Jan 162017

Danny Palmer reports that trojan malware has been blamed for the cyberattack against Barts Health NHS Trust, which had been noted previously on this site.

The Trust had disclosed that they originally suspected ransomware had infected its system, but had ruled that out. The method of infection is either still not known or they’re not yet revealing it.

The Trust says the malware — not ransomware, as was claimed in some reports — had never been seen before and “whilst it had the potential to do significant damage to computer network files, our measures to contain the virus were successful”.

Read more on ZDNet.

Jan 162017

Ah for the good old days when phishers made such stupid spelling or grammatical errors that their lame attempts were easy to spot.

Mohammed Mohsin Dalla writes:

Through FireEye’s Email Threat Prevention (ETP) solution, FireEye Labs discovered a phishing campaign in the wild targeting the credit card data and other personal information of Netflix users primarily based in the United States.

This campaign is interesting because of the evasion techniques that were used by the attackers:

  • The phishing pages were hosted on legitimate, but compromised web servers.
  • Client-side HTML code was obfuscated with AES encryption to evade text-based detection.
  • Phishing pages were not displayed to users from certain IP addresses if its DNS resolved to companies such as Google or PhishTank.

Read more on FireEye.

h/t, Joe Cadillic

Jan 162017

Jessica Sier reports:

Online fashion house Showpo is suing one of its former graphic designers and fledgling online retailer Black Swallow for reputational damage and loss of sales alleging the woman stole the entire customer database and passed it on to her new employer.

In documents filed with the Federal Court, Showpo claims 24-year-old Melissa Aroutunian exported its 306,000-strong customer database before she left the company in September last year and passed it on to Black Swallow, which it claims then used the list to market itself as an affiliate of Showpo, using similar branding.

Read more on The Age.

Jan 152017

Catalin Cimpanu reports:

Security researcher Michael Gillespie has developed a new Windows app to help victims of ransomware infections.

Named CryptoSearch, this tool identifies files encrypted by several types of ransomware families and provides the user with the option to copy or move the files to a new location, in hopes that a decrypter that can recover the locked files will be released in the future.

Read more on Bleeping Computer.

Jan 152017

Sugata Ghosh & Sangita Mehta report:

Indian banks are waking up to a new kind of cyber attack. Hackers recently infiltrated the systems of three government-owned banks -two head headquartered in Mumbai and one in Kolkata -to create fake trade documents that may have been used to raise finance abroad or facilitate dealings in banned items.

The banks in question discovered that their SWIFT systems -the global financial messaging service banks use to move millions of dollars and documents across borders every day -have been compromised to create fake documents.

Read more on ET Tech.