Академический Документы
Профессиональный Документы
Культура Документы
CYBER THREATS 3
2016
CYBER THREATS 2016
ThaiCERT
, ,
, Martijn Van Der Heide,
, ,
, , ,
, ,
1 2560
3,000
300
.. 2537
()
(Thailand Computer Emergency Response Team: ThaiCERT)
() (.)
Electronic Transactions Development Agency (Public Organization) (ETDA)
()
20 33/4 9
10310
: 0 2123 1212 | : 0 2120 1200
: office@thaicert.or.th
: www.thaicert.or.th
() : www.etda.or.th
: www.mdes.go.th
Thailand 4.0
2559
()
SWIFT
5
SMS
Cyber Threats 2559 fb.com/thaicert twitter.com/thaicert
Statistic
Research
& Education ( )
()
Awareness
Mastercard ................................31
32
..........................34
blockchain....................................................................................35
iPad Pro 9.7
iOS 9.3.2
.........36
.....................................................................................37
SandJacking
iOS
.........................................................38
Social Network
.........................................................40
TeamViewer
442
44
446
TeamViewer
447
..........49
.................................................51
Google
2
OTP.................................53
.....................54
.....................55
Facebook556
Malvertising ..................58
Windows XP............................59
1234660
...........................................................................................61
Tinder
............................................62
Pokemon GO663
Firefox
Windows.............................66
social engineering667
iPhone
6 68
69
CloudFlare
WordPress
....................................................70
ATM skimming ...................................................71
SDK
...................................................................................72
...........................................................73
......................................................................................74
Microsoft EMET
2561
Windows 10..............................................75
SHA-1
2560 35% . ..................................................................................76
...............................................77
Star Wars - Rogue One..................................................................................78
880
Fraud
Netflix ....................................................83
Apple
SMS Apple ID.....................84
iOS 9.3..................................85
..............86
Facebook Facebook.........................................87
LINE 500 Free Coin
....88
ISP Game of Throne.............89
FBI
...........................................................................90
PayPal
PayPal.................................................................................................91
..........................................................................................92
GoDaddy
..............................................93
DSI VoIP . ............94
WhatsApp Facebook.........................................................96
1,500 .....................................................................................................97
...................................................................98
iPhone
Apple ID .............................................................99
Incident
.................................................................... 101
MedStar Health ...................................... 102
FBI
53............... 103
Panama Papers
............ 104
............................................................................................................ 105
...................................................................................................... 106
. .................................................... 107
ISIS
.................................................... 108
Qantas Wi-Fi
......................................................................................................... 109
FBI
......................... 110
Microsoft Platinum
................................................................................................. 111
SWIFT ........... 112
GhostShell 32
FTP.............................................................................................. 113
................................................................................................. 114
SWIFT 12 ................................................... 115
Twitter 2,500
/...................................... 116
..................................................... 117
SWIFT
Sony Pictures.............................................................................. 119
TeamViewer
......................................................................................... 120
...................................................... 121
Twitter Pinterest
LinkedIn .................................................................... 122
Toyota Lexus
1 123
7 ................. 124
Twitter
2
............................................ 125
GoToMyPC
............................................................................. 126
Twitter Twitter
Mark Zuckerberg............................................... 127
SWIFT
10 ...................................................................................... 128
Lizard Squad
DDoS
.................................................................................. 129
iOS
iCloud
........................................................................... 130
Marriot Hyatt
.................................................. 131
Steam
9.1 .............................................................. 132
Epic Games 8 .................................. 133
Fitness Tracker McDonalds
........................................................................ 134
FBI
....................................................................... 135
macOS 10.12 (Sierra)
Razor kernel panic..................................................................................... 136
OVH DDoS 1.1 Tbps
IoT................................................................................................ 137
1.5
botnet
DDoS1 138
............................................................................... 140
GlobalSign
..................................................................... 141
.................................................................................................. 142
Tesco Bank
20,000 ....................................................... 143
DDoS
IoT.................................................................................... 144
.................................................................................................................. 145
ATM ......................................... 146
ISP
DDoS
1
Mirai....................................................... 147
.................................................. 149
HIV ................................. 150
Skype
................................................................................................................. 151
1
......................................................................................................... 153
Leet DDoS 650 Gbps.................................. 154
................................................................................................... 155
Law & Policy
Anonymous
#OpSafePharma1 157
Open source
............................................................................................... 158
NIST
1 159
SpyEye 24 1 160
1 161
1 162
.............. 163
LulzSec
.................................................................................... 164
................................................................... 165
......................................................................................... 166
........................................................................................ 167
....................................................................................................... 168
50
45 ......................................................... 169
..................................................................... 170
.......................................................................................................... 171
...................................................................................... 172
Kickass Torrent
Apple, Facebook Coinbase................................................................................ 173
DDoS
2557.......................................................... 174
.................. 175
.................................................................................................................... 176
Verizon 5
1 177
Mozilla
WoSign
StartCom Apple .................................................................. 178
FBI
Lizard Squad PoodleCorp............ 179
IoT
CSA
1 180
Apple Watch
............................................................. 181
G7
1 182
IoT
......................... 183
FCC ISP
1 185
2559-2564.................................................... 187
NIST Homeland Security
IoT1 188
................................................................... 189
NIST
.................................. 190
1 2560.................................................................... 191
Malware
Emisoft Lab
HydraCrypt UmbreCrypt............................................................................................ 193
Linux Mint Backdoor ISO........................ 194
CTB-Locker
................. 195
Porn clicker Google Play.............................................................. 196
KeRanger
Mac.................... 197
TeslaCrypt
4.0
..................................... 198
Android Flash Player
Google............................................................ 199
Petya MFT
................ 200
............................... 201
Android.Lockdroid Android
................................................................................................. 202
Google Play Store 100 ............ 203
OSX.Pirrit Mac OS X ..................................... 204
CryptoHost .rar .............. 205
! Amazon........................................... 206
Jigsaw
................................................................. 207
ATM
...................................................................... 208
SamSam JBoss
.................................................................. 209
CryptXXX
Bitcoin............................................................................................... 210
TeslaCrypt
............................................................................................................. 211
Android root
........................................................................................ 212
! Play Store
.............................................. 213
Pirate Bay
........................ 214
CryptXXX ..................................................................... 215
7ev3n-HONE$T
................................ 216
SMS................................................................................. 220
Google Play Store
.............................................................................. 221
Dridex
Cerber.......................................................... 222
.............................................. 223
CryptoXXX 2.0 ...................................................... 224
TeslaCrypt
2 225
! WhatsApp Gold
............................... 226
ZCryptor
.zcrypt..................................................................................................... 227
Asus LiveUpdate
2 228
Android
URL
.......................................................................................... 230
FLocker
Android...................................... 231
iOS App Store
SDK 2 232
TeamViewer
.................................................................. 233
True Lenovo P1m
................................ 234
JavaScript
.................................................................................... 235
Godless Play Store
root
..................................................................... 236
OTP............................ 237
Facebook
....................................................................... 238
Office 365.............................. 239
LevelDropper Play Store
root
........................................................................... 240
................................................................................... 241
Hummer Android
35,000 root
.......................... 242
Mac
........................................................................................................ 243
Keydnap Mac ..................... 244
Pokemon GO ......... 245
Ranscam
........... 246
Europol
......................................................................... 247
Microsoft ..WSF (
. 2 )............. 248
SpyNote Android
........................................................................................................ 249
FossHub Audacity Classic Shell............ 250
Google Play Store 155
2.8 ..................................................................................... 251
Shortcut........................................... 252
