Cyber-espionage group Sednit attacks again, targeting financial institutions and misuing defense-related websites

The infamous Sednit cyber-espionage group that has been attacking various institutions especially in Eastern Europe in the past has recently started to use a new exploit kit to distribute their malware, ESET research lab in Montreal is reporting. Among the attacked websites is a large financial institution in Poland. ESET has uncovered that the group uses domains similar to those of existing websites related to the military, defense and foreign affairs.

“We recently came across cases of legitimate financial websites being redirected to a custom exploit kit. Based on our research and on some information provided by the Google Security Team, we were able to establish that it is used by the Sednit group. This is a new strategy for this group which has relied mostly on spear-phishing emails up until now,” says ESET researcher Joan Calvet.

ESET has in particular analyzed redirections to the exploit kit from websites belonging to a large financial institution in Poland. In its attack, Sednit is misusing legitimate websites related to military and defense topics.  During the exploit attack remotely-controlled malware with various malicious activities is being installed on the system.  “This might be indicative of an ongoing campaign against those sectors,” adds Calvet.

In recent years, exploit kits have become a major method employed to spread crimeware, malware intended for mass-scale distribution to facilitate financial fraud and abuse of computing resources for purposes such as sending spam, bitcoin mining, credentials harvesting and other. Since 2012, ESET has observed this strategy is being used for espionage purposes as well in what has become known as “watering-hole attacks” or “strategic web compromises.” A watering-hole attack can be described as redirecting traffic from websites likely to be visited by members of a specific organization or industry being targeted.

Read more about the story on ESET’s WeLiveSecurity.com.

London taxis hailed as black hole as 190,000 lost mobiles are taken for a ride

London taxi’s lost property: 190,000 mobile phones, the chief of NATO’s briefcase and an inflatable banana

Internet security provider ESET has carried out a survey of London taxi drivers which has revealed that 190,000 mobile phones are left in the back of the city’s taxis every year, highlighting the need for businesses and individuals to back-up, encrypt and password protect their devices in the event of it falling into the wrong hands, and the data being stolen, compromised or abused.

There are around 24,000 black cabs in London and the study found that a taxi driver finds an average of eight mobile phones in the back of their cab every year; this ultimately means that Londoners lose a staggering 520 mobile phones in taxis every day and 190,000 every year. However other somewhat more worrying findings from the study revealed that half of the devices found in taxis are completely unlocked, meaning anyone who finds the phone is able to gain access to the confidential information it holds.

Commenting on the findings from the study, Mark James, security specialist at ESET, said: “Today we use our mobiles for a multitude of tasks, whether it’s our online banking or connecting to corporate email systems, and we do not want our devices to fall into the wrong hands. Our study shows that despite the huge publicity cybercrime receives in the media today consumers still do not see themselves as a real target. This is naïve and wrong. Cybercriminals are well aware of the fact that our mobiles contain connections to corporate networks and sensitive information and they will take advantage of this. Consumers should as an absolute minimum use a password to protect their device in case it is ever lost, however a good security posture would include encryption and a remote wipe facility.”

The most jaw dropping findings from the study were revealed when cabbies were asked about the most unusual things they had found in the back of their cab, some of the most astonishing items included:

§  The chief of NATO’s briefcase

§  An inflatable banana

§  A dog

§  400 packets of jelly

§  £100,000 worth of Stocks and Bonds

§  For one rather unfortunate taxi driver - a pair of false teeth

In addition to this, when taxi drivers were asked what they did with any phones they found in the back of their cabs 61 percent said they waited for the owner to call, 25 percent said they handed it into the police and 14 percent said they contacted the owner. Other findings revealed that:

§  68 percent taxi drivers would not have a snoop around the phone if they found it unlocked

§  99 percent of taxi drivers revealed they could not unlock the device if they found it locked

§  24 percent of taxi drivers said that despite them not being able to open an unlocked phone, they were confident their kids / nephews would be able to

“While our study has proven just how honest taxi drivers are, sadly not everyone who finds a phone will take the same approach. I imagine the majority of people who find a phone will actually have a look around and see if there is anything of any interest or value to be found. What people need to start asking themselves is – could any of the data held on my mobile compromise me either personally or professionally if it fell into the wrong hands? If the answer is yes, which I expect it will be, then security on your mobile device must be a priority, not an afterthought,” continued James.

