View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 1, 2016updated 02 Dec 2016 9:15am

Monthly Attack Alert: Biggest cyber attacks in November

Learn all about the big cyber attacks in November, including Adult Friendfinder, Three UK and Deutsche Telekom.

By Alexander Sword

November was another bumper month for big cyber attacks. There was something for everyone, with new mobile malware in the form of the Gooligan campaign, new distributed denial of service (DDoS) attacks through the Mirai malware and standard data breaches in the cases of Three and the National Lottery.

When we left off at the end of October, the Mirai malware had taken major websites such as Reddit and Twitter offline after being deployed against hosting provider Dyn. Mirai is encoded with a list of default passwords and trawls the net, looking for passive internet-connected devices such as routers and camera.

It inputs these passwords into the devices to try and take them over.

The outages at Deutsche Telekom shows a novel result of the Mirai malware: what happens when it doesn’t succeed could be just as damaging.

CBR looks at some of the big breaches and what happened in them.

 

1. Gooligan

Millions of Google accounts were compromised in this attack campaign that uses Android credentials to access Google services.

Content from our partners
How to turn the evidence hackers leave behind against them
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer

The Gooligan malware is downloaded to smartphone devices through third-party app stores, according to security firm Check Point. The apps could also be downloaded if the user clicks on a malicious link in a phishing message.

androidFrom there, it downloads a rootkit which exploits vulnerabilities in the user’s device to take it over. This then downloads a malicious module from a command and control (C&C) server which allows Gooligan to steal credentials for email and other services.

The control can be used to install apps from Google Play and rate them using the user’s Google account or install adware on the user’s device to generate revenue.

Devices running Android 4 and Android 5 are vulnerable.

Google said that there is no evidence that user data has been accessed, and the credentials have been used to promote apps by using the victim’s account to leave an automated positive review and a high rating.

Next Page: Which politicians had their websites DDoS’d in November and which sadly failed to bring them down to give us all a break?

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU