his hands on 6.5 million email addresses and poorly hashed passwords pertaining to users of Dueling Networks , a now-dead Flash game that 's based on the Yu-Gi-Oh trading card game . Dueling Network shut down in 2016 , but its site 's forum carried on until recently . `` Only our forum site was still up as a way for our users to communicate with each other ( login used Dueling Network credentials ) . Now that is down and warns users to change passwords on any other sites they may have used the same password on , '' a site admin told Motherboard . The hacker made away with at least 6.5 million accounts , although the site admin claims that not all those necessarily correspond to individual players , as many of the accounts may have been duplicates owned by the same user , or were never actually logged in . `` This number is inflated , '' the site admin claims . `` Weak password hashing makes them readable in plaintext '' The data trove the hacker got its hands on includes email addresses and passwords hashed with MD5 , which is pretty much useless at this point . This means that hackers are quite likely able to see all the passwords in plaintext , which is bad news for anyone who reuses those passwords for any accounts linked to the same email addresses . Black Luster Soldier , the admin of Dueling Network , believes the hacker used a vulnerability in MySQL to obtainAttack.Databreachthe data , although nothing is confirmed at this point . Regardless of how the hack happened , users are advised to change their passwords for any other services they use the same credentials as on Dueling Network .
DocuSign , with over 100 million users , is one of the world ’ s largest providers of electronic signature technology and digital transaction management . Recently , DocuSign acknowledged that they have been the victim of a malware phishing attackAttack.Phishing. The data breachAttack.Databreachhappened at one DocuSign computer system location and has since been contained . While short-lived , the malware was able to obtainAttack.Databreachmany customer and user emails from the DocuSign database . Fortunately , the breachAttack.Databreachwas limited to email addresses ; no documents or further customer information was accessedAttack.Databreachin the attackAttack.Databreach. The attackers have begun sending outAttack.Phishingmalicious emails with the company ’ s branding to DocuSign customers and users . In an alert on the DocuSign website , the company shared that it is tracking these emails which carry a downloadable Microsoft Word document harboring malware to attack the user ’ s system . The email subject line has been known to read : “ Completed : docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature. ” How to protect yourself If you are not expecting an email via DocuSign , do not click on the link . If you are expecting a document , but are unsure of the source , you can access your document directly by visiting docusign.com . Every legitimate DocuSign email has a code which the user can enter on the website to access their document . DocuSign has asked that people forward suspicious emails to spam @ docusign.com then delete the email from their inboxes . It is important to remember that DocuSign will never request a customer or user to open a PDF , Microsoft Office document or ZIP file in an email .
Employees of US NGOs Fight for the Future and Free Press were targeted with complex spear-phishing attemptsAttack.Phishingbetween July 7 and August 8 , reported today the Electronic Frontier Foundation ( EFF ) . Both organizations targeted in the attacksAttack.Phishingare currently fighting against for Net Neutrality in the US . Based on currently available evidence , the attacks appear to have been orchestrated by the same attacker , located in a UTC+3-5:30 timezone , said EFF Director of Cybersecurity Eva Galperin and EFF security researcher Cooper Quintin . At least one victim fell for the attacks `` Although this phishing campaignAttack.Phishingdoes not appear to have been carried out by a nation-state actor and does not involve malware , it serves as an important reminder that civil society is under attack , '' said the two today . `` It is important for all activists , including those working on digital civil liberties issues in the United States , to be aware that they may be targeted by persistent actors who are well-informed about their targets ’ personal and professional connections . '' At least one victim fell for the 70 fake emails sentAttack.Phishingduring the phishing attemptsAttack.Phishing. Attackers did n't deliver malware but luredAttack.Phishingvictims away on a remote site designed to phish Google , Dropbox , and LinkedIn credentials . `` The attackers were remarkably persistent , switching up their attacks after each failed attempt and becoming increasingly creative with their targeting over time , '' EFF said . The most creative of the spear-phishing emails was when victims receivedAttack.Phishingemails with the subject line `` You have been successfully subscribed to Pornhub.com , '' or `` You have been successfully subscribed to Redtube.com , '' two very popular adult video portals . Minutes later , victims receivedAttack.Phishinganother email made to look likeAttack.Phishingit was coming fromAttack.Phishingthe same two services . These second emails contained explicit subject lines . Because