads/2018/11/Weekly... · 2018. 11. 17. · WEEKLY IT SECURITY BULLETIN 16 November 2018 In the news

WEEKLY IT SECURITY BULLETIN16 November 2018

In the news this WeekIT TOOK 4 YEARS TO TAKE DOWN ‘AVALANCHE,’ A HUGE ONLINE CRIME RINGON THURSDAY, A group of international law enforcement agencies announced that it had completed an ambitious takedown of an extensive online criminal infrastructure called "Avalanche." It's one of the largest botnet takedowns ever, a four-year effort that turned up victims in 180 countries worldwide. Which is to say, nearly all of them. The scale of Avalanche is overwhelming, as was that of the effort to unwind it. Criminals have been using the platform since 2009 to mount phishing attacks, distribute malware, shuffle stolen money across borders, and even act as a botnet in denial of service attacks. It specialized in targeting both financial institutions and people's personal financial data, to great success. The Department of Justice pegs the monetary losses associated with Avalanche's malware attacks as "in the hundreds of millions of dollars worldwide." Taking down an operation of that magnitude required globe-spanning coordination. Officials from agencies in 30 countries—including the US Justice Department, Europol, and the United Kingdom's National Crime Agency—collaborated with private cybersecurity companies and academics. The final tally for the operation was five people arrested, 221 servers taken offline, another 37 seized, and more than 800,000 domains seized, blocked, or otherwise disrupted. If that last number sounds exceptionally large, that's because it is. Typical botnet takedowns will target more like 1,000 domains per day, according to the non-profit Shadowserver Foundation, which worked on the Avalanche project. The Avalanche operation was particularly complicated because it involved dismantling the service's "fast-flux" hosting method, which hid its botnet's actions (like malware distribution and phishing) behind proxy IP addresses that were constantly changing, making their origins very difficult to trace. To combat the 20 families of malware the system spread, the takedown operation used a process called "sinkholing," which cuts off communication channels between the infected computers of victims and the servers sending malicious commands. The method disrupted copies of malware that were spread by Avalanche, but it doesn't eliminate whole malware strains, or remove malicious software from infected computers. Still, experts see this as a victory with implications that expand beyond a single criminal enterprise. Fallout - Even operations on this scale can only be a hindrance to cyber criminals, not a permanent obstacle. But they act as a vital deterrent and protection for consumers. "These kinds of investigations are difficult and lengthy but they yield profound changes," Jérôme Segura, the lead malware intelligence analyst at Malwarebytes, wrote to WIRED. "Identifying and prosecuting the people behind the infrastructure is what can have the longest-lasting impact. The public display of law enforcement breaking down doors and handcuffing malicious operators has a chilling effect."(Read the whole story at www.wired.com)

Threat Level’s explained• GREEN or LOW indicates a low risk.

• BLUE or GUARDED indicates a general risk of increased hacking, virus, or other malicious activity.

• YELLOW or ELEVATED indicates a significant risk due to increased hacking, virus, or other malicious

activity that compromises systems or diminishes service.

• ORANGE or HIGH indicates a high risk of increased hacking, virus, or other malicious cyber activity that

targets or compromises core infrastructure, causes multiple service outages, causes multiple system

compromises, or compromises critical infrastructure.

• RED or SEVERE indicates a severe risk of hacking, virus, or other malicious activity resulting in widespread

outages and/or significantly destructive compromises to systems with no known remedy or debilitates

one or more critical infrastructure sectors.

Author: Chris Bester

On November 14, 2018, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded) due to multiple vulnerabilities in Cisco, Microsoft, Apache, and Google products.

Awareness:Understanding Firewalls for Home and Small Office UseWhen your computer is accessible through an internet connection or Wi-Fi network, it is susceptible to attack. However, you can restrict outside access to your computer—and the information on it—with a firewall.What do firewalls do? Firewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary network traffic. Firewalls can also prevent malicious software from accessing a computer or network via the internet. Firewalls can be configured to block data from certain locations (i.e., computer network addresses), applications, or ports while allowing relevant and necessary data through. (See Understanding Denial-of-Service Attacks and Understanding Hidden Threats: Rootkits and Botnets for more information.) What type of firewall is best? Categories of firewalls include hardware and software. While both have advantages and disadvantages, the decision to use a firewall is more important than deciding which type you use.

• Hardware – Typically called network firewalls, these physical devices are positioned between your computer and the internet (or another network connection). Many vendors and some internet service providers (ISPs) offer integrated small office / home office routers that also include firewall features. Hardware-based firewalls are particularly useful for protecting multiple computers and controlling the network activity that attempts to pass through them. The advantage of hardware-based firewalls is that they provide an additional line of defense against attacks reaching desktop computing systems. The disadvantage is that they are separate devices that require trained professionals to support their configuration and maintenance.

• Software – Most Operating Systems include a built-in firewall feature that you should enable for added protection, even if you have an external firewall. Firewall software is also available separately from your local computer store, software vendor, or ISP. If you download firewall software from the internet, make sure it is from a reputable source (i.e., an established software vendor or service provider) and offered via a secure site. (See Understanding Web Site Certificates for more information.) The advantage of software firewalls is their ability to control the specific network behaviour of individual applications on a system. A significant disadvantage of a software firewall is that it is typically located on the same system that is being protected. Being located on the same system can hinder the firewall’s ability to detect and stop malicious activity. Another possible disadvantage of software firewalls is that—if you have a firewall for each computer on a network—you will need to update and manage each computer’s firewall individually.

How do you know what configuration settings to apply? Most commercially available firewall products, both hardware and software based, come preconfigured and ready to use. Since each firewall is different, you will need to read and understand the documentation that comes with it to determine whether the default firewall settings are sufficient for your needs. This is particularly concerning because the “default” configuration is typically less restrictive, which could make your firewall more susceptible to compromise. Alerts about current malicious activity (e.g., NCCIC’s Alerts) sometimes include information about restrictions you can implement through your firewall.Though properly configured firewalls may effectively block some attacks, do not be lulled into a false sense of security. Firewalls do not guarantee that your computer will not be attacked. Firewalls primarily help protect against malicious traffic, not against malicious programs (i.e., malware), and may not protect you if you accidentally install or run malware on your computer. However, using a firewall in conjunction with other protective measures (e.g., anti-virus software and safe computing practices) will strengthen your resistance to attacks. (See Good Security Habits and Understanding Anti-Virus Software for more information.)(Source: https://www.us-cert.gov/ncas/tips/ST04-004) - Author: NCCIS

For Reporting Cyber Crime go to the Internet Crime Compliant Center

(IC3) www.ic3.gov

TOP - LOCAL INFECTIONS IN THE LAST WEEK (USA)

# KNOWN AS (%)

1 DangerousObject.Multi.Generic 24.37%

2 Trojan-Ransom.Win32.Blocker.gen 8.15%

3 Trojan-Downloader.MSOffice.SLoad.gen 5.57%

4 Trojan.Script.Generic 3.68%

5 Hoax.Win32.Uniblue.gen 3.55%

6 HackTool.Win64.HackKMS.b 1.62%

7 Hoax.Win32.PCRepair.b 1.51%

8 Trojan-Ransom.AndroidOS.Svpeng.snt 1.41%

9 Hoax.MSIL.Optimizer.a 1.20%

10 Hoax.Win32.DeceptPCClean.t 1.02%

Source: Kaspersky Labs

ETHEKWINI WEEKlY BUllETIN: Weekly bulletin issue 49

ETHEKWINI WEEKlY BUllETIN: Weekly bulletin issue 49

Business
Weekly BULLETIN - Ministry of International Trade and Industry Weekly... · MINISTRY OF INTERNATIONAL TRADE AND INDUSTRY Weekly BULLETIN 12 September 2018 | NO. ISSN : 2180-0448 Media

Weekly BULLETIN - Ministry of International Trade and Industry Weekly... · MINISTRY OF INTERNATIONAL TRADE AND INDUSTRY Weekly BULLETIN 12 September 2018 | NO. ISSN : 2180-0448 Media

Documents
WEEKLY SCHOOL BULLETIN October 11, 2018 · 2019-09-18 · WEEKLY SCHOOL BULLETIN October 11, 2018 Prayer for the 2018-19 School Year Lord, help us to come together as a community

WEEKLY SCHOOL BULLETIN October 11, 2018 · 2019-09-18 · WEEKLY SCHOOL BULLETIN October 11, 2018 Prayer for the 2018-19 School Year Lord, help us to come together as a community

Documents
WEEKLY IT SECURITY BULLETIN 13 December 2019c2csmartcompliance.com/wp-content/uploads/2018/11/Weekly... · 2019. 12. 13. · WEEKLY IT SECURITY BULLETIN 13 December 2019 Threat Level’s

WEEKLY IT SECURITY BULLETIN 13 December 2019c2csmartcompliance.com/wp-content/uploads/2018/11/Weekly... · 2019. 12. 13. · WEEKLY IT SECURITY BULLETIN 13 December 2019 Threat Level’s

Documents
20120702 weekly bulletin

20120702 weekly bulletin

Documents
WEEKLY IT SECURITY BULLETIN 07 December 2018c2csmartcompliance.com/wp-content/uploads/2018/11/Weekly... · 2018. 7. 12. · WEEKLY IT SECURITY BULLETIN 07 December 2018 In the news

WEEKLY IT SECURITY BULLETIN 07 December 2018c2csmartcompliance.com/wp-content/uploads/2018/11/Weekly... · 2018. 7. 12. · WEEKLY IT SECURITY BULLETIN 07 December 2018 In the news

Documents
Weekly bulletin 050813

Weekly bulletin 050813

Documents
20120402 weekly bulletin

20120402 weekly bulletin

Documents
Passenger Transportation Board Weekly Bulletin—Extra Edition · 11/9/2018  · Passenger Transportation Board . Weekly Bulletin —Extra Edition. Friday November 9, 2018 . The Weekly

Passenger Transportation Board Weekly Bulletin—Extra Edition · 11/9/2018  · Passenger Transportation Board . Weekly Bulletin —Extra Edition. Friday November 9, 2018 . The Weekly

Documents
Weekly Bulletin Announcements

Weekly Bulletin Announcements

Spiritual
Weekly BULLETIN Weekly... · 2019. 4. 23. · Weekly BULLETIN 23 April 2019 | NO. ISSN : 2180-0448 ... Labour Force Participation Rate, Jan 2018 - Feb 2019 3.4 3.3 3.3 3.3 3.3 3.4

Weekly BULLETIN Weekly... · 2019. 4. 23. · Weekly BULLETIN 23 April 2019 | NO. ISSN : 2180-0448 ... Labour Force Participation Rate, Jan 2018 - Feb 2019 3.4 3.3 3.3 3.3 3.3 3.4

Documents
20120806 weekly bulletin

20120806 weekly bulletin

Documents
WEEKLY IT SECURITY BULLETIN 1 February 2019c2csmartcompliance.com/wp-content/uploads/2018/11/Weekly-Stor… · WEEKLY IT SECURITY BULLETIN 1 February 2019 Threat Level’s explained

WEEKLY IT SECURITY BULLETIN 1 February 2019c2csmartcompliance.com/wp-content/uploads/2018/11/Weekly-Stor… · WEEKLY IT SECURITY BULLETIN 1 February 2019 Threat Level’s explained

Documents
WEEKLY IT SECURITY BULLETIN 21 February 2020c2csmartcompliance.com/wp-content/uploads/2018/11/Weekly-Stor… · WEEKLY IT SECURITY BULLETIN 21 February 2020 Threat Level’s explained

WEEKLY IT SECURITY BULLETIN 21 February 2020c2csmartcompliance.com/wp-content/uploads/2018/11/Weekly-Stor… · WEEKLY IT SECURITY BULLETIN 21 February 2020 Threat Level’s explained

Documents
Weekly Economic Bulletin (27 January - 02 February 2018 ... Economic Bulletin (27 January - 02 February 2018).pdf · Weekly Economic Bulletin (27 January - 02 February 2018) Mohammad

Weekly Economic Bulletin (27 January - 02 February 2018 ... Economic Bulletin (27 January - 02 February 2018).pdf · Weekly Economic Bulletin (27 January - 02 February 2018) Mohammad

Documents
weather WEEKLY WEATHER AND CROP BULLETIN...Mar 20, 2018  · March 20, 2018 Weekly Weather and Crop Bulletin 3 Season-to-date precipitation (October 1, 2017 – March 18, 2018) was

weather WEEKLY WEATHER AND CROP BULLETIN...Mar 20, 2018  · March 20, 2018 Weekly Weather and Crop Bulletin 3 Season-to-date precipitation (October 1, 2017 – March 18, 2018) was

Documents
20110815 weekly bulletin

20110815 weekly bulletin

Documents
WEEKLY SCHOOL BULLETIN November 9, 2018 · 2011. 9. 18. · WEEKLY SCHOOL BULLETIN November 9, 2018 Prayer for the 2018-19 School Year Lord, help us to come together as a community

WEEKLY SCHOOL BULLETIN November 9, 2018 · 2011. 9. 18. · WEEKLY SCHOOL BULLETIN November 9, 2018 Prayer for the 2018-19 School Year Lord, help us to come together as a community

Documents
WEEKLY BULLETIN 26 APRIL 2018 RotaRy club of hong kong noRthrchkn.org/bulletin/Bulletin2017-2018/Bulletin_1718_41.pdf · WEEKLY BULLETIN 26 APRIL 2018 RY 2017-18 Volume IVXI page

WEEKLY BULLETIN 26 APRIL 2018 RotaRy club of hong kong noRthrchkn.org/bulletin/Bulletin2017-2018/Bulletin_1718_41.pdf · WEEKLY BULLETIN 26 APRIL 2018 RY 2017-18 Volume IVXI page

Documents
20120730 weekly bulletin

20120730 weekly bulletin

Documents
Weekly Bulletin

Weekly Bulletin

Documents
Weekly Economic Bulletin (3-9 February 2018) Mohammad Saleh Economic Bulletin (3-9 February 2018).pdf · Weekly Economic Bulletin (3-9 February 2018) Mohammad Saleh . Sisi inaugurates

Weekly Economic Bulletin (3-9 February 2018) Mohammad Saleh Economic Bulletin (3-9 February 2018).pdf · Weekly Economic Bulletin (3-9 February 2018) Mohammad Saleh . Sisi inaugurates

Documents
WEEKLY IT SECURITY BULLETIN 19 April 2019c2csmartcompliance.com/wp-content/uploads/2018/11/Weekly... · 2019-04-23 · WEEKLY IT SECURITY BULLETIN 19 April 2019 Threat Level’s explained

WEEKLY IT SECURITY BULLETIN 19 April 2019c2csmartcompliance.com/wp-content/uploads/2018/11/Weekly... · 2019-04-23 · WEEKLY IT SECURITY BULLETIN 19 April 2019 Threat Level’s explained

Documents
weather WEEKLY WEATHER AND CROP BULLETIN · 2018. 12. 11. · 6 weekly weather and crop bulletin october 30, 2018 number of days average maximum average minimum extreme high extreme

weather WEEKLY WEATHER AND CROP BULLETIN · 2018. 12. 11. · 6 weekly weather and crop bulletin october 30, 2018 number of days average maximum average minimum extreme high extreme

Documents
Weekly Bul Weekly Bulletin

Weekly Bul Weekly Bulletin

Documents
Idox Information Service Weekly Bulletin No 1129 08 Nov 2018 · Idox Information Service Weekly Bulletin No 1129 08 Nov 2018 Our weekly bulletin contains a selection of research reports,

Idox Information Service Weekly Bulletin No 1129 08 Nov 2018 · Idox Information Service Weekly Bulletin No 1129 08 Nov 2018 Our weekly bulletin contains a selection of research reports,

Documents
Idox Information Service Weekly Bulletin No 1126 18 Oct 2018 · Idox Information Service Weekly Bulletin No 1126 18 Oct 2018 Our weekly bulletin contains a selection of research reports,

Idox Information Service Weekly Bulletin No 1126 18 Oct 2018 · Idox Information Service Weekly Bulletin No 1126 18 Oct 2018 Our weekly bulletin contains a selection of research reports,

Documents
20120618 weekly bulletin

20120618 weekly bulletin

Documents
20120716 weekly bulletin

20120716 weekly bulletin

Documents
ETHEKWINI WEEKLY BULLETIN - Durban 2018/Weekly Bullet… · 2 ETHEKWINI WEEKLY BULLETIN ISSUE 108 A NUMBER of potential initiatives to empower eThekwini residents as well as possible

ETHEKWINI WEEKLY BULLETIN - Durban 2018/Weekly Bullet… · 2 ETHEKWINI WEEKLY BULLETIN ISSUE 108 A NUMBER of potential initiatives to empower eThekwini residents as well as possible

Documents