Sign up for our newsletter
Technology / Cybersecurity

Monthly Attack Alert: Biggest cyber attacks in November

November was another bumper month for big cyber attacks. There was something for everyone, with new mobile malware in the form of the Gooligan campaign, new distributed denial of service (DDoS) attacks through the Mirai malware and standard data breaches in the cases of Three and the National Lottery.

When we left off at the end of October, the Mirai malware had taken major websites such as Reddit and Twitter offline after being deployed against hosting provider Dyn. Mirai is encoded with a list of default passwords and trawls the net, looking for passive internet-connected devices such as routers and camera.

It inputs these passwords into the devices to try and take them over.

The outages at Deutsche Telekom shows a novel result of the Mirai malware: what happens when it doesn’t succeed could be just as damaging.

White papers from our partners

CBR looks at some of the big breaches and what happened in them.


1. Gooligan

Millions of Google accounts were compromised in this attack campaign that uses Android credentials to access Google services.

The Gooligan malware is downloaded to smartphone devices through third-party app stores, according to security firm Check Point. The apps could also be downloaded if the user clicks on a malicious link in a phishing message.

androidFrom there, it downloads a rootkit which exploits vulnerabilities in the user’s device to take it over. This then downloads a malicious module from a command and control (C&C) server which allows Gooligan to steal credentials for email and other services.

The control can be used to install apps from Google Play and rate them using the user’s Google account or install adware on the user’s device to generate revenue.

Devices running Android 4 and Android 5 are vulnerable.

Google said that there is no evidence that user data has been accessed, and the credentials have been used to promote apps by using the victim’s account to leave an automated positive review and a high rating.

Next Page: Which politicians had their websites DDoS’d in November and which sadly failed to bring them down to give us all a break?
This article is from the CBROnline archive: some formatting and images may not be present.