Home Tags Bulgarian

Tag: Bulgarian

Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world.
In these attacks, data is encrypted with the extension “.WCRYrdquo; added to the filenames. Our analysis indicates the attack, dubbed “WannaCryrdquo;, is initiated through an SMBv2 remote code execution in Microsoft Windows.
"We have activated the appropriate contingency plans," Wikileaks said without elaborating. A "state party" has cut off Wikileaks founder Julian Assange's Internet access, the organization announced on Twitter today. Assange, who said in August that U...
On Tuesday, Wikileaks celebrated its 10th anniversary with a press conference in Berlin. In addition to reflecting on the publisher’s various releases over the years, Wikileaks editor Julian Assange hinted that more disclosures around the US election would come soon. But recently, one researcher found that Wikileaks’ site is hosting tens of thousands of malicious files within its archives, potentially infecting visitors who execute them. At the press conference, Assange downplayed the risk to users, talking via video-link from London. “The [Hillary] Clinton campaign has been going around saying ‘don’t read Wikileaks, because there’s malware,'” Assange said in response to a general question about malware on the site from Motherboard. Talking specifically about malicious files that were included within a recent dump of emails from Turkey, Assange emphasised that there wasn’t an issue for users who just visited the site, and that people needed to download the files themselves. “However this same risk exists for most '.exe' or '.doc' files downloaded elsewhere from the internet or received by email. As time goes by we flag documents to alert readers,” a print-out given to journalists at the press conference reads. Assange even thought that the presence of malware itself was noteworthy. “There was malware sent to [the ruling Turkish party] AKP, either from criminals or from state attacks on the AKP. That’s extremely interesting,” he said. Dr. Vesselin Bontchev, the Bulgarian researcher who has monitored malware on Wikileaks, told Motherboard that the site contains at least 33,000 malicious files. These are within the Turkish email dump, he said. Once a visitor has downloaded one of the files, perhaps not knowing what it contains, “the user will be just a single click away from infecting their machine,” Bontchev wrote in an email. Bontchev also disagreed with Wikileaks’ assertion that the risk of opening malware from Wikileaks is just like downloading files from anywhere else on the internet. “Most websites don't make tens of thousands of malicious files available for download. Unless, of course, we are talking about malware distribution sites, but I have a hard time thinking of even one of those that has so many malicious files available!” Bontchev wrote. Bontchev said in, response to his work, Wikileaks has replaced around 300 malicious files with text. But even with that, it is still possible for users to download the malware, Bontchev added. “Wikileaks readers ARE at risk, because the Wikileaks website makes it way too easy for them to download malware on their desktops and doesn't adequately warn them about its presence,” he added.
A security researcher found more than 300 instances of malware available for download on Wikileaks. Amid the vast treasure trove of state secrets that Wikileaks has released are quite a few emails containing malware, a Bulgarian security researcher discovered this week. Vesselin Bontchev, an engineer at Bulgaria's National Laboratory of Computer Virology, found that the Wikileaks database currently contains more than 300 emails with malicious attachments, The Register reports. Bontchev posted links to each of the emails on Github, as well as the URLs on the Wikileaks site that host the malware. Most of the emails are garden-variety phishing scams—the type that alert you to an important shipment or bank transfer coming your way and ask you to enter your personal details to confirm it. One appeared to be imitating shipping giant Maersk, and purported to have an invoice confirmation attached. Many others originated from or were sent to email addresses with Turkish domain names, possibly linking them to the more than 300,000 emails Wikileaks published following the failed military coup in Turkey last month. For each email, Bontchev included a link to online virus-scanning tool VirusTotal to confirm that the included attachment is indeed malware. "The list is by no means exhaustive; I am just starting with the analysis," he wrote on Github. "But what is listed below is definitely malware; no doubts about it." Wikileaks appears to offer no warnings on its website about potential malware contained in the emails it posts.

A spokesperson did not immediately respond to PCMag's request for comment on how it screens email attachments. After its 2010 release of American diplomatic cables propelled Wikileaks to international attention, the organization again generated controversy in the US last month when it posted hacked emails from the Democratic National Committee.

Founder Julian Assange has refused to identify the source of those emails, though many security experts—and the FBI—believe they may have been hacked by Russian cybercriminals.
Freedom. Justice. Openness.

