Squeeze Volume 13 - Voting, Blockchain, DDoS, Malware, & more!

Welcome to Squeeze, a curated selection of interesting infosec articles from the past week that you may have missed.

Secjuice, Bhumish Gajjar, Mike Peterson

Feb 15, 2020 • 5 min read

Welcome to the 13th edition of the Secjuice Squeeze, where we present a curated selection of (last weeks) interesting infosec articles for your reading pleasure, just in case you missed them! This week's volume compiled by the Secjuice team: Bhumish Gajjar, Mike Peterson, Guise Bule, and Miguel Calles.

Personal info of 6 Mill Israelis leaked by Political Party

The personal information of 6,453,254 Israelis was leaked after the Likud Party uploaded the entire Israeli national voter registry to an application, according to Haaretz.

The leaked information includes names, identification numbers, phone numbers, and addresses. Political parties in Israel receive the information of Israeli voters before the elections and have to protect their privacy and cannot copy, erase or transfer the registry.

Link: https://www.jpost.com/Israel-Elections/Personal-info-of-6m-Israelis-leaked-after-Likud-uploads-voter-info-617048

4 Chinese Military Officers Charged for the Equifax Hack

The U.S. Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans.

DOJ officials said the four men were responsible for carrying out the largest theft of sensitive personal information by state-sponsored hackers ever recorded.

Link: https://krebsonsecurity.com/2020/02/u-s-charges-4-chinese-military-officers-in-2017-equifax-hack/

Puerto Rico govt loses $2.6M in phishing scam

Puerto Rico’s government has lost more than $2.6 million after falling for an email phishing scam, according to a senior official. The finance director of the island’s Industrial Development Company, Rubén Rivera, said in a complaint filed to police Wednesday that the agency sent the money to a fraudulent account.

Rivera said the government agency transferred the money on Jan. 17 after receiving an email that alleged a change to a banking account tied to remittance payments.

Link: https://apnews.com/e03bea7e491b9c95350887880376562f

U.S. Chain Rutter’s Hit by POS Malware

Rutter's, a U.S. convenience store, fast food restaurant, and gas station chain owner, has disclosed today that 71 locations were infected with a point-of-sale (POS) malware that was used by attackers to steal customers' credit card information.

Rutter's disclosed in a Notice of Payment Card Incident published today that it found evidence indicating that some payment card data from cards used on point-of-sale (POS) devices from convenience stores and fuel pumps were accessed by an unauthorized actor using malware installed on the payment processing systems.

Link: https://www.bleepingcomputer.com/news/security/us-store-chain-rutter-s-hit-by-credit-card-stealing-malware/

U.S. Voting App is Vulnerable to Exploit via Blockchain Flaws

A team of security researchers at MIT have discovered critical flaws in a blockchain-based mobile voting app some U.S. states are planning to use in the upcoming elections.

The flaws could allow hackers to use client- or server-side techniques to manipulate or delete someone's vote on the Voatz app, the researchers said. While some states have pulled out of plans to use the app in the upcoming elections, others are still full steam ahead. And this, of course, is only the latest concern about internet-based voting this election cycle.

Link: https://threatpost.com/hackers-can-seize-control-of-ballots-cast-using-the-voatz-voting-app-researchers-say/152883/

Hackers Can Seize Control of Ballots Cast Using the Voatz Voting App, Researchers Say

Phishing Campaign Targeting Mobile Banking Users Spreads to 'Dozens' of Countries

A widespread phishing campaign is attempting to trick potential victims into giving up their bank account access credentials, according to Lookout. As of the writing of this digest, the security firm said about 4,000 unique IP addresses appeared to have fallen for the attack.

While mobile phishing attacks are easily detectable by savvy users, there are plenty of people who still fall victim to them. And with the easy availability of off-the-shelf phishing kits, these new attacks weren't necessarily launched by any sophisticated threat actor.

Link: https://www.zdnet.com/article/this-mobile-phishing-scam-targeted-bank-app-users-thousands-clicked-through/

DDoS Attacks Have Nearly Doubled Last Year

The number of distributed-denial-of-service (DDoS) attacks nearly doubled year-over-year between Q4 2018 and Q4 2019, according to researchers at Kaspersky Labs. Not only were there more attacks, but attacks also lasted longer.

There were a couple of interesting notes aside from that general takeaway, however. Kaspersky noted a trend toward cheaper and shorter DDoS attacks overall. And, going forward, the researchers said they expect attacks to level out.

Link: https://www.darkreading.com/threat-intelligence/ddos-attacks-nearly-double-between-q4-2018-and-q4-2019/d/d-id/1337052

DDoS Attacks Nearly Double Between Q4 2018 and Q4 2019

Peer-to-peer botnets, TCP reflection attacks, and increased activity on Sundays are three DDoS attack trends from last quarter.

Dark ReadingKelly Sheridan

Microsoft Patches Internet Explorer Zero-Day Vulnerability

Some organizations still rely on Internet Explorer as their primary browser. If you are one of them, please apply the February Microsoft updates to patch a vulnerability where a malicious user can remotely log into a machine after successfully exploiting the vulnerability.

Link: https://krebsonsecurity.com/2020/02/microsoft-patch-tuesday-february-2020-edition/