#CyberFLASH: RawPOS Point-of-Sale Malware Checks in to Hotels and Casinos

NYBZ120-15_2013_124926_highSecurity researchers have shed new light on seven-year-old point-of-sale (POS) malware still being used today, most recently to attack casinos and resort hotels.

RawPOS was first spotted in a Visa Data Security alert in 2008 and has been used repeatedly with success by cyber-criminals in order to steal valuable magstripe data from victims in the United States, Canada, Europe, the Middle East, and Latin America.

As such, it may have been “instrumental to previous credit card breaches documented and not previously attributed to this particular PoS threat,” Trend Micro claimed in a blog post.

RawPOS features a three-stage modular design.

The first is designed for persistence, installing the malware and ensuring its memory dumper and file scraper are launched.

The second features two memory dumpers: “one generic dumper that can be called to dump a specific process, and another dumper that is designed for specific processes that target specific PoS applications.”

This generic dumper element is time-sensitive, so that if an attacker isn’t able to return to the target environment a month after compile time, it will stop all suspicious activity, making dynamic file analysis difficult, Trend Micro claimed.

The file scraper parses the dumped files from the memory dumper, scrapes the credit card data and encodes the dumped data.

The modular design means attackers can tailor the threat according to target environments, Trend Micro said.

Read more here



The Canadian Radio-television and Telecommunications Commission (CRTC) announced today that by working with a small Saskatchewan business, it has stopped malicious spam messages from being sent to Canadians. Millions of spam messages were unknowingly being sent from a server owned by a Saskatchewan-based computer reseller.

In July 2014, the Spam Reporting Centre received reports of spam messages routed through Access Communications, an Internet service provider (ISP). During its investigation, the CRTC discovered that the spam messages were actually coming from a small business’s server, which used Access Communications as its ISP. This business’s server had become infected with malware, which had caused it to join the botnet “Ebury.” It is estimated that the infected server had sent millions of malicious spam messages without the business’s or Access Communications’ knowledge.

Once alerted to the situation by the CRTC, the small business and Access Communications fully cooperated and removed all traces of the malware.

Read more here

#CyberFLASH: What it takes to fight a global war against cyber criminals


On one sunny day in early June, Ottawa had more than 4,200 computers infected with a botnet called ZeroAccess. Another 2,244 were infected with Citadel, software that steals bank account information. The computer worm Conficker was working its way into 841 computers in the city, while 213 were running ransomware called Gameover Zeus, software that allows a hacker to basically blackmail a computer user by locking the user out of their machines unless they pay a fee.

In a city of a million people, the low number of infected systems was impressive, especially compared with more populous areas in Asia, which were reporting millions upon millions of infected systems that day. Canada in general fares pretty well: Fewer than 14 per cent of computers in the country reported the need to block the installation of malicious software during the last three months of 2013, while in places such as India and Vietnam as many as 50 per cent of computers do.

Read more here

#CyberFLASH: Hacker took $83K Bitcoins : cyber experts


Scientists with a cyber security firm say they have uncovered that a hacker used access to a Canadian Internet provider to hijack large foreign networks, stealing more than US$83,000 in virtual currency.

The U.S.-based Dell SecureWorks says the hacker operated between February and May this year.

Joe Stewart, director of malware research at SecureWorks, said the hacker targeted firms that hosted servers generating virtual currencies such as Bitcoin — including Amazon in the U.S. and OVH in France — and redirected some activity.

“We were able to track the origins to a Canadian ISP,” he told The Canadian Press from Las Vegas, where he was attending a computer security conference.

“Someone had access to a router at that ISP. It had to be someone who managed to hack into that router and gained administrative rights, or someone who already had access.”

Read more here

#CyberFLASH: RCMP shuts down servers in Russian cyber-crime crackdown


As part of a major crackdown in a dozen countries against Russian cyber-criminals, the RCMP has shut down two computer servers in Montreal that were part of a network that extorted millions of dollars from businesses and consumers.

The operation disrupted malicious software called Gameover Zeus (GOZ), which has infected up to a million computers around the world and caused losses of more than $100-million (U.S.).

Also known as GOZeus, the malware steals banking credentials, impersonates legitimate websites and infects computers with CryptoLocker, a ransomware that blackmails victims by locking down their hard drive until a payment is made.

On Friday, the RCMP seized two servers in Montreal in co-ordination with a two-and-a-half-year operation initiated by the U.S. Federal Bureau of Investigation.

According to an FBI affidavit filed in Pittsburgh, key servers in the CryptoLocker infrastructure were located in Canada, Ukraine and Kazakhstan.

Read more here

#CyberFLASH: Canada to battle cyber attacks


Canada needs to step up its fight against cyber attacks that increasingly threaten national security, Industry Minister James Moore said in Calgary Monday.

Ottawa plans to do just that as part of a wide-ranging, $900 million upgrade and expansion of Canada’s digital capacity, he said.

“It’s a serious threat to our networks, to our security,” Moore told the University of Calgary’s School of Public Policy.

He said 150,000 pieces of malware attack Canadian computer systems daily in actions that include espionage

In recent meetings with a diversity of world leaders, Moore said he’s heard a common refrain.

“With every single one of them, the subject comes up,” he said.

Some of those targeting Canada’s public and private networks are state actors, others non-governmental

Read more here

#CyberFLASH: Smartphones becoming prime target for criminal hackers


Cybersecurity analysts say nefarious forces are increasingly turning their attention to the most personal computer you own, the one you carry everywhere and trust with some of your most sensitive secrets – your smartphone.

 “Over the last two years or so, we have seen a huge influx” in the number of hackers targeting smartphones, says Roel Schouwenberg, principal security researcher for Kaspersky Labs, a well-known anti-virus firm. 

 Because these devices carry so much of our personal and financial information nowadays – to the point where many of us treat them like digital wallets – hackers are finding ways to gain unauthorized access to them.

 Most phones have little in the way of security and anti-malware protection. Given the right opportunity, malware creators can breach our email and contacts lists, monitor highly personal communications and capture vital data such as the password we type into our mobile banking app.

Read more here

#CyberFLASH: Pressure’s mounting for IT departments: Trustwave


IT professionals are feeling more under pressure than ever, thanks to a wave of security threats, high expectations from executives, and new technologies entering the workplace, according to a new survey from security solutions provider Trustwave Holdings Inc.

Comparing 2013 to 2014, 58 per cent of respondents said they feel more pressure to ensure their companies are secure. The survey polled 833 IT decision-makers in Canada, the U.S., the U.K., and Germany. While the bulk of the survey’s respondents were based in the U.S., 101 of them were from Canada.

Within Canada, the number of respondents feeling more pressured was a little lower, at 54 per cent. But for many of the Canadian respondents, there were still serious concerns around possible threats, the biggest one being malware and advanced persistent threats among 63 per cent of those polled.

Read more here


© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.