Thursday, 15 December 2016

Yahoo hacked again, more than one billion accounts stolen

Yahoo has disclosed that more than one billion accounts may have been stolen from the company's systems in another cyberattack
The company said in a statement Wednesday after the markets closed that unnamed attackers stole the accounts in August 2013, a year prior to a previously disclosed attack, in which attackers stole around 500 million accounts in September 2014.
The company wasn't able to identify the intrusion associated with the August 2013 breach.
The statement said the hackers may have stolen names, email addresses, telephone numbers, hashed passwords (using the weak, easy-to-crack MD5 algorithm), dates of birth, and in some cases, encrypted or unencrypted security questions and answers.
Yahoo said it has invalidated unencrypted security questions and answers so that they cannot be used to access affected accounts.
Payment card data and bank account information, stored in separate systems, are not thought to have been stolen in the attack.


The company admitted that hackers may have developed a way of accessing accounts without a password by stealing Yahoo's secret source code.
"Based on the ongoing investigation, the company believes an unauthorized third party accessed the company's proprietary code to learn how to forge cookies," which can be used to store authentication credentials locally.
"The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used," the statement said.
Yahoo has also invalidated the cookies.


It's the latest security blow against the former internet giant, which earlier this year -- just as it was being bought by Verizon for $4.8 billion -- said it had been attacked by "state-sponsored" hackers.
Yahoo still hasn't said who behind the attack, nor which state may have sponsored the hackers.
Verizon reiterated its statement on Wednesday, saying it "will evaluate" the purchase as Yahoo continues its investigation.
The news likely won't help confidence in the company that was heavily criticized by six leading senators for taking two years to disclose the September 2014 breach.
When reached, a Yahoo spokesperson said in an email that the company is "working closely with law enforcement."
Yahoo was down more than 2.5 percent in after-hours trading on the Nasdaq in New York.

BlackEnergy power plant hackers target Ukrainian banks

The same hackers who turned out the lights at Ukrainian utilities last December have been running attacks against the same country’s banks over recent months.
Security firm ESET reports that the gang slinging the TeleBots malware against Ukrainian banks shares a number of similarities with the BlackEnergy group, which conducted attacks against the energy industry in Ukraine in December, 2015 and January, 2016. ESET thinks that the BlackEnergy crew has evolved into what it calls the TeleBots group.
As with campaigns attributed to BlackEnergy group, the attackers used spear-phishing emails with Microsoft Excel documents containing malicious macros as their main means of spreading infection.
Once a victim clicks on the Enable Content button, Excel executes the malicious macro. That gets the attackers a compromised PC, which is used to further infiltrate a compromised network, sniff passwords, and other hacker tricks.
Eventually the hackers drop the KillDisk malware onto compromised PCs. This malware deletes system files, making machines unbootable, before displaying a Mr Robot-themed logo on the computers' screens as a sign-off.
Analysis by ESET shows that the code of the macro used in TeleBots documents matches the macro code that was used by the BlackEnergy group in 2015.
Russia was the prime suspect for the BlackEnergy attacks. The latest attacks follow recent accusations by Russian security services that foreign agencies were trying to sabotage Russia's financial system.