spear-phishing emails were aimedAttack.Phishingat work emails , most victims would have been inclined to unsubscribe from the incoming emails . This was the catch , as attackers doctored the unsubscribe link , leadingAttack.Phishingvictims to a fake Google login screen . Attackers used different tactics as the campaign progressed The PornHub and RedTube phishesAttack.Phishingwere not the only ones . Attackers also used other tactics . ⬭ Links to generic documents that asked users to enter credentials before viewing . ⬭ LinkedIn message notifications that tried to trickAttack.Phishingusers into giving away LinkedIn creds . ⬭ Emails disguised to look likeAttack.Phishingthey were coming fromAttack.Phishingfamily members , sharing photos , but which asked the victim to log in and give away credentials instead . ⬭ Fake email notifications for hateful comments posted onAttack.Phishingthe target 's YouTube videos . When the victim followed the link included in the email , the target would have to enter Google credentials before performing the comment moderation actions . ⬭ Emails that looked likeAttack.Phishinga friend was sharingAttack.Phishinginteresting news stories . Used topics and subject lines include : - Net Neutrality Activists 'Rickroll ' FCC Chairman Ajit Pai - Porn star Jessica Drake claims Donald Trump offered her $ 10G , use of his private jet for sex - Reality show mom wants to hire a hooker for her autistic son In one case , one of the targeted activists received a request from a user asking for a link to buy her music . When the target replied , the attacker answered backAttack.Phishingwith a Gmail phishing link , claiming the buy link did n't work . EFF experts say that victims who had two-factor authentication turned on for their accounts would have prevented attackers from logging into their profiles even if they had managed to obtainAttack.Databreachtheir password .
US Postal Service website flaw was patchedVulnerability-related.PatchVulnerabilitythis week but reportedVulnerability-related.DiscoverVulnerabilityby a security researcher a year ago . The US Postal Service has fixedVulnerability-related.PatchVulnerabilitya security bug in its website that allowed anyone with an account to see the account details of the site 's 60 million users . The flaw was patchedVulnerability-related.PatchVulnerabilitythis week after USPS was informedVulnerability-related.DiscoverVulnerabilityof the issue by Krebs on Security , which reports that an unnamed independent researcher reportedVulnerability-related.DiscoverVulnerabilitythe bug a year ago but never received a response . According to Krebs , the flaw was caused by an authentication weakness in the application programming interface ( API ) on usps.com that supported the USPS 'Informed Visibility ' program , which offers business customers `` near real-time tracking data '' about mail campaigns and packages . The bug let anyone who was logged in to usps.com to see account details for others users , including email address , username , user ID , account number , street address , phone number , authorized users , mailing campaign data and more . Krebs notes that the `` API also let any user request account changes for any other user , such as email address , phone number or other key details '' . USPS said in a statement it had no information that the vulnerability had been used to access customer records . `` Computer networks are constantly under attackAttack.Databreachfrom criminals who try to exploit vulnerabilities to illegally obtainAttack.Databreachinformation . Similar to other companies , the Postal Service 's Information Security program and the Inspection Service uses industry best practices to constantly monitor our network for suspicious activity , '' USPS said . `` Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously . Out of an abundance of caution , the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law . '' However , a recent vulnerability assessment of the Informed Visibility program by the Office of Inspector General of the US Postal Service turned up weaknesses , including a lack of audit logs , in the Informed Visibility database . The partially redacted audit report , published in October , assessed 13 Informed Visibility ( IV ) servers . It found overall compliance with Postal Service server configuration baselines , but weakness in the IV database 's account-management systems . `` We identified weaknesses in account management controls , specifically with password complexity , disabling user accounts , and maintaining audit logs , '' the OIG report notes . `` Without account management controls , the IV system is at risk for [ redacted ] . Further , if expired accounts are not disabled in a timely manner , this increases the duration that Postal Service information resources are vulnerable to compromise . `` Additionally , without audit logs , the Postal Service would not be able to obtain sufficient detail to reconstruct activities in the event of a compromise or malfunction '' . USPS has faced scrutiny in the past , after a 2014 hack exposedAttack.Databreachpersonal information on 800,000 employees , 485,000 workers ' compensation records , and 2.9 million customer-inquiry records . The OIG in 2015 criticized the USPS for focusing on compliance and failing to foster a `` culture of effective cybersecurity across the enterprise '' .
