Salted Hash Rehashed: The weekly news recap for April 30, 2016

Welcome to the weekend!

SWIFT attacks, Ransomware, Daesh hackers, and Doxing are just some of the topics in this week’s report covering news and items of note for the week of April 30, 2016.

Today marks the first post for Salted Hash Rehashed, a weekend recap of the week’s news and other items of note in the security world. Clips listed here will include items posted on Salted Hash, CSO Online, or any other website where something interesting turned up.

Bangladesh Bank attackers used custom malware that hijacked SWIFT software

The crooks who stole $81 million from Bangladesh’s central bank likely did so by using custom malware designed to target SWIFT (Society for Worldwide Interbank Financial Telecommunication) transaction software. The custom malware deleted transaction records and printed out altered SWIFT confirmation messages.

SWIFT banking network warns customers about multiple attacks

Shortly after news of the attacks hit the wire, SWIFT issued a warning this week about “a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages.”

The warning suggests that the Bangladesh Bank incident was just one small part of a much larger problem. To address this, SWIFT pushed a software update to address the custom malware toolkit used during the Bangladesh attack.

Pro-Daesh hackers: More bark than bite, lacking in skills and resources

Earlier this week, a report from Flashpoint singled out the “United Cyber Caliphate” – or rather, the groups of pro-Daesh (al-dowla al-islaamiyya fii-il-i’raaq wa-ash-shaam, a.k.a. ISIS/ISIL) hackers who joined forces to create it.

The problem is, together or alone, these groups are fragmented and they operate unofficially with little to no operational funding. Yet, the threat they pose to banking, media, and government entities shouldn’t be dismissed out of hand.

On the research front, Dr. Krypt3ia has uncovered two additional Daesh Caliphate websites on the Darknet. If these websites are any indication of skill within the groups, they’re off to a bad start (which is a good thing).

In related news, the U.S. Cyber Command has officially started launching network-based attacks against assets maintained by ISIS.

“The goal of the new campaign is to disrupt the ability of the Islamic State to spread its message, attract new adherents, circulate orders from commanders and carry out day-to-day functions, like paying its fighters,” the New York Times reported.

Malvertising: Exploit Kit pushes Ransomware to Android devices

Malicious ads are to blame for a recent Ransomware attack on Android devices discovered by researchers at Blue Coat Labs. The Ransomware is being delivered thanks in part to the Towelroot exploit, which is sent along with a previously leaked Hacking Team exploit.

The attacks are aiming for the 4.x branch of Android. According to stats taken from devices running the latest version of the Google Play app, 59.6 percent of the Android devices in the hands of consumers are running version 4.4 or lower.

Website offers Doxing-as-a-Service and customized extortion

A website on the Dark Web, Ran$umBin, is offering to store collected Dox and hold it for ransom. If the ransom is paid, the submitter collects most of the payment – minus the website’s cut and a payment-processing fee. In addition, the website will also collect Dox, with service fees depending on the amount of information being collected.

Examining the leaked passwords and PINs from Qatar National Bank

A data breach at Qatar National Bank exposed personal and financial records. Among them were customer passwords and PINs. Salted Hash examined the leaked credentials, and determined that some people have a fondness for certain numbers, and that even those accused of being spies have problems creating secure passwords.

Toy maker’s website pushed growing CryptXXX ransomware threat

The website for U.S. toy maker Maisto was hijacked this week and used to push Ransomware. As luck would have it, the Ransomware being delivered (CryptXXX) has a flaw – one that enabled Kaspersky to develop a decryption tool.

Georgia husband and wife plead guilty to their role in the Get Transcript data breach at the IRS

According to the U.S. Department of Justice, a husband and wife team have pled guilty to abusing the Get Transcript application developed by the IRS. The 2015 Get Transcript breach at the IRS compromised more than 700,000 taxpayer records. The couple managed to steal at least $250,000 before being caught.

Windows 10 Upgrade nag screen takes over a weather report

This is just amusing. Earlier this week, a Windows 10 nag screen covered most of the map during a live weather report on KCCI in Des Moines, Iowa. You can watch the video here.

All next week, if you come across a blog post or news item, or perhaps just something amusing, and you think should be shared on Rehash,  feel free to email me a link. General corporate news and product-based items are the only exemptions.