1©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential. This document and the contents therein are the sole property of CYREN and may not be transmitted or reproduced without CYREN’s express written permission.

Always Ahead of the Threat

... with CYREN Security Blog

22

October Highlights

• Shellshock vulnerability exploded on to the scene and exploitation of another vulnerability known as Sandworm

• Recent Home Depot breach used in phishing scam

• As well as some usual suspects: WordPress vulnerability major player in phishing story, simple yet sophisticated password stealing and Android malware that locks the phone but doesn’t request a ransom

3

A Little Phishing Story

“Cybercriminals are now using the Fabtrol content management system to place automated software; in the foreground the Fabtrol system appears to run normally; in the background cybercriminals are using the Fabtrol content management system to collect the phishing script data entered by unsuspecting Amazon.de victims.”

4

Shellshock‘s Payload Leads to Malware

“By simply sending a malformed request to the Web server, an attacker can cause Bash to execute any command allowed based on the system permission. In other words, Bash makes hacking into a vulnerable website rather easy. Hacked servers can then be used as DDOS or spam zombies or could hide phishing, malware, or spam pages. “

5

Home Depot Breach Results in First Phishing Scam

“The email takes an insidiously effective approach, reminding customers of the Home Depot breach and advising them to regularly check their online accounts for suspicious activity. Of course, the login link provided takes consumers to a phishing address.“

6

Web Security in Asia and Pacific

“Today, employees work remotely and globally, using laptops, smart phones, and tablets. Data is at their fingertips, delivered on-demand via cloud computing. In fact, more than half of the world’s mobile subscribers are located in the Asia Pacific region and Asia-Pac is anticipated to remain one of the world’s fastest growing mobile markets through 2020 and beyond.“

7

Malicious Use of Freely Available Password Recover Tools

“With the readily available and easy access to these so-called Network Admin / Forensic Tools, and by just using simple scripts, anyone with malicious intent will be able to easily steal any users Email and Website accounts and passwords.“

8

Weaponized by Sandworm“It appears that the Sandworm group has weaponized a dangerously exposed zero-day vulnerability (also known as Sandworm) CVE-2014-4114 (MS14-060) that exists in the Object Linking and Embedding (OLE) package manager in Microsoft Windows and Server to launch their campaign.”

9

Wipelocker: Obey Or Be Hacked!

“[…] the Trojan then sends multiple SMS messages to every single contact in the user’s phone book every 5 seconds. The messages that the Trojan sends is HEY!!! “Name of contact” Elite has hacked you. Obey or be hacked"

10

Visit the CYREN Security Blog for more details and watch out for upcoming articles on the latest trends in malware, spam and phishing

www.blog.CYREN.com