And some entirely avoidable p0wnage for good luck WikiLeaks is hosting 324 confirmed instances of malware among its caches of dumped emails, a top Bulgarian anti-malware veteran says. Random checks of reported malware hashes find the trojans are flagged as malware by Virus Total's static analysis checks. Much of the malware appear to be attachments emailed by black hats in a bid to compromise the various parties affected in the WikiLeaks dumps. Dr Vesselin Bontchev (@bontchev) says the instances of malware are only those confirmed and found in an initial search effort. Dr Bontchev, an antivirus researcher of nearly 30 years and former founder of the National Laboratory of Computer Virology in Bulgaria, said there were "no doubts" that the malware hosted on WikiLeaks was indeed malware. "The list is by no means exhaustive; I am just starting with the analysis," Bontchev says. "But what is listed below is definitely malware; no doubts about it." The document dumpster uploads attachments for the emails it releases but offers no warning about the security implications of downloading macro-enabled documents, executables, and other potentially malicious files. A feasibly simple antivirus check would have cleared a lot if not all of the attachment malware given the huge 80 to 100 percent hit rate Virus Total returned when testing files selected randomly from Dr Bontchev's list. ® Sponsored: 2016 Cyberthreat defense report
Just one month into a six-month pilot, a UK-led international cyber crime looks set to become permanent, according to Troels Oerting, head of Europol’s European Cybercrime Centre (EC3). EC3 is hosting the Joint Cybercrime Action Taskforce (J-CAT) set up in September 2014 to co-ordinate international investigations with partners, targeting key cyber crime threats and top targets. Initiated by EC3, the EU Cybercrime Taskforce, the FBI and the National Crime Agency (NCA), the J-CAT is made up of cyber liaison officers from EU states, non-EU law enforcement partners and EC3. Oerting said the unit, which is led by deputy director of the UK’s National Cyber Crime Unit (NCCU) Andy Archibald, is due for its first evaluation at the end of February 2015. “There are already indications it will be extended for at least another six months, but I think it is likely to become permanent as it keeps acquiring cases and we are trying to get European Union (EU) funding for it,” he said. Operation Imperium In just one month, the unit notched up its first success by co-ordinating Operation Imperium, which resulted in 31 arrests and 42 house searches by Spanish and Bulgarian police, supported by EC3. The raids took place mainly in Malaga, Spain and the three Bulgarian cities of Sofia, Burgas, and Silistra. The operation was aimed at taking down an organised crime network suspected of a variety of crimes, including large-scale automated-teller-machine (ATM) skimming, electronic payment fraud and forgery of documents. Eight criminal labs, including two very complex modern production sites for skimming equipment and counterfeit documents in Sofia and Malaga, were discovered and dismantled. More than 1,000 devices – including micro-camera bars, card readers, magnetic-strip readers and writers, computers, phones and flash drives, as well as plastic cards ready to be encoded – were seized. The cyber crime gang was using 3D printing equipment to produce fake plastic card slot bezels ready to be installed on bank ATMs and manipulated point-of-sale (POS) terminals. “This was probably the most advanced print shop I have ever seen, including 3D-printing equipment,” Oerting told Computer Weekly. Police officers also confiscated dozens of forged payment cards with records of PIN numbers, ready to be used at other ATMs. Mobile offices set up by EC3 enabled direct access to Europol's databases for the cross-checking, analysis and exchange of intelligence in real time. The cyber criminals were harvesting financial data from ATMs or compromised POS terminals in Italy, France, Spain, Germany and Turkey that was used to create fake payment cards. The fake cards could then be used to withdraw large amounts of cash from ATMs outside the EU, in countries like Peru and the Philippines. The case illustrates the cross-jurisdictional nature of cyber crime that typically adds a layer of complexity for law enforcement, particularly when non-European or allied states are involved. “We are using J-CAT to highlight obstacles we encounter,” said Oerting. “Even in the EU difficulties are caused by differences between member states in what is required for law enforcement officers to acquire an internet protocol (IP) address, for example. “In some counties a police officer can do this, while in other countries police officers have to go to a prosecutor to obtain a warrant from a judge, which can lose valuable time,” he said.  Cyber criminals operating outside the EU The biggest challenge, however, is when cyber criminals are operating from outside the EU. “We are trying to solve this by engaging with several states outside the EU to enable joint investigations and, so far, we have been able to achieve results,” said Oerting. “We will continue to pursue this and I hope we will be able to report the success on four test cases soon, and they will be the catalyst for more joint cases in future." It is a myth law enforcement agencies want to know everything about everyone – we are only interested in targeted information about criminal suspects that we can use Troels Oerting, EC3 Oerting again underlined the importance of sharing information, not only with other authorities but also with private companies. In this regard, J-CAT also has a role to play. The unit is currently working on an encryption system that is designed to facilitate the exchange of data. “J-CAT is working on encrypting data sets in such a way that they can be compared to see if there are any matches,” said Oerting. The aim is to reduce concerns about privacy because all the data will be encrypted, and will also reduce the volume of data exchanged. “Only if there is a match between the data sets – say of an IP address or particular kind of malware linked to a case, for example – will we put in an official request for that data, which we can then use,” explained Oerting. This means law enforcement will not have access to the full data set of collaborators, but only to specific information that relates to ongoing cases. “This the philosophy behind the project, but it is still very much a work in progress, so it is difficult to say at this stage exactly how it will work,” Oerting said. “J-CAT will continue to work on this because we know there are private companies that would be willing to exchange cyber attack information with us on this basis,” he added. This approach means there will be no exchanges of bulk data, nor any disclosures of personal or proprietary information that is not directly relevant to a criminal investigation. “It is a myth law enforcement agencies want to know everything about everyone – we are only interested in targeted information about criminal suspects that we can use,” said Oerting. The system is expected to be up and running by March 2015 to facilitate a stream of highly targeted information to J-CAT to support international anti-cyber crime operations. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK