Search the Community
Showing results for tags 'hacking'.
Found 2 results
JenX Botnet Has Grand Theft Auto Hook Researchers at Radware have discovered a new botnet that uses vulnerabilities linked with the Satori botnet and is leveraging the Grand Theft Auto videogame community to infect IoT devices. Satori is a derivative of Mirai, the notorious botnet that in 2016 infamously managed to take down Dyn, a DNS hosting provider that supports some of the world’s largest websites. The vulnerabilities in question are CVE-2014-8361 and CVE-2017-17215, which affect certain Huawei and Realtek routers, Radware researcher Pascal Geenens said in a blog post. Radware’s inquiry into the botnet led it to a command-and-control server hosted at the site San Calvicie, which offers not only multiplayer mod support for Grand Theft Auto: San Andreas, but also DDoS attacks for a fee. Enthusiasts of the venerable videogame series, which places players in an immersive 3-D world of violence and vicarious thrills, have created an extensive universe of add-on features and tweaks, or “mods,” in the name of enriching and extending their experience. Sites such as San Calvicie cater to GTA gamers who want to host their own custom versions of GTA for multiplayer action. “The Corriente Divina (‘divine stream’) option is described as ‘God’s wrath will be employed against the IP that you provide us,” Geenens wrote of the site’s DDoS offering. “It provides a DDoS service with a guaranteed bandwidth of 90-100 Gbps and attack vectors including Valve Source Engine Query and 32 bytes floods, TS3 scripts and a ‘Down OVH’ option which most probably refers to attacks targeting the hosting service of OVH, a cloud hosting provider that also was a victim of the original Mirai attacks back in September 2016. OVH is well known for hosting multi-player gaming servers such as Minecraft, which was the target of the Mirai attacks at the time.” Shortly after Geenens made his initial discovery, he returned to the site and found that the terms of engagement had changed. Now the listing included a reference to “bots,” and offered a DDoS volume of between 290 and 300 Gbps, for the same low price of $20 a pop. While derived from established code, the San Calvicie-hosted botnet, which Geenens has dubbed “JenX”, is deployed in a different manner than its predecessors. “Untypical for IoT botnets we have witnessed in the past year, this botnet uses servers to perform the scanning and the exploits,” he wrote. “Nearly all botnets, including Mirai, Hajime, Persirai, Reaper, Satori and Masuta perform distributed scanning and exploiting. That is, each victim that is infected with the malware will perform its own search for new victims. This distributed scanning provides for an exponential growth of the botnet, but comes at the price of flexibility and sophistication of the malware itself.” The centralized approach employed by JenX trades slower growth for lower detection, he added. The danger from JenX should be mostly confined to GTA San Andreas users, Gessens said, but with a stern caveat. “[T]here is nothing that stops one from using the cheap $20 per target service to perform 290 Gbps attacks on business targets and even government related targets,” he wrote. “I cannot believe the San Calvicie group would oppose to it.” Radware filed abuse notifications related to JenX, resulting in a partial takedown of the botnet’s server footprint, but it remains active. JenX’s implementation makes taking it down a tricky task. “As they opted for a central scan and exploit paradigm, the hackers can easily move their exploit operations to bulletproof hosting providers who provide anonymous VPS and dedicated servers from offshore zones,” he wrote. “These providers do not care about abuse. Some are even providing hosting services from the Darknet. If the exploit servers would be move to the Darknet, it would make it much more difficult to track down the servers’ location and take them down.” SOURCE
lurch234 posted a topic in Security & Privacy NewsATM makers warn of 'jackpotting' hacks on U.S. machines (Reuters) - Diebold Nixdorf Inc and NCR Corp, two of the world’s largest ATM makers, have warned that cyber criminals are targeting U.S. cash machines with tools that force them to spit out cash in hacking schemes known as “jackpotting.” The two ATM makers did not identify any victims or say how much money had been lost. Jackpotting has been rising worldwide in recent years, though it is unclear how much cash has been stolen because victims and police often do not disclose details. The attacks were reported earlier on Saturday by the security news website Krebs on Security, which said they had begun last year in Mexico. The companies confirmed to Reuters on Saturday they had sent out the alerts to clients. NCR said in a Friday alert that the cases were the first confirmed “jackpotting” losses in the United States. It said its equipment had not been targeted in the recent attacks, but that it was still a concern for the entire ATM industry. “This should be treated by all ATM deployers as a call to action to take appropriate steps to protect their ATMs against these forms of attack,” the alert said. Diebold Nixdorf said in a separate Friday alert that U.S. authorities had warned the company that hackers were targeting one of its ATM models, known as Opteva, which went out of production several years ago. A confidential U.S. Secret Service alert sent to banks said the hackers targeted stand-alone ATMs typically located in pharmacies, big box retailers and drive-thru ATMs, Krebs on Security reported. Diebold Nixdorf’s alert described steps that criminals had used to compromise ATMs. They include gaining physical access, replacing the hard drive and using an industrial endoscope to depress an internal button required to reset the device. Reuters was unable to obtain a copy of the Secret Service report and an agency representative declined comment. Officials with the Federal Bureau of Investigation could not immediately be reached. Russian cyber security firm Group IB has reported that cyber criminals remotely attacked cash machines in more than a dozen countries across Europe in 2016. Similar attacks were also reported that year in Thailand and Taiwan. Source