The top 3 Security & Privacy threats November 20173 min read

30/Nov/2017

TERDOT – Based on the 2011 ZeuS source code.

The Terdot trojan based on the ZeuS source code has been active since mid-2016 and is capable of stealing browsing information, injecting an HTML code in visited web pages and operating an MITM proxy.

It has been found that the highly-customised Trojan can also eavesdrop on and even modify traffic on most social media and email platforms. The malware also has automatic update capabilities that allow it to download and execute any files as requested by its operator. This essentially means the malware can develop new capabilities on the go as well. The trojan roots itself in many places so is also notoriously difficult to remove.

Like most malware attacks, Terdot also begins with a phishing email that appears to contain a PDF file. However, clicking on that file executes the JavaScript code to download and run the malware on the disk. To evade detection by security software, the malware downloads the malware in pieces using common and legitimate software to cloak as well as to spread its reach using tools such as the Sundown Exploit Kit. The trojan seems to target banking applications and traffic specifically as well as social media.

MacOS Security Flaw

The MacOS operating system used by Mac’s across the world were found to be vulnerable as a flaw in macOS High Sierra was discovered on Tuesday 28 November 2017 that allows root access to a Mac without the need for a password. This vulnerability allows anyone to adjust settings on the target Mac just by entering root as the user name – no password is required.

For example, the user could access your Security & Privacy settings in System Preferences, enter root as User Name, without any need for a password, and gain all the administrator rights. Allowing them to change the user password, change your settings for downloading applications and more, the first time they attempt to log in, it won’t work, however if they keep trying eventually they will be granted access eventually after a few attempts.

The flaw was patched and available on Apple’s website within 48 hours, although the update was not pushed out automatically until a few days later.

The MacOS update version affected was High Sierra, 10.13.0 although, when High Sierra, 10.13.1 was released it was found the patch had been reverted back so that the OS was again left vulnerable, this again could be patched with the previous file provided by Apple however it was not made clear for the patch to become effective a reboot was required.

Black Friday online seasonal scams

Although lack Friday is mainly a US tradition of the Thanksgiving holiday weekend, Black Friday has been adopted in the UK by many retailers who heavily discount goods to kick start the Christmas shopping season.

The surge of bargain hunters seeking good deals on the high street and online inevitably attracts criminals looking to exploit this seasonal activity by setting up phishing sites.

Last year, victims reported losing nearly £16 million to Christmas shopping fraudsters, increasing from £10 million lost the year before. Responding to Action Fraud reports over last year’s festive period, the City of London Police requested the suspension of 658 websites, emails addresses and telephone numbers that fraudsters were using to commit their crimes.

The City of London Police have put up online awareness training to try and educate people to think before they buy online to verify the source of the products.

Author: Taran Ranger, CyNation

United Kingdom

contact@cynation.com

+44 020 3190 5000

The Rain Cloud Victoria
76 Vincent Square
London, SW1P 2PD

Netherlands

contact@cynation.com

+31 6 2535 2005

The Hague Security Delta
Wilhelmina van Pruisenweg 104
2595 AN Den Haag

Newsletter Signup

%d bloggers like this: