Operation Cleaver, FIN4, Regin, and Sony Breach

Now that cyber attacks have gone primetime, every week is filled with new information security (infosec) news, leaving administrators little time to catch up. If you’re falling behind, let our weekly video summarize the biggest security news for you.

No vacation goes unpunished.

Unfortunately, skipping last week’s video due to holidays resulted in missing a week of pretty important security news, and those revelations continued this week. In result, this weeks video covers four security stories, and is much longer than normal. The theme for the week—advanced attack campaigns and breaches.

To make thing easier, I share specific video links to each individual story below. If you don’t want to watch the whole thing at once, use the links to skip to the topics you care about. Otherwise, click play below to catch up on two weeks of infosec news, and check out the Extras section for links to many other stories.

• Operation Cleaver: Is it Iran’s Stuxnet payback? (1:16)
• FIN4: Phishing scheme to affect stock trades (3:11)
• Regin: Sophisticated new spying malware (7:33)
• Sony Pictures Breach: All Sony’s base belong to #GOP (14:14)

(Episode Runtime: 22:20)

Direct YouTube Link: https://www.youtube.com/watch?v=NX4fvTqJHWE

EPISODE REFERENCES:

• Cylance’s Operation Cleaver report [PDF] – Cylance
  • Is Operation Cleaver Iran’s “payback” for Stuxnet? – Forbes
• FireEye’s FIN4 report [PDF] – FireEye
  • Article describing the FIN4 Wall Street phishing scheme – BGR
  • Indicators of Compromise (IoC) for FIN4 – GitHub
• Regin: Sophisticated new APT
  • Symantec’s report on Regin APT [PDF] – Symantec
  • Kaspersky’s report on Regin APT [PDF] – Securelist
  • Was Regin part of the Belgian ISP hack? – Firstlook
  • Some believe Regin is NSA & GCHQ malware – Mashable
• Sony Pictures Breach
  • Initial Reddit post about alleged Sony Pictures breach – Reddit
  • Was Sony breach insider assisted attack? – The Verge
  • Sony breach exposed much more data than initially thought – KrebsonSecurity
  • Malware related to Sony breach found – Packetninjas
  • Movies leaked after Sony breach – Neowin
  • Was Sony breach done by North Korea? – Bloomberg
  • Sony breach keeps getting worse – Gizmodo
  • FBI warns of wiper malware, may be related to Sony Breach – TrendMicro

EXTRAS:

• Don’t forget Microsoft Patch Day is coming. Seven updates – Computer World
• Canadian government sites DDoSed after the arrest of a teenaged SWATer – Vice
• Interview with the Craigslist hacker (web redirect) – SlashGear
• FBI flash warning about destructive malware attacks (related to Sony?) – Dark Reading
• Cyber threats are affected holiday purchasing behaviour (both online and at stores) – Help Net Security
• New PoS malware kit (LusyPOS) sold on underground for $2K – Network World
• IBM fixes critical EndPoint Manager RCE vulnerability – ThreatPost
• OpenVPN fixes server-side DoS Vulnerability – OpenVPN
• Add US parking garage operators to the list of PoS malware victims – The Register
• Xbox Live went down last weekend, Lizard Squad takes credit for DDoS – PC Mag
• An update to Adobe’s recent Flash Update – Adobe
  • Color around why Adobe had to do this quick update – The Register
  • Microsoft IE users need this new Flash update too – Microsoft
• It seems many of use don’t really care about our online security – Slate
• Digital Video Recorder suffers from RCE vulnerability – ThreatPost
• Subway PoS hacker sentenced – Network World
• Lots of potential 0day found in Windows Journal (no exploit code) – PasteBin
  • Technical blog post that inspired the research (only for InfoSec geeks) – Beyond Trust
• The Uber app sure has a lot of access to data on your mobile – GironSec Blog
• An e-cigarette allegedly the vector for malware – The Register
• Be wary of attackers exploiting PowerShell via XSS – PCPro
• Major, account-hijacking PayPal XSS, but it’s fixed – Yasserali Blog
• Microsoft calls for international anti-hacking laws – CBR Online
• Watch out for pre-infected smart phones (DeathRing) – Computer Weekly
• Only one in three computers use antivirus – Information Week
• Detekt helps you find nation state surveillance tools on your PC – Computer World
• Craigslist DNS temporarily hijacked (prank?) – Ars Technica
• Add BeBe Stores to the list of breached retailers – Krebs on Security
• The DoJ is adding a unit to protect citizen’s from hacks – Re/code
• US Senator trying to block FBI from power to backdoor software – The Verge
• 70 Chinese nationals held for cyber attacks in Kenya – Reuters

— Corey Nachreiner, CISSP (@SecAdept)

You Can Learn More About the WatchGuards’ Product Line By Going to www.FirewallShop.com/WatchGuard.

The original article/video can be found at Sony Breach & More – WSWiR Episode 131