Science Inc. , the company behind the popular online poll creation app Wishbone , has suffered a data breachAttack.Databreach. As a consequence , personal and account information of over 2.2 million of the app ’ s users is being circulatedAttack.Databreachon underground forums . The compromised records include names , usernames , email addresses and telephone numbers of the users , but also their gender and birth date ( if they chose to share that info when they set up the account ) . According to Troy Hunt , who received a copy of the compromised MongoDB database , 2,326,452 full names , 2,247,314 unique email addresses , and 287,502 cellphone numbers were included . Most importantly , the great majority of Wishbone users are teenagers and young adults , and predominantly female . “ I ’ d be worried about the potential for kids to abuse the data , ” Hunt told Motherboard . “ There ’ s a lot of young people in there and finding , say , young females and being able to contact them by phone is a worry ” . Not only that , but the data could be used to ferret out additional information about these persons , either via phishingAttack.Phishingor by searching the Internet for unsecured social media accounts that can be tied to them . Armed with all this information , fraudsters could easily perpetrate identity theft schemes . And perhaps the stolen data has already been misused . Hunt say that the data breachAttack.Databreachdates back to August 2016 , but according to the notification letter the Wishbone team sent out , they “ became aware that unknown individuals may have had accessAttack.Databreachto an API without authorization and were able to obtainAttack.Databreachaccount information of its users ” only on March 14 , 2017 . Since then , they “ rectifiedVulnerability-related.PatchVulnerability” the vulnerability that allowed the information to be slurpedAttack.Databreachby the attackers , and are now advising users to consider changing their passwords ( even though they have not been compromisedAttack.Databreachin the incidentAttack.Databreach) .
A spam campaign targeting German users has increased its chances of successfully tricking users into installing malware , by embedding several pieces of the victim 's personal information into its poisoned email messages . The campaign , which has been active since at least January 2017 , begins when a user receives an email written entirely in German . Its message informs the recipient they 've attempted to pay for something online but that the transaction did not complete successfully The user must re-submit payment , the email demands , otherwise they could be penalized by a collection agency or even law enforcement . Sample of spam message seen targeting German users . Most of us know better than to fall for this type of scam , and the attackers know it . Which is why they 've outfittedAttack.Phishingtheir attack emails with a technique that 's designed to convinceAttack.Phishingthe recipient the notice is legitimate . Andrew Brandt , director of threat research at Symantec , elaborates on this point in a blog post : `` The key detail of each message was the fact that the recipient ’ s full name , mailing address , and telephone number were embedded in the middle of the message . '' Brandt does n't elaborate on how the attackers obtainAttack.Databreachusers ' personal information . Technically , bad actors can use Google and other tools to easily find these details . Seeing your personal information is enough to sway most users , so much so that a recipient would probably open the double-zipped attachment and thereby expose themselves to Nymaim.B . For its command and control ( C & C ) server , this banking trojan uses afegesinge [ dot ] com . At one point in time , 13 other malware executables communicated with it . Back in April 2016 , for instance , BBC News reporter Shari Vahl and ZDNet journalist Zack Whittaker separately spotted malicious emails in their inboxes that said they owed money to a collection agency , and included their real-life address information to make the messages appear more convincing . Unlike the German campaign , however , the UK attackAttack.Phishingsought to trickAttack.Phishingusers into clicking on links that led them to Maktub ransomware . No matter how convincing an email seems to be , it always pays to double check these kinds of claims by calling the company purportedly making the claim to confirm the message ’ s authenticity ( or to prove that it is false ) . '' Aside from confirming with the alleged sender , users should maintain an up-to-date security solution on their computers , implement software updates as soon as they become available , and delete any suspicious emails .
