Hackers breach frequent-flyer Lufthansa accounts

The German airlines blocks several accounts after the attack.

Hackers have breached into the customer accounts of Lufthansa to use their miles for purchases, reminiscent of similar incidents involving other top airlines in the past few months.
The German airliner said that it has blocked several accounts after those of some frequent flyers have been hacked.
According to German media reports, the attackers have used a bot net that helped them generate usernames and passwords on numerous computers. The right combinations of credentials were used to access frequent-flyer miles.
DW.de has quoted a Lufthansa spokesperson as telling DPA news agency that it 'had not been able to prevent illicit access to some customer files'.
"We had to lock several hundred customer pages. We believe to have the problem generally under control," he said.
The miles have been credited back to the accounts of the attacked customers, the airlines added.
Attack on Lufthansa comes two weeks after thousands of British Airways frequent-flyer accounts were hacked in March.
American and United airlines reported similar incidents in December. American Airlines said that about 10,000 accounts were hacked while United Airlines confirmed that hackers booked trips or made mileage transactions on about three dozen accounts.

Hackers Attack Belgian Press Group, Second in Days

Hackers attacked one of Belgium’s top newspaper publishers on Sunday just days after Tunisian Islamist militants took control of a regional government portal to denounce US counter-terror operations.

There was no immediate indication the incidents were linked to each other or to a massive cyberattack against French station TV5Monde on Wednesday which Paris said was likely a “terrorist act.”
Didier Hamann, head of the Le Soir newspaper, said the daily had been “the victim of an attack.”
“Nothing concrete to link it with TV5 or RW,” Hamman said in a tweeted message, referring to the French attack and Friday’s takeover of an economic news website run by the Wallonian regional government in southern Belgium.
“We are trying to determine the origin of the attack,” Hamann told Belga news agency separately.
“We are regularly targeted and the attacks are quickly controlled but in this case, the firewalls did not work as normal,” he added.
Le Soir is owned by the Rossel Group which has several other publications.

Its websites were unavailable from 1730 GMT Sunday.
Eric Malrain, chief financial officer with the Rossel Group, told AFP: “There has been a cyberattack at Le Soir but we have no other information for the moment.”
Hamann said Le Soir would appear Monday as usual.
Earlier reports treated the incident as a technical breakdown before it was established it was a hacking attack.
In Friday’s attack on the Wallonian government website, hackers identified as the “Fallaga Team” from Tunisia ran a video followed by a message saying:
“Take your heads out of the sand, struggle against your leaders, join the resistance.”
Press reports said the Fallaga Team had hacked several French institutions shortly after the Islamist attacks in Paris in January which left 17 people dead.
The TV5Monde hackers for their part said French President Francois Hollande had committed “an unforgivable mistake” by joining the US-led air campaign against the extremist Islamic State group in Syria and Iraq, which had led to the January killings in Paris.
Belgium is also part of the US-led operation and in February said it would send around 35 soldiers to Iraq to help train its army in the fight against IS.

Interpol frees 770,000 systems from Simda botnet

Interpol has successfully freed 770,000 machines from the Simda botnet during a joint operation with Microsoft, Kaspersky Lab, Trend Micro and Japan's Cyber Defense Institute.
The operation saw Interpol's Digital Crime Centre (IDCC) coordinate with local law enforcement and the tech firms to mount a series of "simultaneous" server takedowns in the US, Russia, Luxembourg and Poland on 9 and 10 April.
The operation has been hailed as a major success in the ongoing battle against cyber crime.
Simda has been used to target everything from general web users to financial institutions for several years.
The attacks granted hackers remote access to victim systems and let them spread malware and steal vast amounts of data, including personal identifiable information and banking passwords.
Kaspersky Lab security expert Vitaly Kamluk said the campaign was particularly dangerous as it had defence-dodging capabilities.
"This bot is mysterious because it rarely appears on our KSN radars despite compromising a large number of hosts every day," he explained in a blog post.
"It has a number of methods to detect research sandbox environments with a view to tricking researchers by consuming all CPU resources or notifying the botnet owner about the external IP address of the research network.
"Another reason is a server-side polymorphism and the limited lifetime of the bots."
The operation began after Microsoft's Digital Crimes Unit spotted and reported a spike in Simda infections.
In January and February Interpol reported that Simda had enslaved 90,000 systems in the US alone.
The IDCC then worked with Microsoft, Kaspersky Lab, Trend Micro and Japan's Cyber Defense Institute to create a "heat map" detailing infection hot zones and the location of the botnet's command and control servers.
Microsoft has since released a Simda clean-up tool that will let users purge their systems of the malware.
IDCC director Sanjay Virmani said the combined operation demonstrated the value of collaboration between the public and private sectors in combating cyber crime.
"This successful operation shows the value and need for partnerships between national and international law enforcement with private industry in the fight against the global threat of cyber crime," said Virmani.
Trend Micro argued that businesses must devise more robust cyber security strategies if they hope to protect themselves from threats like Simda.
"We advise users to be cautious when opening emails. Avoid opening emails and attachments from senders who are unknown or who cannot be verified," explained Trend Micro in a blog post.
"P2P networks aren't inherently malicious but users should be aware that dealing with these sites can increase their chances of encountering malware.
"Users should also invest in a security solution that goes beyond simple malware detection; features such as spam detection and URL blocking can go a long way in protecting users from threats."
The Simda takedown is the latest in a series of anti-botnet operations.
A task force comprising Europol, the Dutch National High Tech Crime Unit and the FBI, with support from Intel, Kaspersky and Shadowserver, reported taking down the Beebone botnet on 9 April.

Russia pulls alleged 'Svpeng' kingpin

Russia's Ministry of the Interior has gone public about the March 24 arrest of a 25-year-old and four others it believes was the leader of a gang of cyber-scum behind the “Svpeng” money-draining malware.
The Android malware is believed to have netted a near million-dollar haul within Russia alone (50 million rubles), hitting 350,000 Google devices during 2013 and 2014.
According to Forbes, Svpeng started by acting like a Google Play buy-credit window, opening over the top of the store requesting credit card details. Later, the group in charge switched tactics to ransomeware, popping up a fake FBI “penalty notification” on screens and locking devices until the gang was paid.
Last year, Kaspersky noted the group's decision to start attacking users outside Russia's borders.
According to Google Translate, the ministry's April 11 announcement says the arrests took place in Chelyabinsk during March.
The operatives “seized a significant amount of computer equipment with traces of Internet dissemination of malicious software, mobile phones, SIM cards, electronic media, server hardware,” the statement notes, along with the credit cards that received the stolen funds.
The translation suggests a confession was obtained.