Week in Security: Game over in Korea, cellphone snoops and phishy Bitcoins

Gamers and cellphone users were targeted by criminal groups around the world in our security news this week – with results varying from slightly eerie surveillance towers, to a gigantic data breach in which 220 million records were traded. The former were struck with a series of irritating service outages caused by a hacktivist group, plus a data breach of enormous proportions, which swept up half of South Korea’s population in a scam designed to steal virtual money and goods.

Cellphone users were left looking over their shoulders as a security news report highlighted the sale and use of tools which could track a user with high accuracy from town to town and even to other countries – and these tools are being bought not only by oppressive regimes, but by gangs.

Even more disconcerting was the discovery of at least 17 ‘fake’ cellphone towers which hacked into nearby handsets to either eavesdrop, or install spyware. The fake towers, found, oddly enough, by a company which markets handsets immune to such attacks, were found throughout America – with one, puzzlingly, in a casino….

Meanwhile, POS malware continues to multiply, and a new phishing attack highlighted how social engineering can strike anyone…

Security news: Half of South Korea breached

By anyone’s standards, it was a massive data breach - involving 27 million people, half the population, and 220 million private records changing hands. It also highlighted just how much South Korea loves playing games, as it hit adults and children alike – the breach targeted registration pages and passwords for six online gaming sites, with the aim of selling game currency and virtual goods.

The breach affected 70% of the population between the ages of 15 and 65, according to Forbes.

The sixteen hackers who were jailed had used 220 million items of personally identifying information, with the goal of breaking into online game accounts. A 24-year-old man, surname Kim, bought these records from a Chinese hacker he met in another online game in 2011, according to the Korea JoonGang Daily.

Kim and his associates are thought to have used a hacking tool known as an “extractor” to log in to accounts and steal virtual currency to and items to sell – earning in the process 400 million won ($390,919).

1,000 U.S. firms infected with credit-card-stealing POS malware

An official warning issued this week highlighted the rise and rise of malware targeting point-of-sale systems in retail outlets, with the goal of stealing credit card details – with Secret Service operatives warning that one particular strain had infected a vast number of American firms.

The United States Computer Emergency Readiness Team issued a statement saying that the “Backoff” malware was rife in U.S. businesses, taking over administrator accounts and removing customer data from several hundreds of companies. Their information was based on Secret Service estimates, after conversations with POS software vendors in America.

ESET Malware Researcher Lysa Myers says, “Malware attacks on Point of Sale (PoS) systems are coming thick and fast right now.”

Myers offers a detailed guide for businesses concerned that they may be being targeted with POS malware.

Cellphone users targeted by cyber-snoops

Cellphone users, you may be being watched - by a surveillance industry which one privacy group claims is worth $5 million a year.  This week saw an in-depth report into the export of equipment  which can track the movements of anyone carrying a cellphone – from town to town and even into other countries.

It also saw the discovery of “fake” cellphone towers known as “interceptors” in active use on U.S. soil, according to Popular Science. The technology is known, but expensive, and it’s unclear who is operating the towers, or why.

High-end surveillance technologies which penetrate networks to track users are freely on sale not only to oppressive regimes, but also to criminal gangs, according to a report by the Washington Post.

Third-party surveillance apps are, of course, widely available which allow suspicious spouses and more nefarious individuals to track the owner of a phone by surreptitiously installing and hiding such an app. Such ‘domestic spyware’ is often involved in domestic violence cases.

The gear used by oppressive regimes is of a higher level altogether. “Surveillance systems are secretly collecting these records to map people’s travels over days, weeks or longer, according to company marketing documents and experts in surveillance technology,” the Washington Post reports.

“The capabilities of surveillance technology have grown hugely in the past decade – in the hands of a repressive regime, this equipment eradicates free speech, quashes dissent and places dissidents at the mercy of ruling powers as effectively as guns and bombs, if not more so,” Privacy International says in its report.

Game Over, man! PSN taken down, other networks under attack

A new hacktivist gang disrupted and brought down several gaming services this week, including Sony’s PSN network, and the Twitch gamer-TV service, which returned only after presenters Tweeted photographs of themselves with the group’s name written on their foreheads.

Most of the attacks were basic denial-of-service attacks, and no information was lost during Sony’s network outage. The FBI took an interest when a reported bomb threat by the same group caused the diversion of a flight carrying a Sony executive, according to Reuters report.

Sony summed up in a blog post, “The networks were taken offline due to a distributed denial of service attack. We have seen no evidence of any intrusion to the network and no evidence of any unauthorized access to users’ personal information.”

It is as yet unclear what the group’s motivation is – with DDoS attacks also aimed at popular PC titles such as Blizzard’s Battle.net, Riot’s League of Legends and Grinding Gear Games’ Path of Exile.

Bitcoin phishing a cryptic success with non-users

How hot is Bitcoin right now? So hot that even non-Bitcoin users are tempted to click on phishing links referring to Bitcoin wallet sites (which they don’t use). The relative success of the attacks shows how social engineering can take many forms – and that clicking on links in ANY unsolicited email is a bad idea.

Previous Bitcoin wallet phishing campaigns usually targeted known lists of Bitcoin users. The new waves of phishing emails were targeted at corporations, rather than those with an interest in cryptocurrency. The tactic has proved a success for the criminals behind it – with nearly 2.7% of victims clicking on the malicious link embedded in the two waves of 12,000 emails.

Proofpoint, which monitored the attack, said that the high success rate proved how much the hype behind the Bitcoin wallet had caught the imagination of the general population.“Unregulated and designed for anonymity, Bitcoin represents an attractive, $6.8 billion target to cyber criminals,” Proofpoint said.

The Register’s John Leyden reported, “This high click-through rate is a concern because crooks could easily switch from Bitcoin scams to targeting curious users with DDoS malware, remote access Trojans, corporate credential phish, or other threats.”

Some things, of course, don’t change: the emails took the form of a classic “account warning” phishing email, just using a Bitcoin site instead of a bank.

Author Rob Waugh, We Live Security

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.