Cyber Security News Update 11/03/2017

Zeus Panda, a rather charming sounding name, is malware aimed at infecting search engine results to infect devices. Zeus Panda is a banking Trojan, which works by infecting Google search results. It doesn’t literally infect the Google search engine platform, that would be an inefficient way of doing things. Instead Zeus Panda works by driving traffic to legitimate looking websites that are carrying a payload of malware. Google change its search engine variables every so often, which in some ways devalues thee sort of attacks as whenever there’s an update they have to be recalibrated. Zeus Pandas controllers attack method is to drive traffic to these sites, whereupon the user is prompted to download a corrupted MS Word document that installs Zeus Panda. This sort of concentrated SEO attack is something that requires a good bit of technical know how to pull off, as these new malware infected site are displacing long-running financial websites at the top of the search results. This sort of SEO manipulation, known as SEO Poisoning, isn’t normally seen as part of a campaign to distribute Trojans but is normally part of a phishing attack.

Aggressive malware has become the trend as of late, rather then the exception. There’s a new malware cutting through Japan, and one that’s believed to be part of an attack that seeks to steal valuable data and do so without leaving a trace. The ONI ransomware has been part of a string of attack that wipes itself out and leaves the ransomware behind after the attacker gets what they want. These makes recovering the stolen data difficult, and even harder to know what the target was. While the infected machines do have evidence on them that investigators can find to know that the device was infected, it doesn’t do much more then that. The attack is similar to the Bad Rabbit attacks that have been sweeping through Japan recently, using a similar method of attack and architecture. The difference is that ONI wipes out traces of the attack on the machine, the network the machine is part of and any servers it’s connected to as well.

Amid investigations into possible Russian involvement in the 2016 Presidential Election, the federal government has singled out 6 Russian government officials to be charged with hacking DNC systems. People close to the federal government are claiming that charges will be brought against these Russians within the next year. The Russian government has, obviously, denied any allegations against themselves or their employees. These allegations come from the forensic investigation that found that attack methods used were the same as Fancy Bear or APT28. Another Russian hacker group, known as Pawn Storm, is also believed to have taken part in the attack. Pawn Storm is believed to be part of the GRU, which would make it part of the Russian Military.
Source: US Identifies 6 Russian Government Officials Involved In DNC Hack