0861 00 JTWO (5896)

Cyber Security 6th - 10th March Weekly Briefing

This week; its short, its sweet, but not less deadly, new dogs with old tricks and new tricks with old dogs:

Social Engineering campaign is targeting Santander corporate customers in Brazil

Created: 2017-03-09 21:38:53

Distracted users mistyping the first “n” when accessing www.santanderempresarial.com.br are subject to banking credentials theft and a very convincing phone call from a pretended Santander’s attendant. The call’s reason? To collect the victim’s OTP Token combination and proceed with previously prepared fraudulent. This is the exact scenario we witnessed this week during an incident response procedure and that is detailed in this diary. In the end, I bring considerations and reflections on OTP Tokens effectiveness as a second factor authentication solution.


Crypt0l0cker (TorrentLocker): Old Dog, New Tricks

Created: 2017-03-08 19:44:40

Ransomware continues to be a plague on the internet and still sets itself as the fastest growing malware family we have seen in the last number of years. A newly observed campaign of the notorious Crypt0l0cker (aka TorrentLocker or Teerac) ransomware. Crypt0l0cker has gone through a long evolution, the adversaries are updating and improving the malware on a regular basis. Several indicators inside the samples we have analysed point to a new major version of the malware. We have already seen large campaigns targeting Europe and other parts of the world in 2014 and 2015. It seems to be that the actors behind these campaigns are back now and launching again massive spam attacks.


From Shamoon to StoneDrill

Created: 2017-03-06 18:36:02

We are seeing the infamous Shamoon worm that targeted Saudi Aramco and Rasgas back in 2012 rear its ugly head again. Also known as Disttrack, Shamoon is a highly destructive malware family that effectively wipes the victim machine. A group known as the Cutting Sword of Justice took credit for the Saudi Aramco attack by posting a Pastebin message on the day of the attack (back in 2012), and justified the attack as a measure against the Saudi monarchy.