The Story Behind the Breach at Target, Inc.

Businessweek.com has written an in-depth article and posted a video explaining how Target Stores were breached and their systems infected with malware, leading to one of the biggest data thefts in retail history. According to the investigation conducted after the discovery of the theft, Target employees failed to respond to several alerts made by their security system, provided by FireEye. Had Target security staff responded appropriately to the alarms, they could have prevented the transmission of the stolen credit card data.

Even without human intervention, the breach could’ve been stopped, according to the article. “The system has an option to automatically delete malware as it’s detected. But according to two people who audited FireEye’s performance after the breach, Target’s security team turned that function off.” While not unusual, it puts pressure on a team to quickly find and neutralize the infected computers.

It was clear, according to the article, that Target was getting warnings of a serious compromise; even the company’s antivirus system by Symantec, identified suspicious behavior over several days around Thanksgiving – pointing to the same server identified by FireEye.

Read the full story on Businessweek.com

OUCH! Newsletter: What is Malware?

This month’s issue of OUCH!, the monthly security awareness newsletter for computer users from SANS, explains what malware is, who is developing it and why and how to protect yourself against it.

You can download or view a copy online here:

http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201402_en.pdf

Beware Your Chrome Extensions

googleAd vendors can buy Chrome extensions (the plug-ins that enhance the browser’s capability) to send adware and malware-filled updates, according to Ars Technica. Ownership of a Chrome extension can be transferred to another party and users are never informed when an ownership change happens. Malware and adware vendors caught wind of this, and have started showing up at the doors of extension authors, looking to buy their extensions. Once the deal is done, the new owners can issue an ad-filled update over Chrome’s update service, which sends the adware out to every user of that extension.

To remove the adware, the user must disable the extension:

  • In Chrome on a Mac, select Window > Extensions, then uncheck the box next to “Enabled.”
  • In Chrome on Windows, select Settings > Extensions, then uncheck the box next to “Enabled.”

Read the full story online.

Widespread Attacks on Online Bankers Predicted

Kaspersky Lab has recorded several thousand attempts to infect computers used for online banking with a malicious program (a Trojan called Neverquest) that its creators claim can attack “any bank in any country.” The Trojan uses every trick to bypass online security banking systems, including web injection, remote system access and social engineering. Due to the Trojan’s self-replication capabilities, Kaspersky Lab is warning that a sharp rise in attacks can be expected, resulting in financial losses for users all over the world.

Read the full story online.

Monthly Sophos Reports

Each month, IS&T is able to track via Sophos Anti-Virus the top 10 most dangerous malware that is accessing or trying to access the computers on the MIT network.

Learn more about the monthly Sophos reports, what they can tell us, and how they can help us.

Android Malware Spreading Through Mobile Ads

Malware targeting Android devices has been found to be spreading through mobile advertisement networks. Many developers include advertising frameworks in their apps to help boost profits. Advertisements in mobile apps are served by code that is part of the app itself. An attack scheme in Asia involved a rogue ad network pushing code onto devices. When users download and install legitimate apps, the malware prompts users to approve its installation, appearing to be part of the process for the app they have just downloaded.

Learn more in the news.

How to protect your Android device at MIT.

Sophos Replaces McAfee at MIT

There has been quite a bit of activity recently to improve information security at the Institute. One such effort, initiated by Information Services & Technology, is aimed at providing the MIT community with a new malware protection product. After several months of testing, Sophos Anti-Virus was selected by IS&T as the best solution.

As of July 1, you can download Sophos to a Mac, PC or Linux machine; documentation on installing and using Sophos has been added to The Knowledge Base.

Sophos is replacing the malware protection products by McAfee. One of the most important differences between the two is that Sophos comes with console management, which provides IT administrators with some useful intelligence, including notifications when malware has been detected on machines. The software has also shown to run more quietly (and almost invisibly) in the background.

Please contact the IS&T Help Desk for any questions or concerns.

NetTraveler Espionage Malware

Malware known as NetTraveler has infiltrated more than 350 companies in 40 countries over the past eight years, according to researchers at Kaspersky Lab. The victims of the malware include organizations in the energy industry, military contractors, scientific research facilities and universities.

The malware harvests data, logs keystrokes, and gathers file system listings and Office and PDF documents. The malware gains a foothold in targeted organizations through spear phishing campaigns and exploits a pair of known vulnerabilities in Microsoft Word. Fixes for the flaws were released in 2010 and 2012.

Read the full story in the news online.

Hackers Exploiting Recent Breaking News Stories

Unfortunately, despite all the positive that can come out of a horrendous situation, there can also be some disturbingly negative responses. Cyber criminals were once again taking advantage of last week’s news stories to spread malware.

The criminals are using the population’s interest in finding information related to the Boston Marathon bombing and the explosion at the Texas fertilizer plant to catch you unawares. Links to videos on YouTube may seem harmless enough, but the web page attempts to suck in malicious content from another site, designed to infect your computer (see examples here and here).

The advice is to be careful when going online to search for information relating to news breaking events. Be sure to visit your regularly trusted news sources so that you can avoid web pages that contain malware and be sure to delete email messages from unknown sources that claim to have the latest news on the events.

Who Updates Your Android?

A call has been made for legislators to get involved with making carriers more responsible for issuing updates to Android mobile devices or to cede control to Google. Activist Chris Soghoian says the “situation is worse than a joke, it’s a crisis.” Some devices are 16 months behind with receiving updates.

Android malware has skyrocketed over the last 12 months. Researchers at Kaspersky Lab said that 99 percent of mobile malware detected monthly was targeting Android. The most prevalent are SMS attacks that run up premium calling charges.

While Google is staying up on patching vulnerabilities, these patches are not making it to the consumers, says Chris Soghoian.

Read the full story online.

Follow

Get every new post delivered to your Inbox.

Join 54 other followers