* This research was carried out at the taxi rank at London King’s Cross station and studied the attitudes of 300 taxi drivers.

ESET presenteert plug-in voor Kaseya Virtual System Administrator

ESET Remote Administrator plug-in biedt nieuwe bescherming tegen malware voor de gebruikers van Kaseya

 

ESET, wereldwijd leider in proactieve digitale bescherming, kondigt de beschikbaarheid aan van de ESET Remote Administrator plug-in voor Kaseya Virtual System Administrator (VSA), het toonaangevende platform voor IT-systeembeheer. Dankzij de integratie met de nieuwste versie van Kaseya laat de ESET Remote Administrator plug-in IT-managers toe om de vertrouwde Kaseya-interface te gebruiken voor het beheer en het onderhoud van ESET Endpoint Antivirus en Endpoint Security in gedistribueerde netwerken.

 

“De ESET Remote Administrator plug-in voor Kaseya Virtual System Administrator biedt de mogelijkheid om ESET-installaties te beheren vanuit de alom gewaardeerde Kaseya RMM-omgeving”, zegt Marc Mutelet, CEO van MGK Technologies, invoerder van ESET voor de regio BELUX. “De controle over onze oplossing voor proactieve malwaredetectie via de vertrouwde Kaseya-interface versterkt de bescherming van de gebruiker, terwijl tegelijk de efficiëntie en de snelheid van uitrollen van de toepassing toenemen.”

De ESET Remote Administrator plug-in voor Kaseya VSA geeft administrators de mogelijkheid om antimalwareconfiguraties aan te brengen op een brede waaier van endpoints met een ESET-client. Het laat hen toe scans uit te voeren, updates te installeren, data over risico's te bekijken en rapporten te genereren via het Kaseya Info Center. De plug-in is gratis beschikbaar voor klanten met een actieve licentie voor één van de volgende ESET-producten: ESET Endpoint Antivirus, ESET Endpoint Security en ESET NOD32 Antivirus Business Edition voor Mac OS X of Linux Desktop. De plug-in is ook bruikbaar voor het beheer en de monitoring van een aantal producten uit het aanbod van ESET voor Windows Server en Linux File Server.

“Gebruikers van Kaseya VSA hebben meer dan ooit keuze aan antimalware voor de bescherming van hun computers, devices en data”, zegt Ben Lavalley, Director Product Management bij Kaseya. “ESET is een uitstekende aanbieder van oplossingen voor de detectie en preventie van bedreigingen. We zijn erg blij dat de nieuwe plug-in het voor Kaseya-klanten nu nog makkelijker maakt om hun ESET-producten te beheren vanaf ons platform.”

Behalve de functionaliteit op het vlak van scanning en rapportering biedt de ESET Remote Administrator plug-in voor Kaseya VSA de gebruiker ook de mogelijkheid om zijn of haar dashboard te personaliseren met makkelijk leesbare grafieken en tabellen, en om alerts te krijgen op basis van vooraf gedefinieerde updates. Met de plug-in kunnen organisaties ook bepalen welke gebruikers in functie van hun rol al dan niet toegang krijgen tot de productinstellingen.

Om meer te vernemen over het ontplooien van de beste beveiliging tegen malware in een Kaseya omgeving, click here.  

Meer vernemen over ESET?

Sinds 1987 ontwikkelt ESET® bekroonde beveiligingssoftware die nu meer dan 100 miljoen gebruikers helpt om een op een veilige manier van technologie te genieten. Zijn uitgebreide  productengamma wordt op alle populaire platformen gebruikt en biedt zowel bedrijven als consumenten een perfect evenwichtig tussen prestaties en proactieve bescherming. Het bedrijf beschikt over een globaal verkoopnetwerk, aanwezig in 180 landen, en regionale kantoren in Bratislava, San Diego, Singapore en Buenos Aires.  Meer informatie is te vinden op www.eset.com of op LinkedIn, Facebook en Twitter.