A hacker has stolenAttack.Databreachmillions of accounts from Dueling Network , a now-defunct Flash game based on the Yu-Gi-Oh trading card game . Although Dueling Network itself shut down in 2016 in response to a cease-and-desist order , the site 's forum continued running until recently . The message currently displayed on the Dueling Network forum . `` Only our forum site was still up as a way for our users to communicate with each other ( login used DN [ Dueling Network ] credentials ) . Now that is down and warns users to change passwords on any other sites they may have used the same password on , '' Black Luster Soldier , a Dueling Network administrator , told Motherboard in an email . The hacker appears to have stolenAttack.Databreachat least 6.5 million accounts , although Black Luster Soldier cautioned that not all of those necessarily correspond to individual players . `` At the moment , the claim that information has been breachedAttack.Databreachfor 6.5 DN million accounts appears to be accurate . Note that many accounts are duplicates owned by the same user or were never actually logged in , so this number is inflated , '' they said . The data includes user email addresses and passwords hashed with the notoriously weak MD5 algorithm , meaning hackers will likely be able to obtainAttack.Databreacha number of users ' plaintext passwords as well . Paid breach notification service LeakBase provided Motherboard with a small sample of accounts for verification purposes . Motherboard attempted to contact over 50 alleged victims , but has not received a reply at the time of writing . Black Luster Soldier 's working theory is that the hacker used a vulnerability in MySQL to obtainAttack.Databreachthe data . The lesson : As Black Luster Soldier advised , users should change their passwords on any other services with the same credentials as Dueling Network . Even if data from the breached site is n't all that valuable in and of itself , if someone has used the same password on another site , hackers can easily try to access other more serious accounts too
A hacker has stolenAttack.Databreachmillions of accounts from Dueling Network , a now-defunct Flash game based on the Yu-Gi-Oh trading card game . Although Dueling Network itself shut down in 2016 in response to a cease-and-desist order , the site 's forum continued running until recently . The message currently displayed on the Dueling Network forum . `` Only our forum site was still up as a way for our users to communicate with each other ( login used DN [ Dueling Network ] credentials ) . Now that is down and warns users to change passwords on any other sites they may have used the same password on , '' Black Luster Soldier , a Dueling Network administrator , told Motherboard in an email . The hacker appears to have stolenAttack.Databreachat least 6.5 million accounts , although Black Luster Soldier cautioned that not all of those necessarily correspond to individual players . `` At the moment , the claim that information has been breachedAttack.Databreachfor 6.5 DN million accounts appears to be accurate . Note that many accounts are duplicates owned by the same user or were never actually logged in , so this number is inflated , '' they said . The data includes user email addresses and passwords hashed with the notoriously weak MD5 algorithm , meaning hackers will likely be able to obtainAttack.Databreacha number of users ' plaintext passwords as well . Paid breach notification service LeakBase provided Motherboard with a small sample of accounts for verification purposes . Motherboard attempted to contact over 50 alleged victims , but has not received a reply at the time of writing . Black Luster Soldier 's working theory is that the hacker used a vulnerability in MySQL to obtainAttack.Databreachthe data . The lesson : As Black Luster Soldier advised , users should change their passwords on any other services with the same credentials as Dueling Network . Even if data from the breached site is n't all that valuable in and of itself , if someone has used the same password on another site , hackers can easily try to access other more serious accounts too
The IAAF said in a statement the hacking group known as Fancy Bear , which has been linked by western governments and security experts to a Russian spy agency blamed for some of the cyber operations that marred the 2016 U.S. election , was believed to be behind the attack of medical records in February . The hack targeted information concerning applications by athletics for Therapeutic Use Exemptions , the IAAF said . Athletes who had applied for TUEs since 2012 have been contacted and IAAF president , Sebastian Coe , apologized . ” Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential , ” Coe said in the statement . “ They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation ” . TUEs are issued by sports federations and national anti-doping organizations to allow athletes to take certain banned substances for verified medical needs . The IAAF said that data on athlete TUEs was “ collectedAttack.Databreachfrom a file server and stored on a newly created file ” . “ The attack by Fancy Bear , also known as APT28 , was detected during a proactive investigation carried out by cyber incident response ( CIR ) firm Context Information Security , ” the IAAF said . Private security firms and U.S. officials have said Fancy Bear works primarily on behalf of the GRU , Russia ’ s military intelligence agency . Fancy Bear could not be immediately reached for comment . The group and other Russian hackers were behind the cyber attacks during the U.S. presidential election last year that were intended to discredit Democratic candidate Hillary Clinton and help Donald Trump , a Republican , win , according to U.S. intelligence agencies . It was not known if the information was stolenAttack.Databreachfrom the network , the IAAF said , but the incident was “ a strong indication of the attackers ’ interest and intent , and shows they had accessAttack.Databreachand means to obtainAttack.Databreachcontent from this file at will ” . The attack was uncovered after British company Context Information Security conducted a investigation of the IAAF ’ s systems at the request of the athletics body . Context Information Security said in a separate statement that it was a “ sophisticated intrusion ” and that “ the IAAF have understood the importance and impact of the attack and have provided us comprehensive assistance ” . Last year , Fancy Bear hackedAttack.Databreachinto the World Anti-Doping Agency ( WADA ) database and publishedAttack.Databreachthe confidential medical records of several dozen athletes . Those included cyclist Bradley Wiggins , the 2012 Tour de France winner and Britain ’ s most decorated Olympian with eight medals , who was revealed to have used TUEs before some races . Wiggins retired last year under something of a cloud after it was revealed he took corticosteroid triamcinolone for asthma , although he broke no anti-doping rules . The IAAF banned Russia ’ s athletics federation after a WADA commission report found evidence of state-sponsored doping . Almost all Russia ’ s athletes missed the track and field events at the Rio Olympics last year and are likely to also miss the world athletics championships in London in August
The shadowy hacker consortium known as Callisto Group targeted the UK 's Foreign Office over several months in 2016 . According to research firm F-Secure , Callisto Group is an advanced threat actor whose known targets include military personnel , government officials , think tanks and journalists , especially in Europe and the South Caucasus . Their primary interest appears to be gathering intelligence related to foreign and security policy in the Eastern Europe and South Caucasus regions , and this , combined with infrastructure footprint links to known state actors , suggests a nation-state benefactor , the firm said . In October 2015 the Callisto Group targeted a handful of individuals with phishing emails that attempted to obtainAttack.Databreachthe target ’ s webmail credentials . Then , in early 2016 , the Callisto Group began sendingAttack.Phishinghighly targeted spear phishing emails with malicious attachments that contained , as their final payload , the “ Scout ” malware tool from the HackingTeam RCS Galileo platform . Scout was , ironically , originally developed for law enforcement . “ These spear-phishing emails were craftedAttack.Phishingto appear highly convincing , including being sentAttack.Phishingfrom legitimate email accounts suspected to have been previously compromisedAttack.Databreachby the Callisto Group via credential phishingAttack.Phishing, ” F-Secure noted in a paper , adding that the group is continuing to set up new phishingAttack.Phishinginfrastructure every week . One of the targets for Callisto in 2016 was the Foreign Office , according to BBC sources . The outlet reports that the government is investigating an attack that began in April last year . A source told the BBC that the compromised server didn ’ t contain the most sensitive information , fortunately . In a statement , the UK 's National Cyber Security Centre ( NCSC ) declined attribution or comment and