LW’s NEWS WRAP: Mirai botnet variants take Internet-of-Things hacking to higher levels

By Byron V. Acohido

Last Watchdog’s News Wrap, Vol. 1, No. 2. Don’t look now but the weaponization of the Internet of Things just kicked into high gear. The Mirai botnet, which I first wrote about in December 2016, is back — in two potent variants. Mirai Okiru targets ARC processors – the chips embedded autos, mobile devices, smart TVs, surveillance cameras and many more connected products.

Related article: Massive IoT botnet hits German home routers

Mirai Satori, meanwhile, hijacks crypto currency mining operations, syphoning off newly created digital coins infects.Whether these variants are the work of Mirai’s creator, or copycats, hasn’t been determined.

“It is important to understand that the development community for malware is just as active and often more driven to create improved versions as the conventional software industry is,” Mike Ahmahdi, DigiCert’s global director of IoT security solutions, told me. “System builders and device manufacturers need to have a greater focus on implementing mitigation’s and controls that address the root issues that allow malware to flourish, rather than focusing on addressing the malware ‘flavour du jour’.”

Fancy Bear targets Olympic officials

Meanwhile, Russian hackers continue to be very methodical about interfering in U.S. politics —  for obvious strategic advantage. It turns out they also are passionate about preserving the stature of their star athletes.

The infamous hacking collective known as Fancy Bear has been tied to disruptive hacks targeting the DNC. Now those same hackers are also bedeviling the International Olympic Committee in apparent retribution for restricting Russia’s participation in the  upcoming Winter Games.

The hackers aim is to discredit Canadian lawyer Richard McLaren, who led the investigation into Russia’s widespread cheating in previous Olympic Games. It was because of the findings in his investigation that many Russian athletes are banned from the 2018 games in Pyeongchang, South Korea.

Russian hackers target U.S. senators

More details of Russia’s ongoing, proactive hacking that happens to reinforce Donald Trump’s presidency comes from security vendor Trend Micro. The Tokyo-based cybersecurity firm says the groundwork for an attack against the Senate began last summer. It says the attackers have been using infrastructure that’s been tied to attacks launched in 2016 and 2017 by the cyber espionage group known as Fancy Bear, aka APT28, Group 74, Pawn Storm, Sofacy, Strontium and Tsar Team, among other names.

This campaign began last June, when phishing sites were set up to mimic the Senate’s Active Directory Federation Services, which provides single sign-on access to systems and applications located across organizational boundaries, Trend Micro says. Victims are phished over to faked web site; their computers get infected; the hackers to take control.

Equifax becomes complaint magnet

In other news, after being hit with a massive, inexcusable data breach last year, Equifax became the favorite object of consumer complaints, a new report says. LendEDU says it analyzed consumer complaints filed in 2017 with the Consumer Financial Protection Bureau, and in 49 states (every one except North Dakota) Equifax (NYSE: EFX) received the most complaints. LendEDU says Equifax garnered a total of 30,576 complaints.

“It is quite to safe to say that there are not many companies more excited than Equifax about the calendar turning to 2018,” LendEDU noted.

Yet more credit unions sue Equifax

The bottom is still down there somewhere, in terms of Equifax’s troubles. Heartland Credit Union Association, which represents Kansas and Missouri credit unions, has announced it will join the long list of industry members that are suing Equifax over its massive data breach last year.

HCUA follows 18 other state leagues and more than 30 individual credit unions that joined since the trade association’s suit which was filed in October.The league said it elected to join CUNA’s suit because so many credit union members in Kansas and Missouri were harmed by the data breach, which impacted nearly half of the total U.S. population.

According to a press release from the association, the Equifax breach compromised private information for 1.1 million consumers in Kansas and 2.5 million consumers in Missouri. About 1.5 million people in Missouri and 664,000 people in Kansas belong to credit unions, according to the association.

(Editor’s note: LW’s NEWS WRAP is an aggregation of published articles, postings and releases supplemented by additional reporting.)


Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone