Weekly Executive Summary Week Ending July 8, 2016
By Joseph Lorenz on July 8, 2016
Targeted Industries
- Retail
- Bar and Restaurant
- Food and Beverage
- Software
- Information Technology
Active Threats
- Anonymous
- Patchwork
- OurMine Team
- Chinese APT groups (generic)
- Lizard Squad
Major Events
- Encryption Bypass Vulnerability Impacts Half of Android Devices
- Over 1,000 Wendy’s Restaurants Hit by PoS Malware
- New Mac OS X Backdoor Disguised as Document Converter App
- Chinese Ad Firm Raking in $300K a Month Through Adfraud, Android Malware
Conclusions
Qualcomm’s mobile processor that’s used in 60% of Android mobile devices, has a critical flaw that can allow an attacker to crack the devices full disk encryption(FDE). Although 10% of these Android devices that contain the processors are not vulnerable to this type of attack. Researchers at Duo labs said that the vulnerability is due to Android’s problem-plagued media server component mixed with a security hole in Qualcomm’s Secure Execution Environment(QSEE), and together these vulnerabilities could allow anyone with physical access to the device to bypass the full disk encryption. This vulnerability was discovered by Gal Beniamini of Duo Labs and it builds off of a previously unpatched vulnerability (CVE-2016-2431) in Google’s media server component. This attack requires pre-existing unpatched mediaserver vulnerabilities to be present, it then may allow an attacker to perform brute force password attacks against full disk encryption.
Source:Encryption Bypass Vulnerability Impacts Half of Android Devices
Fast food restaurant chain Wendy’s point-of-sale systems have been compromised at over 1,000 locations across North America. The malware was used to steal customer credit card data such as cardholder names, credit/debit card numbers, expiration dates, and service codes. The company isn’t releasing the name or variant of the PoS Malware used to compromise the systems, but it is working tirelessly with third-party forensic experts and law enforcement on the investigation. The malware was discovered in February, though the company’s systems were compromised sometime last year. The investigation into the incident has revealed that a remote access tool(RAT) was installed on PoS systems, but Wendy’s said that the malware has been disabled on all of the systems it has been discovered on. If a customer believes they have been affected by the breach, they should visit this published list of affected restaurants along with relevant timeframes of risk for each location. Various other companies have experienced similar breaches recently including restaurant chain Noodles & Company and Hard Rock Hotel & Casino Las Vegas, who have found card scraping malware on its card payment systems.
Source:Over 1,000 Wendy’s Restaurants Hit by PoS Malware
Researchers at Bitdefender have discovered a new and highly dangerous piece of Malware that targets Mac systems/users which is known as “Eleanor”. Users get infected after they download and run EasyDoc Converter an application that is supposed to convert documents. Instead, a script runs that searches the system to see if Little Snitch is installed(host-based application firewall for Mac OS X). The malware will open a backdoor on the infected system and allow the master access to it where they can upload files on the system, execute commands and scripts, probe firewall rules, connect and administer databases, send emails, take pictures and record videos with the built-in webcam(using wacaw), and more. A researcher Thomas Reed from Malwarebytes stated that this application is not signed with a certificate which is issued to an Apple developer ID. Reed mentions that this is beneficial because it makes it more difficult for a user to open the application, but unfortunate because a determined user could still open it and because there is no certificate involved Apple cannot kill the application by revoking the certificate.
Source:New Mac OS X Backdoor Disguised as Document Converter App
According to researchers at Check Point a group dubbed Yingmob has been running a malware campaign named HummingBad, which controls 10 million Android devices globally and rakes in $300,000 a month. Yingmob is a side business of a legitimate Chinese advertising analytics firm, they run the campaign alongside the regular operations of the business. The malware was found in February and sets up a persistent rootkit on devices and then carries out adfraud. Most of the users that are using malicious applications that feature HummingBad code are based in China and India, the code sends notifications to Umeng a Chinese analytics firm. The malware displays ads(more than 20 million per day), creates clicks (more than 2.5 million per day), and installs bogus applications (more than 50,000 per day). This results in the company accumulating more than $3,000 a day in clicks, and for each fraudulent application it delivers it gets an additional $7,500 per day.
Source:Chinese Ad Firm Raking in $300K a Month Through Adfraud, Android Malware
Note: The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity.
Mail us at: uhwocscc@hawaii.edu
-
Hackers Steal $500,000 from Australian Super Funds
Hackers Steal $500,000 from Australian Super Funds
4/11/2025 -
U.S. Department of Justice Seizes 8.2 Million in Cryptocurrency
U.S. Department of Justice Seizes 8.2 Million in Cryptocurrency
4/4/2025 -
Interpol Arrests Over 300 for Cyber Crimes in Africa
Interpol Arrests Over 300 for Cyber Crimes in Africa
4/4/2025