[fireeye] Cybercriminals Continue to Target Retail Sector

A series of spectacular cyber attacks have breached big-name retail stores in recent months, including Target,Nieman Marcus, and Michaels. These incidents are the only latest in what has become an alarming trend.

[net-security] Cybercriminals increasingly drawn to Tor anonymity and hidden services

Initially created to help political dissidents bypass traffic restrictions and hide their online activity from authoritarian governments, the Tor anonymity network has long since become a great tool for cyber crooks to hide their criminal activities and infrastructure.

[securityaffairs] Cybercriminals target mobile applications with fake SSL Certificates

Cybercriminals targeting mobile applications with fake SSL Certificates to run man-in-the-middle attacks against the affected companies and their customers.

[CIO] Cybercriminals Compromise Home Routers to Attack Online Banking Users

Attackers changed the DNS configuration of vulnerable home routers to mount man-in-the-middle attacks against users in Poland

IDG News Service — Attacks recently observed in Poland involved cybercriminals hacking into home routers and changing their DNS settings so they can intercept user connections to online banking sites.

Researchers from the Polish Computer Emergency Response Team (CERT Polska) believe attackers will likely target users from other countries as well in the future using similar techniques.

"The attack is possible due to several vulnerabilities in home routers that make DNS configuration susceptible to unauthorized remote modifications," the Polish CERT researchers said Thursday in a blog post. "In the resulting man-in-the-middle attack content of several e-banking websites was altered to include JavaScript injects that tricked users into giving up their usernames, passwords and TANs [transaction authentication numbers]. Effectively, money is stolen from users' bank accounts."

Unless intentionally configured otherwise, devices connected to a local network will typically use the DNS server provided by the network's router to resolve domain names to IP (Internet Protocol) addresses. If attackers compromise the router and configure it to use a DNS server under their control, they can respond with rogue IP addresses to DNS queries for the domain names they wish to target.