merely said : `` The first duty of government is to safeguard the nation and as the technical authority on cybersecurity , the NCSC is delivering ground breaking innovations to make the UK the toughest online target in the world . The government 's Active Cyber Defence programme is developing services to block , prevent and neutralise attacks before they reach inboxes. ” F-Secure also said that evidence suggests the Callisto Group may have a nation-state sponsor , and that it uses infrastructure tied to China , Russia and Ukraine . It told the BBC that Callisto Group 's hacking efforts show similarities in tactics , techniques , procedures and targets to the Russia-linked group known as APT28 , though the two appear to be different entities . However , Callisto Group is also associated with infrastructure used for the sale of controlled substances , which “ hints at the involvement of a criminal element , ” F-Secure said . Going a bit further , a different source told the BBC that two of the phishing domains used in the UK attackAttack.Phishing“ were once linked to an IP address mentioned in a US government report into Grizzly Steppe. ” Grizzly Steppe is the code-name for Russian meddling in the US elections .
A California financing company exposedAttack.Databreachup to 1 million records online that contained names , addresses , fragments of Social Security numbers and data related to vehicle loans , according to a researcher 's report . The data comes from Alliance Direct Lending , which is based in Orange , California , writes Bob Diachenko , who works with the security research team at Kromtech Alliance Corp. of Germany . Alliance Direct Lending specializes in refinancing auto loans at a lower interest rate , and it also has partnerships with dealers across the country . `` It is unclear if anyone other than security researchers accessed it or how long the data was exposedAttack.Databreach, '' Diachenko writes in a blog post . Security researchers , as well as hackers , have had a field day lately exposing configuration mistakes organizations have made when setting up databases . Despite a string of well-publicized findings , the errors are still being made , or at least , not being caught . Aside from breachesAttack.Databreach, other organizations have seen their data erased and held for ransomAttack.Ransom, with notes left inside the databases asking for bitcoinsAttack.Ransom( see Database Hijackings : Who 's Next ? ) . Kromtech notified Alliance , which has since taken the data offline , Diachenko writes . Information Security Media Group 's efforts to reach Alliance officials were not immediately successful . Under California 's mandatory data breachAttack.Databreachnotification law , Alliance would be required to report the breachAttack.Databreach. `` The IT administrator claimed that it had only recently been leakedAttack.Databreachand was not was not up for long , '' Diachenko writes . `` He thanked us for the notification and the data was secured very shortly after the notification call . '' Researchers came across the data while looking into Amazon Web Services Simple Storage Service ( S3 ) `` buckets , '' which is the term for storage instances on the popular cloud hosting service . They were specifically hunting for buckets that had been left online but required no authentication . The bucket contained 1,000 items , of which 210 were public . The leaked data included .csv files listed by dealerships located around the country . The number of consumer details leaked ranges between 550,000 up to 1 million , Diachenko writes . A screenshot posted on Kromtech 's blog shows a sampling of the dealerships affected . Kromtech shared with ISMG a data sample pertaining to a dealership in Michigan . It shows full names , addresses , ZIP codes , what appear to be FICO credit scores , an annual percentage rate and the last four digits of Social Security numbers . `` The danger of this information being leakedAttack.Databreachis that cybercriminals would have enough to engage in identity theft , obtainAttack.Databreachcredit cards or even file a false tax return , '' Diachenko writes . While full Social Security numbers weren't exposedAttack.Databreach, there 's still a risk in leakingAttack.Databreachthe last four digits . When trying to verify customers ' identities , companies will sometimes ask for a fragment of data . So for fraudsters compiling dossiers , every bit , however incomplete , helps . Also exposedAttack.Databreachwere 20 phone call recordings with customers who were negotiating auto loan deals . `` These consent calls were the customers agreeing that they understood they were getting an auto loan , confirming that the information was correct and true , '' Diachenko writes . `` They included the customer 's name , date of birth , social security numbers , and phone numbers . '' The bucket was last modified on Dec. 29 , 2016 , Kromtech writes . Amazon has strong security built around S3 storage , so it would appear that whomever created the bucket might have disabled its controls . According to Amazon 's guidance , `` only the bucket and object owners originally have access to Amazon S3 resources they created . '' Amazon also has identity and access management controls that can be used to carefully restrict who can access and change data . Buckets can also be made off-limits based on HTTP referrers and IP addresses . Managing Editor , Security and Technology , ISMG Kirk is a veteran journalist who has reported from more than a dozen countries . Based in Sydney , he is Managing Editor for Security and Technology for Information Security Media Group . Prior to ISMG , he worked from London and Sydney covering computer security and privacy for International Data Group . Further back , he covered military affairs from Seoul , South Korea , and general assignment news for his hometown paper in Illinois .
Hummingbad has been replaced as the top mobile malware threat . It has been usurped by Triada , a modular backdoor for Android . According to Check Point Security , Triada grants super-user privileges to downloaded malware , helping it to be embedded into system processes . It has also been seen spoofing URLs loaded in the browser . And in January , based on data from the World Cyber Threat Map , Triada edged past Hummingbad , ending that baddie ’ s year-long reign . Hummingbad is an Android malware that establishes a persistent rootkit on the device , installs fraudulent applications , and with slight modifications , could enable additional malicious activity such as installing a key-logger , stealingAttack.Databreachcredentials and bypassing encrypted email containers used by enterprises . It ’ s still in second place in terms of prevalence . Over the summer , Check Point said that it was found to control 85 million devices globally , generating an estimated $ 300,000 per month in fraudulent ad revenue for the criminals behind it , i.e. , Yingmob , a group of Chinese cyber-criminals . Yingmob also happens to operate a legitimate ad network . The No 3 mobile malware threat is Hiddad—an Android malware which repackages legitimate apps and then releases them to a third-party store . Its main function is displaying ads ; however , it is also able to gain accessAttack.Databreachto key security details built into the OS , allowing an attacker to obtainAttack.Databreachsensitive user data . In total , mobile malware accounted for 9 % of all recognized malware attacks by Check Point . On the non-mobile front , the Index ranked Kelihos , a botnet used in bitcoin theft and spamming , as the most prevalent malware family overall , with 5 % of organizations globally is impacted by it . It utilizes peer-to-peer communications , enabling each individual node to act as a Command & Control server . It ’ s followed by HackerDefender and Cryptowall in second and third place respectively , with both impacting 4.5 % of companies . Overall , the top 3 malware families revealed that hackers were using a wide range of attack vectors and tactics to target businesses . These threats impact all steps of the infection chain , including spam emails which are spread by botnets , and contain downloaders that place ransomware or a Trojan on the victim ’ s machine .
For many people , the revelation that the US Central Intelligence Agency has been systematically hacking into civilians ' personal devices is profoundly disturbing . `` While exploits across a range of devices and the ability to turn on cameras and microphones is a touch chilling , they 're nothing new , and anyone with real concerns should already be going about their business with those possibilities in mind , '' he said . Meanwhile , Ilia Kolochenko from web security firm High-Tech Bridge said he was `` surprised '' that the incident had attracted so much attention . `` The CIA , like any other governmental intelligence agency , uses and will continue using various hacking tools and techniques to obtainAttack.Databreachany information they need to protect the country . `` So far , we do n't have any evidence that these capacities were used unlawfully , for example to violate reasonable expectation of privacy of innocent US citizens or for illicit interference with elections . ''