Cerber
..................... 254
Svpeng Android Google AdSense
................................................................................................... 255
........................................................ 256
Rex
Linux
Bitcoin DDoS............................................................................................................. 257
Wildfire
..................... 258
Pegasus iOS
iOS 9.3.5 !.............................................................................................. 259
Locky
DLL............................. 260
Transmission ()
Keydnap Mac OS X................................................................................. 261
DressCode Google Play Store
Botnet............................................................................................ 262
Cerber
............................... 263
Gugi
Android 6....................................................................... 264
NAS Seagate................................................................................... 266
iOS 75
App Store............................................................. 267
.hta .......................... 268
Guide for Pokemon GO Play Store
root
......................................................................... 269
Komplex Mac OS X
..................................................................... 270
Xiny Android Play Store
root ............................................. 272
MarsJoke
96 ......................................................... 273
Xpan
remote desktop................................................................................................... 274
Mirai IoT
4 ....................................................... 276
Symantec Odinaff
macro.................................................... 277
NyaDrop
IoT Linux.............................................. 278
Mirai
Sierra Wireless
.......... 279
Microsoft Locky .LNK.............. 280
Google AdWords
macOS
............................................................... 281
Svpeng
Google Chrome Android
.apk . ................................................................... 282
Mirai
(DVR) ............................. 283
Facebook
....................................................................................................... 284
Keygen
........................................................................................... 285
Gooligan Android
2 287
Super Mario Run Android
................................................................................... 288
Privacy
............................................................................. 312
TeamGhostShell
MongoDB 36 ......................................... 313
Facebook Netflix
.............................................................. 314
Flash Keyboard
Play Store 3 315
GitHub
2FA3 317
Mark Zuckerberg
.......................................................................... 318
LogMeIn
............................................................... 319
154
....................................................................................................... 320
Google
...................................................................................................... 321
22
3 322
Maxthon Browser
.............. 323
EFF
................................................... 324
Dota 2 2
.................. 325
Minecraft World Map 71,000 .......... 326
Dropbox 60 ..................................... 327
Seagate
3 328
Yahoo 500
....................... 329
Dropbox 60
................................................................................... 330
Dailymotion 85 .................................. 331
......................... 333
........................................................... 334
KeySniffer
.................................. 335
/............................................................. 336
3 337
white-hat hacker
100 ......... 338
3 339
F-Secure Helsinki
.................... 340
iPhone 5c
...................................................................................................... 341
Europol
25593 342
(NCSC)
700 ............................................................................................................. 344
........................................................................ 345
Smart Nation3 346
Singtel
cybersecurity.......................................................................................... 348
CPU
machine learning................................................................................................... 349
Phillips Hue....................................................................................... 350
IBM
................................................................ 351
..................................... 352
354
2 ................................................................................................ 353
NIST NSRL
......................................................................... 354
Statistics
2558
Star Wars
..................... 357
FBI 2.3
2
........................................................................................... 358
Apple iOS 80
Touch ID 89%..................................................................................................... 359
Kaspersky DDoS 2559......................... 360
PandaLabs 2559
227,000 ................................................................................ 361
........................................................................ 362
Windows 1 4 Internet Explorer
Flash Java........................................................................................................ 363
Ransomware
90,000
.......................................................................................... 364
Ransomware 2559
10
2558........................................................................ 365
4
........................................................................................ 366
58 59
2.3 ......................................................... 367
3 368
10
6 369
3 370
DDoS 2559
88% ..................... 372
Kaspersky DDoS 2559
Linux Botnet....................................................................... 373
...................................................................................................................... 374
21
....................................................................................... 375
2559
200%......................................................................... 376
1 5
...................................................................................................... 377
........................................................................................................... 378
40% Word3 379
Sucuri
2559
WordPress
Joomla!....................................................... 380
DDoS 1
................................................................................................... 381
1 10
.............................................................................................. 382
Android
1
Play Store..................................................................................... 383
89%
Wi-Fi
.......................................................................... 384
NTT Security
3 2559
............................................................................. 385
15%
20% Telnet
....................................................... 386
................................... 387
77%
95% .................................................................................................... 388
Akamai 3 2559
IoT
........................................................................ 389
66%
................................................................. 390
Flash Player, Internet Explorer Windows
.................................................................................................................. 391
UK 90% Windows XP
2 .............................................................................................. 392
1 5
. .................. 393
Google 2559
Nexus............................................................. 395
VMware privilege escalation
Shared Folder........................................................................................................ 396
OpenSSH Private Key
.................................................................................................................. 397
Debian
...................................................... 398
Microsoft, Adobe, Google, Mozilla Apple
.. 593 399
Truecaller
Android 100
.................................................................. 400
iOS 9 - 9.3.1
Passcode ................................................................................................ 401
Cisco
....................................... 402
Adobe Flash Player 21.0.0.213
................. 403
Samsung Galaxy
. SMS . ..................................... 404
QuickTime Windows
Apple .................................................. 405
Cisco
....................................... 406
HP Data Protector
.................................................... 407
Firefox 46
................................................ 408
Chrome
.................................. 409
ImageMagick
........................................................................ 410
Apple Xcode 7.3.1 Git
.............................................................................. 411
OpenSSL
......................................................... 412
Cisco Cisco TelePresence................................ 413
HTTPS
............. 414
WordPress 4.5.2
........................................ 415
Microsoft Adobe
.................................................................................................... 416
Adobe Flash Player 21.0.0.242 ............. 417
WordPress
Jetpack
XSS ...................... 418
.............................................................................................. 419
.................................................................................... 422
Mitsubishi Outlander
................ 423
KeePass HTTPS
............................................................................................................ 424
D-Link
................................... 425
! Samsung Software Updater
..... 426
Adobe Flash Player !
(CVE-2016-4171)................................................. 427
Symantec
Norton
..................................................... 428
Foxit Reader 8.0
............................................................ 429
LibreOffice
RTF............................................................................ 430
Wget
1.18
redirect
........................................................................... 431
ThinkPwn BIOS
(CVE-2559-3238)...................................................................... 433
iOS Mac OS X
MMS, , ................................................. 434
Internet Explorer Edge Microsoft Account
.................................................................................................................. 435
Quadrooter Qualcomm Snapdragon
Android root
........................................................................... 436
!
Cisco
Equation Group.............................................................. 437
Apple OS X
........... 438
Cisco WebEx Meetings Server ....... 439
Drupal .............................................................................. 440
Cisco 850,000
0-day
BENINGCERTAIN....................................................................... 441
Samsung Knox
................................................................ 442
....................................................................................................... 443
Avtech
130,000 .................................................. 444
Pork Explosion Android
....................................... 446
Akami SSHowDowN OpenSSH
IoT
DDoS......................................................................................... 447
Nine Android
........................................................................................... 448
Netis, D-Link,
Asus 3 ............................................................................................................. 449
Dirty COW Linux (CVE-2559-5195)
root ................................................................................................ 450
Joomla! 3.6.4
.................................................................. 451
Adobe Flash Player
............................................................................................. 452
Joomla! 3.6.4
25,000
........................................................................................ 453
MySQL, MariaDB PerconaDB
(CVE-2559-6663, CVE-2559-6664).... 454
D-Link DIR
remote administration.......................... 455
MacBook Pro 2016 Touchbar SIP ()
........................................................................................................................... 466
30
Awa re n e s s
CYBER THREATS 31
2016
Mastercard
()
92%
: 25/02/2558
: BBC <http://thcert.co/TNJPbn>
32
(http://www.manager.
co.th/Home/ViewNews.aspx?News-
ID=9590000026501)
IT data center
data center
manager
3.
FM-200, Novec 1230
3
1.
CO2
data center
data center 2
2.
CYBER THREATS 33
2016
3.
1.
4.
2.
: 2/25/2559
:
( Infrastructure Network )
<http://thcert.co/mx65S0>
34
HackerOne 150,000
Hack the Pentagon 18
12 2559
: 4/4/2559
: U.S. Deparment of Defence
<http://thcert.co/4TCbKj>
CYBER THREATS 35
2016
blockchain
Defense Advanced
Research Projects Agency (DARPA)
blockchain
: 4/26/2559
: ZDNet <http://thcert.co/HEIWJY>
36
ICPA
Industrial Cybersecurity
Promotion Agency (ICPA)
2560
2563
: 23/05/2559
: Softpedia <http://thcert.co/1WTXlu>
38
SandJacking
iOS
iOS ()
Android iOS
iOS App Store
GPS
iOS
(
https://www.thaicert.or.th/papers/
technical/2014/pa2014te003.html) Su-A-Cyder
Black Hat Asia
iOS
Apple
Xcode 7
iOS 8.3 Apple
Apple ID
CYBER THREATS 39
2016
Apple
iOS
SandJacking
Backup
Restore SandJacking
Backup iOS Apple
iOS
Backup Restore
Restore
Backup
: 28/05/2559
: Security Week <http://thcert.co/HsHn0M>
40
Social Network
4.
5.
6.
7. Do Not
Track
ETDA
8.
1.
9.
2.
10.
3. URL
: 28/05/2559
: ETDA <http://thcert.co/QwA48k>
CYBER THREATS 41
2016
42
TeamViewer
TeamViewer
Remote Desktop
1
2559 ()
TeamViewer
2 (2-Factor
TeamViewer Authentication)
The
Register
TeamViewer
2
TeamViewer
DNS
CYBER THREATS 43
2016
3. TeamViewer
TeamViewer
1. 4.
VNC
2. 2
( http://www.teamviewer.
com/en/help/402-How-do-I-acti-
vate-deactivate-two-factor-authenti-
cation-for-my-TeamViewer-account.
aspx)
: 02/06/2559
: Inquisitr <http://thcert.co/P35ukG>,
Reddit <http://thcert.co/YVTgBF>,
TeamViewer <http://thcert.co/5jDUro>
44
2.
3.
4.
Tripwire
5.
1.
HTTPS
SD Card 2 (2 Step Authentication)
CYBER THREATS 45
2016
6. Wi-Fi 9.
VPN
7. 9
8.
: 06/06/2559
: Tripwire <http://thcert.co/r0NsQA>
46
1.
appIe.com I ()
l ()
Infosec
Institute
2.
googlr.com
-
3.
ebay-payment.com
- Redirect
URL
URL
-
3
: 07/06/2559
: Infosec Institute <http://thcert.co/JmjklZ>
CYBER THREATS 47
2016
TeamViewer
TeamViewer
1.
TeamViewer 2 (2 Factor Authentication)
2 www.teamviewer
Trusted Devices .com Edit Profile
Two factor authentication
Activate
2
2 Google Authenticator
TeamViewer 2.
(
2 Blacklist (
TeamViewer ) ) Whitelist
Data Integrity (
)
TeamViewer
Extras > Options Security
Configure Black
and Whitelist
48
3. 4. Windows
Team- TeamViewer
Viewer
4 Extras > Options >
Advanced > Show advanced
options Always
Whitelist Lock Remote Computer
Extras > Options > Security
Password strength
Disabled
Secure Very secure
: 07/06/2559
: TeamViewer <http://thcert.co/69cNpR>,
Reddit <http://thcert.co/kc6kYW>
CYBER THREATS 49
2016
Kaspersky
Android
iPhone
Serial
Android (
Android 4.4 5.0)
Android
6.0
iPhone
Pair
Android
AT command (
Black Hat Europe 2014 https://www.
Serial blackhat.com/docs/eu-14/materials/
Firmware eu-14-Pereira-Charge-Your-Device-
With-The-Latest-Malware.pdf)
50
Serial
: 08/06/2559
: Security Affairs <http://thcert.co/ZI22Ni>,
Kaspersky <http://thcert.co/PEzwjF>
CYBER THREATS 51
2016
DBS OCBC
DBS
2560
OCBC
2559
Voiceprint
(
)
(Fingerprint)
Citibank
66% Citibank
52
(Authentication) 3 1 2 (
ATM + +
1. (Something you know) SMS OTP)
ATM 3
2. (Something you have)
ATM
3. (Something you
are)
: 17/06/2559
: Computer Weekly <http://thcert.co/MkdYPO>
CYBER THREATS 53
2016
Google
2 OTP
2
OTP (One https://myaccount.google.com
Time Password) SMS Sign-in & Security > 2-Step
Verification > Google prompt > ADD
PHONE
(
Google 1 )
2
Android iOS
iOS
OTP Google app
2
Google
(https://www.
thaicert.or.th/papers/general/2015/
pa2015ge001.html)
: 23/06/2559
: Mashable <http://thcert.co/pSuZWz>
54
Security Affairs
2558 Jeremy
Cook 18 Remote Wipe
: 24/06/2559
: Security Affairs <http://thcert.co/Z3a5oI>
CYBER THREATS 55
2016
https://odette.
carto.com/viz/c5cf5b84-fdb9-11e5-
bbd7-0e3a376473ab/embed_map
Protection1
6,000
http://www.insecam.org/en/bycoun-
try/TH/
Los Angeles, San Francisco
New York
: 24/06/2559
: Protection1 <http://thcert.co/Bqg5iu>
56
Facebook
Naked Security (Privacy) >
(Who can see my stuff?) >
Facebook
(Who can see your future
1. posts) (Friends)
Facebook
(Public) (Setting) >
Facebook (Privacy) >
(Who can
see my stuff?) >
(Limit the audi-
ence for posts youve shared with
friends of friends or Public)
(Limit Old posts)
Facebook
Profile
... > (View As..)
(Setting) >
CYBER THREATS 57
2016
Profile
Facebook
2. Facebook 2
Facebook
Facebook
Facebook
SMS
2
Facebook (Setting) >
(Security) >
(Login Approvals)
Facebook
(Setting) >
(Privacy) >
(Who can look me up?) (Setting) > (Security)
> (Login Alerts)
3.
2
: 27/06/2559
: Naked Security <http://thcert.co/2xuOWh>
58
Malvertising
MSN, BBC
Malvertising (
Malware + Advertising)
Malwarebytes 70%
Malvertising
Malwarebytes
Adobe Flash Player,
Adobe PDF Reader, Java
: 27/06/2559
: Malwarebytes <http://thcert.co/iZ49JU>
CYBER THREATS 59
2016
Windows XP
TrapX
( Windows XP
MEDJACK
medical device hijack Windows )
Backdoor
Botnet
TrapX
Windows XP
: 29/06/2559
: The Register <http://thcert.co/KSigvM>,
TrapX <http://thcert.co/2lj8X3>
60
1234
Smart home security system
SMS
1234 admin1234
: 30/06/2559
: heise online <http://thcert.co/lJ1s3x>
CYBER THREATS 61
2016
3.
(Whitelist)
4. Log
Log
1.
XP
Firewall
(https://www.
thaicert.or.th/papers/general/2014/
pa2014ge001.html)
2.
: 29/06/2559
: The Register <http://thcert.co/KSigvM>,
TrapX <http://thcert.co/2lj8X3>
62
Tinder
Symantec
Tinder
118.76
: 22/07/2559
: Help Net Security <http://thcert.co/k5rvDP>,
Symantec <http://thcert.co/Skd5lM>
CYBER THREATS 63
2016
Pokemon GO
Pokemon GO -
Android iOS
2559
6 2559
-
GPS
-
()
Pokemon GO
( http://gizmodo.com/
armed-robbers-used-pokemon-go-
to-find-9-victims-1783416898)
64
-
-
( http://www.straitstimes.
com/world/united-states/pokemon-
goes-to-court-in-backyard-monster-
trespassing-case)
-
(
https://www.theguardian.com/
technology/2559/aug/01/pokemon-
go-banned-sex-offenders-new-york)
( http://
-
www.standard.co.uk/news/world/
pok-mon-go-japanese-officials-plead-
(
with-people-to-stop-playing-game-in-
http://www.androidcentral.com/
hiroshima-memorial-park-a3306701.
researchers-find-remote-access-tool-
html)
side-loading-pokemon-go-apk)
-
- Google
CYBER THREATS 65
2016
-
Google
( http://www.ktnv.
com/news/contact-13/new-scam-
targets-pokemon-go-players)
: 08/08/2559
: ThaiCERT <http://thcert.co/RYqBRy>
66
Firefox
Windows
Mozilla Firefox Firefox
(digital Firefox
certificate) 49
Firefox
Windows Windows
access:config
address bar Firefox
( root certificate) settings security.
Firefox enterprise_roots.enabled
Firefox 49
13 2559
: 05/09/2559
: Softpedia <http://thcert.co/M1xgsd>
CYBER THREATS 67
2016
social engineering
Social engineering
3.
social
engineering (phishing)
1.
2.
: 07/09/2559
: Brightmove <http://thcert.co/lQKWw1>
68
iPhone
- Find my iPhone
Apple iPhone
iPhone iPhone
activate (https://support.apple.com/
kb/PH2702?locale=th_TH&viewlo-
cale=th_TH)
iPhone -
iOS
iMessage
- iPhone Apple (https://support.apple.
Watch Apple Watch com/th-th/HT203042)
(https://support.apple.com/th-th/
HT204568) -
(Erase
- All Content and Settings) (https://
support.apple.com/th-th/HT201274)
SMS
iTunes
iCloud (https://support.apple.com/
th-th/HT203977) https://
icloud.com/find
: 09/09/2559
: Apple <http://thcert.co/bBvYIV>,
Graham Cluley <http://thcert.co/z02G3Y>
CYBER THREATS 69
2016
1.
(Security
Question)
(
)
2.
(
)
: 19/09/2559
: Kaspersky <http://thcert.co/slrzJW>
70
CloudFlare
WordPress
CloudFlare
WordPress
CloudFlare
web application
firewall (WAF), cache ,
SSL,
CloudFlare
WordPress (https://wordpress.
org/plugins/cloudflare/)
: 23/09/2559
: Softpedia <http://thcert.co/pexLau>
CYBER THREATS 71
2016
ATM skimming
ATM skimming 2559
Kaspersky
skimmer
ATM
( 12
ATM skimmer
https://www.thaicert.or.th/
papers/general/2013/pa2013ge009. GSM
html)
EMV Chip-and-PIN
(biometrics)
: 03/10/2559
: The Merkle <http://thcert.co/zn6G4I>,
The Register <http://thcert.co/EEzi6p>
72
SDK
(IAEA - International Atomic
Energy Agency)
3-4
2557
(
)
: 12/10/2559
: ZDNet <http://thcert.co/eifhLU>
74
Facebook
( )
: 14/10/2559
: ThaiCERT <http://thcert.co/tGWVLM>
CYBER THREATS 75
2016
Microsoft
EMET 2561
Windows 10
EMET
Microsoft EMET
Windows 10
Windows
EMET
(
EMET https://www.thaicert.or.th/
papers/technical/2013/pa2013te005.
html) Windows 10 ()
3 2559
Microsoft
EMET
2561
Windows 10
: 07/11/2559
: ZDNet <http://thcert.co/7OI7Ox>
76
SHA-1 2560
35%
(digital certificate)
SHA-1 HTTPS
Lets Encrypt
(https://letsencrypt.org/)
HTTPS
2560 SHA-1
SHA-2
SHA-1 HTTPS 2560
HTTP
Venafi 35%
SHA-1
2560
: 18/11/2559
: Information Security Magazine <http://thcert.co/9jk1rl>,
Venafi <http://thcert.co/hnDZMS>
CYBER THREATS 77
2016
Star Wars - Rogue One
:
Rogue One: A Star Wars
Story Star -
Wars 3 4
Death Star
-
- - (data center)
-
(data leak prevention)
-
CYBER THREATS 79
2016
- -
1
: 22/12/2559
: Slate <http://thcert.co/U0scCe>,
Threat stack <http://thcert.co/w7DqwT>,
Preservica <http://thcert.co/E8jYc3>
80
(
)
Wi-Fi
: 26/12/2559
: 9News <http://thcert.co/eT5Hk3>
82
Fraud
CYBER THREATS 83
2016
Netflix
Symantec
Netflix
(Phishing site)
Netflix
Netflix
URL
Netflix Symantec
Infostealer.Banload
: 15/02/2559
: Softpedia <http://thcert.co/CeGKlX>
84
Apple SMS
Apple ID
SMS AppleInc (Phishing)
SMS Apple ID
SMS
Apple URL
2
Apple ID
Apple
ID
: 12/04/2559
: Graham Cluley <http://thcert.co/4SyShc>
CYBER THREATS 85
2016
iOS 9.3
iOS
iOS 9.3
taig9.com
taig.com
TaiG
iOS iOS
en-pangu.com
Pangu en.pangu.io
: 19/04/2559
: Mobipicker <http://thcert.co/3ZfLMX>
86
Financial Fraud Action
UK
2558
72%
168.8
: 20/04/2559
: Help Net Security <http://thcert.co/tqvxfm>
CYBER THREATS 87
2016
Facebook
Facebook
Netcraft
Facebook
Facebook
HTTPS facebook. Login Alert
com
Login Approval
2
: 28/04/2559
: Netcraft <http://thcert.co/GM0qcC>
88
: 15/06/2559
: <http://thcert.co/0gdoLd>
CYBER THREATS 89
2016
ISP
Game of Throne
TorrentFreak HBO
HBO
Game of Throne
ISP
Game of Throne
72
: 08/07/2559
: News <http://thcert.co/ERcek0>,
TorrentFreak <http://thcert.co/yoT4qj>
90
FBI
FBI 2.3
International Conference on Cyber
Security
FBI
CEO
CEO
FBI
2556 2559
2
17,642
: 01/08/2559
: CNN <http://thcert.co/wnHfi9>
CYBER THREATS 91
2016
PayPal PayPal
Proofpoint
Proofpoint
PayPal
PayPal Proofpoint
Youve got a money request
members@paypal.
com
PayPal
PayPal
(
100 URL)
PayPal
URL
Google (goo.gl)
Zeus
: 03/08/2559
: Hackread <http://thcert.co/KTP2sE>,
Proofpoint <http://thcert.co/onyBrS>
92
9 2559
(.
.)
Twitter
: 10/08/2559
: <http://thcert.co/gXBNxO>,
<http://thcert.co/AFg96J>
CYBER THREATS 93
2016
GoDaddy
DEFEND Magazine
(hxxp://
GoDaddy mtparent.com/themes/www.html)
GoDaddy
GoDaddy
support@godaddy.com
20 GB 24 URL
: 29/08/2559
: DEFEND Magazine <http://thcert.co/1hbGOX>
94
DSI VoIP
.
(DSI)
0 2831 9888
DSI
.
DSI
() ATM
DSI
DSI
DSI .
0 2831 9888
DSI
DSI .
.
. DSI
VoIP
DSI .
. 0 2831 9888
CYBER THREATS 95
2016
DSI
DSI
DSI
ATM
: 30/08/2559
: (DSI) <http://thcert.co/4owTG7>
96
WhatsApp
Facebook
2559 1.
WhatsApp
Facebook
2556
WhatsApp
Facebook
Facebook 2.
30
Setting () >
Account ()
Share my account info
()
WhatsApp
Facebook WhatsApp
2 Facebook
: 30/08/2559
: NakedSecurity <http://thcert.co/tKrRhS>,
WhatsApp <http://thcert.co/GcWDuR>
CYBER THREATS 97
2016
1,500
Leoni AG
2559
2559 FBI
1,500
1
( )
: 02/09/2559
: Softpedia <http://thcert.co/GJvLmh>,
Leoni <http://thcert.co/Y6Pqxx>
98
Trustwave
(Point-of-Sale)
Trustwave
3 social engineering
Carbanak
1 2556-2557
: 15/11/2559
: Computer World <http://thcert.co/fSZdEe>,
Trustwave <http://thcert.co/ScV7fq>
CYBER THREATS 99
2016
iPhone
Apple ID
Pantip SMS
iPhone Apple ID
iCloud Apple
(Lost mode) Find My iPhone
Apple ID
(Factory reset)
OTP
Apple ID
(Phishing) SMS Find My
iPhone
Apple
iOS
Apple ID Apple ID
Apple
ID
2
: 28/12/2559
: Pantip <http://thcert.co/m5HJtk>
100
Incident
CYBER THREATS 101
2016
7
7
2554-2556
DDoS
7
: 28/03/2559
: We Live Security <http://thcert.co/xlQkSe>
102
MedStar Health
28 2559 MedStar Health Inc.
MedStar
Health Inc.
(Ransomware)
17,000
FBI
: 30/03/2559
: Inquisitr <http://thcert.co/RQv7FK>
CYBER THREATS 103
2016
FBI
53
FBI
(Office of Personnel Management)
2553 FBI
(https://otx.alienvault.com/
pulse/56c4d1664637f26ad04e5b73/)
1
: 07/04/2559
: Motherboard <http://thcert.co/XaJ9CA>
104
Panama Papers
Mossack Fonseca
Wired
Drupal
2555
(SSL v2)
Wikileaks
: 07/04/2559
: Naked Security <http://thcert.co/O4xDhj>,
Wired <http://thcert.co/IJHCSi>
CYBER THREATS 105
2016
(Department of Homeland Security)
2558
(Energy Sector) 103
6
Call Center
17 2557
: 07/04/2559
: DHS <http://thcert.co/SSEqsM>,
CNN <http://thcert.co/HMO75G>,
The Register <http://thcert.co/TIAMi2>
106
Check Point
Taobao
ebay
Qihoo 360
Whitelist
Google Play,
App Store
: 12/04/2559
: Check Point <http://thcert.co/HRmcAn>
CYBER THREATS 107
2016
2558
Eddie Tipton
()
14.3
6 DLL
Eddie
Tipton DLL DLL
DLL
: 22/04/2559
: Security Affairs <http://thcert.co/bTx0Kh>
108
ISIS
ISIS
ISIS
Cyber Caliphate Army (CCA) Junaid
ISIS Hussain
Sons Caliphate Army (SCA) 2558,
Kalacnikov.TN (KTN) 2559
United 2559
Cyber Caliphate UCC
ISIS
(Web Defacement)
50,000 ,
3,602
: 28/04/2559
: Softpedia <http://thcert.co/1hviX9>,
The New York Times <http://thcert.co/v2eZBC>
CYBER THREATS 109
2016
Qantas
Wi-Fi
Qantas
40
2
Wi-Fi hotspot Mobile
Detonation Device
Wi-Fi
: 02/05/2559
: Mashable <http://thcert.co/XFyaav>
110
FBI
FBI
SWIFT
81
SWIFT
FBI
1
: 11/05/2559
: CIO <http://thcert.co/ohW5Lv>,
PC World <http://thcert.co/V45jHG>
CYBER THREATS 111
2016
Microsoft Platinum
Microsoft
51.4%
(2.9%)
,
Spear-Phishing
: 12/05/2559
: Microsoft <http://thcert.co/R85cAK>
112
2
SWIFT
2
81
SWIFT
SWIFT 2
PDF
SWIFT
2
SWIFT
2
: 13/05/2559
: Reuters <http://thcert.co/kd0H7b>
CYBER THREATS 113
2016
GhostShell
32
FTP
15 2559 NASA,
GhostShell Pentagon, Federal Reserve FBI
32 1.6
( 2558
) Pastebin
, 500
1,181
82
FTP
FTP
( FTPS), ,
2556 Ghostshell ,
120,000
: 18/05/2559
: Security Affairs <http://thcert.co/Uk6tjJ>
114
FDA 2559
Merge Hemo
5
(Whitelist)
: 18/05/2559
: Ars Technica <http://thcert.co/DVoJZr>
CYBER THREATS 115
2016
SWIFT
12
3 SWIFT
SWIFT
2559
2 SWIFT
3
Banco del Austro (BDA)
2559
: 23/05/2559
: The Hacker News <http://thcert.co/YaLoe6>
116
Twitter 2,500
/
Symantec
Twitter 2,500
Twitter
2554
2
: 25/05/2559
: SC Magazine <http://thcert.co/uyJAkX>
CYBER THREATS 117
2016
RUAG
30,000
2557
2559
RUAG
-
(
Active
Blacklist Whitelist)
Directory
-
User
-
RUAG -
118
Log
- Web Proxy - Log
Log 2
Log DNS
- Log
- (Centralize Log)
- Log
Active Directory
- RUAG https://www.
melani.admin.ch/dam/melani/en/
dokumente/2016/technical%20
- report%20ruag.pdf.download.pdf/
2 (2 Factor-authentication) Report_Ruag-Espionage-Case.pdf
-
(Audit)
: 25/05/2559
: The Register <http://thcert.co/I4VW5f>,
ISC <http://thcert.co/kdDeze>
CYBER THREATS 119
2016
SWIFT
Sony Pictures
SWIFT
Lazarus
4 Sony Pictures 2557
Symantec
Sony SWIFT
Pictures 2557
12
: 30/05/2559
: The Guardian <http://thcert.co/IdpPR6>,
The Register <http://thcert.co/2XU2bT>,
Ars Technica <http://thcert.co/892DGB>
120
TeamViewer
TeamViewer
Dr.Web
BackDoor.TeamViewer.49
Adobe
Flash Player TeamViewer
TeamViewer
: 31/05/2559
: Softpedia <http://thcert.co/eFdbAu>,
Dr.Web <http://thcert.co/k11FwQ>
CYBER THREATS 121
2016
FireEye
2559
Microsoft Office
FireEye
( https://www.thaicert.or.th/
alerts/user/2015/al2015us003.html)
: 07/06/2559
: Softpedia <http://thcert.co/WtWZkL>,
FireEye <http://thcert.co/W9FxGD>
122
Twitter Pinterest
LinkedIn
LinkedIn, Tumblr
MySpace dadada
LinkedIn, Twitter Pinterest
OurMine
LinkedIn
Facebook
Twitter Pinterest
Have I Been Pwned (https://
Twitter haveibeenpwned.com)
2
: 07/06/2559
: Softpedia <http://thcert.co/oWXn3W>
CYBER THREATS 123
2016
Toyota Lexus
Lexus
: 09/06/2559
: BBC <http://thcert.co/vOOTj1>,
The Guardian <http://thcert.co/F4s3ic>
124
7
2559 Transparaent Tribe
Softpedia 2559
2559
7 Android
Romantic Intruder
.
: 13/06/2559
: Softpedia <http://thcert.co/FKJehX>
CYBER THREATS 125
2016
Twitter
2
Naked Security
Twitter
2
DeRay Mckesson
4
Financial Fraud
Action UK
: 15/06/2559
: Naked Security <http://thcert.co/I34cS9>
126
GoToMyPC
GoToMyPC
Remote Desktop Remote Desktop
18 2559
GoToMyPC TeamViewer
Remote Desktop
2
GoToMyPC
: 20/06/2559
: GoToMyPC <http://thcert.co/0DmNph>
CYBER THREATS 127
2016
Twitter Twitter
Mark Zuckerberg
20 2559
Twitter Pinterest Dick
Costolo CEO Twitter
OurMine
Twitter
Twitter
OurMine
Twitter Pinterest Mark
Zuckerberg
Mark Zuckerberg
: 21/06/2559
: Softpedia <http://thcert.co/xBLOo8>,
Recode <http://thcert.co/WnAWUj>
128
SWIFT
10
2559
SWIFT
5
10
SWIFT
: 28/06/2559
: Security Affairs <http://thcert.co/WCJqdK>
CYBER THREATS 129
2016
Lizard Squad
DDoS
Arbors Security
Engineering and Response Team
(ASERT)
DDoS Lizard Squad
2558
Botnet DDoS
LizardStresser
2558 Lizard Squad
Linux
: 04/07/2559
: Threatpost <http://thcert.co/7c9uBj>,
Arbor Networks <http://thcert.co/0mk3yo>
130
iOS
iCloud
iOS
Find My iPhone 2 Find
My iPhone Apple
30-50 ID OTP
Apple ID Apple
Apple ID
40
: 11/07/2559
: MacRumors <http://thcert.co/P43Hrv>,
CSO Online <http://thcert.co/yIcwCr>
CYBER THREATS 131
2016
Marriot Hyatt
Steam
9.1
DLH.net Redeem
3
31 2559 DLH
LeakedSource
DotA 2 DLH.net
( https://
vBulletin www.leakedsource.com/main/da-
tabaselist/)
Steam DLH.net
Facebook (
Facebook)
Steam
LeakedSource
84%
Redeem
Steam 9.1
LeakedSource
: 22/08/2559
: ZDNet <http://thcert.co/0PxVKj>
CYBER THREATS 133
2016
Epic Games
8
Epic Games
Epic Games
Epic Games Access Token
2559 Facebook Facebook
Epic Games
8
https://www.leakedsource.com
SQL
Injection
vBulletin
: 24/08/2559
: ZDNet <http://thcert.co/RFl0cy>
134
Fitness Tracker
McDonalds
McDonalds
Happy Meals Happy Meals
Step-iT
Fitness Tracker McDonalds
(Wearable)
(Consumer
Product Safety Commission: CPSC)
70
7
30
()
: 24/08/2559
: Mashable <http://thcert.co/VJYbn7>,
CPSC <http://thcert.co/KSMy5z>
CYBER THREATS 135
2016
FBI
12 2559 DirBuster
FBI
IP
Acunetix
SQL Injection
SQLmap
: 30/08/2559
: Gizmodo <http://thcert.co/HfkWuy>,
CSO Online <http://thcert.co/pE9FMG>
136
: 22/09/2559
: XORcat <http://thcert.co/Pz0gIY>
CYBER THREATS 137
2016
OVH
21 2559
DDoS
1.1
Tbps ( 125 )
OVH
(Internet
of Things)
(DVR)
botnet
150,000
1-30 Mbps
DDoS 1.5 Tbps DDoS
DDoS
: 28/09/2559
: SC Magazine <http://thcert.co/jtKELX>,
The Register <http://thcert.co/VLsVrc>
138
1.5
botnet DDoS
2559 response
DDoS
2
Brian Krebs DDoS
botnet
OVH request
DDoS 2
660 Gbps 1 Tbps
DDoS
Level 3
Brian Krebs
DAHUA Technology
(IoT -
Internet of Things) 1 botnet
botnet username
CloudFlare BackConnect
DDoS Mirai
IoT
amplification attack Linux
request DDoS ( Mirai
CYBER THREATS 139
2016
http://blog.malwaremustdie.
org/2559/08/mmd-0056-2016-linux-
mirai-just.html)
DAHUA Technology DDoS
DDoS DDoS
IoT
: 30/09/2559
: Motherboard <http://thcert.co/JorQFh>
140
2559
20,000
: 04/10/2559
: Softpedia <http://thcert.co/hjppvB>,
Yonhap News Agency <http://thcert.co/rtgLN2>
CYBER THREATS 141
2016
GlobalSign
GlobalSign GlobalSign
root CA
ISP
GlobalSign GlobalSign
(https://support.globalsign.com/
customer/portal/articles/1353318)
: 14/10/2559
: The Register <http://thcert.co/AmCwLA>,
GlobalSign <http://thcert.co/MMkXZf>
142
30 2559
2559
(Business Continuity Plan)
: 03/11/2559
: BBC <http://thcert.co/lCQAO4>
CYBER THREATS 143
2016
Tesco Bank
20,000
6 2559
Tesco Bank
40,000
(online criminal)
: 08/11/2559
: Ars Technica <http://thcert.co/T1euEn>
144
DDoS
IoT
BBC
DDoS Internet of Things
8-9 2559 (IoT)
Sberbank
Kaspersky
DDoS
IoT
60 1 Tbps
12
: 11/11/2559
: BBC <http://thcert.co/qrPJTm>
CYBER THREATS 145
2016
Lenovo
Windows Server 2016 November
Lenovo Lenovo
Microsoft Windows Server 2016
2559 (KB3200970)
Lenovo M5 ( )
X6 Windows Update
Microsoft Windows
Lenovo Server 2016
2559
Lenovo
: 22/11/2559
: Lenovo <http://thcert.co/EKaeRr>
146
ATM
Group IB ATM Cobalt
ATM
Diebold Nixdorf NCR ATM
ATM ATM
(
ATM ATM Jackpotting
2559)
: 23/11/2559
: The Hacker News <http://thcert.co/IgqLMq>,
Fortune <http://thcert.co/sZ3QL0>,
Softpedia <http://thcert.co/IhLxBO>
CYBER THREATS 147
2016
ISP DDoS
1 Mirai
27 2559 thaicert.or.th/papers/general/2559/
Deutsche Telekom pa2016ge001.html)
DDoS
SANS ISC
TR-069
1 ISP
German Federal Office (
for Information Security (BSI) TCP 7547)
2559
2 Deutsche Telekom
(Speedport W 921V
Speedport W 723V Type B) (
2 SANS https://isc.sans.edu/forums/
diary/TR069+NewNTPServer+-
ISP Exploits+What+we+know+so+-
far/21763/)
SANS ISC
Mirai 7547
IoT
DDoS ( ISP
https://www. Shodan 41
148
7547
2
ZyXEL, D-Link
: 30/11/2559
: The Register <http://thcert.co/dN77MG>,
Security Affairs <http://thcert.co/yuMWRk>,
SANS ISC <http://thcert.co/c9o0Yr>
CYBER THREATS 149
2016
BBC
Chieveley (jammer)
: 06/12/2559
: TripWire <http://thcert.co/KZiWRP>,
BBC <http://thcert.co/MYXktY>
150
HIV
Indian Express
Health Solutions
2559
35,000
3
: 07/12/2559
: Softpedia <http://thcert.co/j7h00Y>
CYBER THREATS 151
2016
Skype
Skype
Skype ID Microsoft
Account Skype ID
2
URL LinkedIn
Baidu Microsoft Account
hxxps://www[.]linkedin[.]com/
slink?code=e2nsPHa#jpulusiv=vic- Skype
timskypeid
hxxp://www[.]baidu[.]com/
link?url=6kdJhiuGhlv0r4EfUsqBK- Skype
W9t86Werul6GdqAieiiPyC
1. www.skype.
redirect com Skype ID
2. Profile
2559 3. Personal information
Change password
Skype Skype
Skype
(
Microsoft Account
Skype ID) Microsoft
Skype
Microsoft Account
152
: 21/12/2559
: Fortinet <http://thcert.co/FPXm8v>,
bruceb news <http://thcert.co/nNFCiC>
CYBER THREATS 153
2016
1
Ukrenergo
17 2559
1
2558
: 21/12/2559
: Hackread <http://thcert.co/KgCBDk>,
Hackread <http://thcert.co/ESiexX>
154
Leet DDoS
650 Gbps
Imperva
Imperva
21 2559
DDoS Leet Unix
( Linux)
650 Gbps ()
Leet
Mirai header packet
Internet of TCP Options 1337
Things (IoT) Leet Elite
Imperva
: 29/12/2559
: Security Week <http://thcert.co/VecZi4>,
Imperva <http://thcert.co/3swdCG>
CYBER THREATS 155
2016
APT28 APT29
(DHS) FBI
: 30/12/2559
: Graham Cluley <http://thcert.co/AEww0U>,
US-CERT <http://thcert.co/ZjgJ44>
156
Anonymous
#OpSafePharma
16
#OpSafePharma
Anonymous Artek
#OpSafePharma
16 2559
DDoS
30 2559
: 31/03/2559
: Softpedia <http://thcert.co/pWuU0O>
158
Open source
Open source
STAMP (Static Tool
Analysis Modernization Project)
Open source Static
Open source
: 01/04/2559
: CSO <http://thcert.co/QMvy9e>
CYBER THREATS 159
2016
NIST
National Institute of
Standards and Technology (NIST) S/MIME
PGP
(SP 800-177
Trustworthy Email)
2
2550 2559 NIST
NIST (http://csrc.nist.
gov/publications/drafts/800-177/
sp800-177_second-draft.pdf)
NIST
2559
: 04/04/2559
: The Register <http://thcert.co/TbNCbt>
160
SpyEye 24
2
24
SpyEye
2556
: 21/04/2559
: Krebs On Security <http://thcert.co/osf2DM>
CYBER THREATS 161
2016
Personal Data Protection
Commission (PDPC)
4 K Box Entertainment
Group 50,000
2014
PDPC
2555 7
2557
: 22/04/2559
: ZDNet <http://thcert.co/UsH3WB>
162
recovery key
Mac Pro
external
harddisk 2
2558
Mac Pro iPhone 5S external harddisk 2
Mac Pro
Apple FileVault
iPhone 5S
: 28/04/2559
: Ars Technica <http://thcert.co/sl9vNb>
CYBER THREATS 163
2016
(Fifth Amendment)
: 02/05/2559
: The Verge <http://thcert.co/O2ptSA>
164
LulzSec
Jonnel
De Asis 23 2559
LulzSec LulzSec Anonymous
55 (defacement)
Paul Biteng
23
Anonymous
: 03/05/2559
: Softpedia <http://thcert.co/kZjsE6>
CYBER THREATS 165
2016
GCHQ
(Phishing)
: 26/05/2559
: Motherboard <http://thcert.co/3TF3oZ>
CYBER THREATS 167
2016
FBI
Adobe Flash
FBI Player Firefox
FBI
FBI
: 01/06/2559
: Naked Security <http://thcert.co/NRvz6r>,
Motherboard <http://thcert.co/Yw2oQi>
168
2554
(Fourth Amendment)
221
: 02/06/2559
: Reuters <http://thcert.co/8cA6Sd>,
ZDNet <http://thcert.co/subnJQ>
CYBER THREATS 169
2016
50
45
50
2554
45
(Federal Security Service)
Lurk
: 03/06/2559
: Kaspersky <http://thcert.co/vBRL6o>,
Softpedia <http://thcert.co/pemeZW>
170
Straits Times Cloud Security
Alliance
2560
100,000
: 08/06/2559
: Straits Times <http://thcert.co/sG5KEq>
CYBER THREATS 171
2016
David Nosal
2551
David Nosal
Kon Ferry
2
Kon Ferry
: 06/07/2559
: Softpedia <http://thcert.co/4iTxw5>
172
FBI
(http://www.hhs.gov/sites/default/
files/RansomwareFactSheet.pdf)
: 21/07/2559
: SC Magazine <http://thcert.co/JgSdrl>
CYBER THREATS 173
2016
Artem Vaulting
Kickass Torrent Kickass
Torrent Facebook
Fanpage Kickass Torrent
2559 Apple
iTunes
IP Facebook
Apple, ()
Facebook Coinbase
Bitcoin
Coinbase
Kickass Torrent
Bitcoin Artem
Kickass Torrent Vaulin
iTunes
Kickass Torrent
: 25/07/2559
: Hackread <http://thcert.co/1rbS1l>
174
DDoS
2557
Chu request 6,652
Tsun-wai 20 16
15 DDoS
2557
Chu
Anonymous
Asia
Google
DDoS
Shanghai Commercial Bank
: 01/08/2559
: Softpedia <http://thcert.co/V1JfGt>,
South China Morning Post <http://thcert.co/rheuaN>
CYBER THREATS 175
2016
(FDIC - Federal Deposit Insurance (Digital Right Management)
Corporation)
(Deposite Insurance)
2 (2-Factor
Authentication)
FDIC
Phishing
FDIC
: 11/08/2559
: Federal News Radio <http://thcert.co/dJwigp>
176
2555
2
2
(Private Chat)
(Privacy Protection)
: 19/08/2559
: Vice <http://thcert.co/TonCz5>,
Fried <http://thcert.co/8jtdbg>
CYBER THREATS 177
2016
Verizon 5
Mozilla
WoSign StartCom Apple
2559 Mozilla Firefox
Mozilla
WoSign
(Certificate Authority - CA)
Apple
- SHA- WoSign 19
1 2559
20 2558 iOS macOS
Apple
SHA-1
WoSign
- StartCom CA StartCom
2558
CA
StartCom
- StartCom StartSSL
SHA-1
Mozilla
WoSign StartCom
1
: 04/10/2559
: The Register <http://thcert.co/Sggi0V>,
Softpedia <http://thcert.co/WpS7E9>
CYBER THREATS 179
2016
FBI
Lizard Squad PoodleCorp
FBI Voice
2 Zachary
Buchta
Bradley Jan Willem Van Rooy Van Rooy
Lizard Squad @LizardLands FBI
PoodleCorp ( ) direct
DDoS message
19
FBI
FBI IP
@fbiarelosers, @xotehpoodle
@LizardLands 2558
NCA
6
Lizard Squad
Buchta 15-20
@fbiarelosers
@xotehpoodle
Google
: 10/10/2559
: Motherboard <http://thcert.co/GLacQl>
180
IoT
CSA
Cloud
Security Alliance (CSA)
(Internet of Things - IoT) IoT
13
IoT
( https://www.thaicert.or.th/
newsbite/2016-09-30-01.html#2016-
09-30-01) CSA
(https://cloudsecurityalliance.org/
IoT download/future-proofing-the-con-
nected-world/)
: 10/10/2559
: Krebs on Security <http://thcert.co/oXyvqU>,
Government Technology <http://thcert.co/skTFTC>
CYBER THREATS 181
2016
Apple Watch
Apple
Watch
Apple
Watch
(wearable devices)
: 11/10/2559
: Telegraph <http://thcert.co/gaoKSm>,
The Verge <http://thcert.co/PXy6KY>
182
G7
G7
8 (https://www.treasury.
gov/resource-center/international/
g7-g20/Documents/G7%20Funda-
mental%20Elements%20Oct%20
2016.pdf)
: 14/10/2559
: Infosecurity Magazine <http://thcert.co/sAFlnL>
CYBER THREATS 183
2016
IoT
Mark Warner
IoT
(Senate Cybersecurity Caucus)
(Federal Communications
Commission FCC)
(Federal Trade
Commission FTC)
(Department Warner
of Homeland Security DHS)
(Internet of ISP
Things IoT)
DDoS (
IP )
ISP
184
IoT
IoT
IoT
IoT
(
)
IoT
DDoS
: 26/10/2559
: Krebs on Security <http://thcert.co/WvIXCA>
CYBER THREATS 185
2016
FCC ISP
-
(Federal Communications
Commission FCC)
(ISP)
-
- 30
5,000
Federal Trade
Commission (FTC), U.S. Secret Service
- of breaches FBI 7
-
FTC
- (FTC data security requirements)
NIST (NIST cyber-security framework)
-
186
3
6
1
Facebook Google
FCC
FCC
: 01/11/2559
: FCC <http://thcert.co/tVaxrS>,
Naked Security <http://thcert.co/SooSbp>
CYBER THREATS 187
2016
2559-2564
2559-2564 (National
Cyber Security Strategy 2016-2021)
1,900 -
( 84,000 ) (NCSC)
6 700
3
- National
Cyber Crime Unit
:
50
(critical infrastructures)
-
:
(Cyber Security Innovation
Centre)
:
: 16/11/2559
: GOV.UK <http://thcert.co/ejBZeh>
188
The 70
Guardian 2557
8%
2559 31%
( hands-free)
GPS
: 20/12/2559
: The Guardian <http://thcert.co/hZmk3V>
190
NIST
NIST 3. Detect
Special Publication 800-184
Guide for Cybersecurity Event
Recovery 53 4. Respond
(Cybersecurity 5. Recovery
framework)
5
1. Identify NIST
5
(Recovery)
2. Protect
NIST
: 28/12/2559
: Federal News Radio <http://thcert.co/zHaW6k>,
NIST <http://thcert.co/bM94dQ>
CYBER THREATS 191
2016
1 2560
1 2560
: 30/12/2559
: ZDNet <http://thcert.co/9ilDuX>
192
Malware
CYBER THREATS 193
2016
Emisoft Lab
HydraCrypt UmbreCrypt
Boss
(ransomware) CrypBoss 2
(http://
Emsisoft Lab emsi.at/DecryptHydraCrypt)
15
HydraCrypt
UmbreCrypt Cryp-
: 15/02/2559
: Emsisoft <http://thcert.co/FQBARG>
194
Linux Mint
Backdoor ISO
21 2559 e71a2aad8b58605e906d-
Linux Mint bea444dc4983 linuxmint-17.3-cin-
namon-64bit.iso
ISO
Linux Mint 30fef1aa1134c5f3778c-
www.linuxmint.com 77c4417f7238 linuxmint-17.3-cin-
Backdoor ISO namon-nocodecs-32bit.iso
3406350a87c201cdca0927b1bc-
7c2ccd linuxmint-17.3-cinnamon-no-
codecs-64bit.iso
ISO Linux
df38af96e99726bb0a1ef-
Mint 20 2559
3e5cd47563d linuxmint-17.3-cin-
ISO Backdoor
namon-oem-64bit.iso
Linux Mint 17.3 Cinnamon
MD5 Checksum
ISO Linux
Mint
Backdoor
MD5 Checksum ISO
ISO
6e7f7e03500747c6c3bfece-
2c9c8394f linuxmint-17.3-cinna-
mon-32bit.iso
: 23/02/2559
: The Linux Mint Blog <http://thcert.co/RdMrq>
CYBER THREATS 195
2016
CTB-Locker
CTB-Locker
Windows
: 29/02/2559
: Bleeping Computer <http://thcert.co/uuKPTO>
196
: 01/03/2559
: We Live Security <http://thcert.co/JAZFMK>
CYBER THREATS 197
2016
KeRanger
Mac
1 bitcoin
Palo Alto 14,000
(ransomware)
KeRanger
Mac 5 2559 Apple
OS X OS X
Palo Alto (http://researchcenter.
paloaltonetworks.com/2016/03/
4 2559 Palo new-os-x-ransomware-keranger-in-
Alto fected-transmission-bittorrent-cli-
Installer ent-installer)
Transmission 2.90
(transmissionbt.com)
3
: 08/03/2559
: Palo Alto <http://thcert.co/ipN1dq>
198
TeslaCrypt 4.0
Heimdal 1,200
TeslaCrypt 4.0
RSA 4096
TeslaDecoder
600
Virustotal 3-4
(
21 2558)
: 24/03/2559
: Heimdal Security <http://thcert.co/9ZZOdO>
CYBER THREATS 199
2016
3. Flash
Player Settings -> Apps/
Application manager -> Flash Player
-> Uninstall
IP
SMS
(C2)
OTP
ESET
: 25/03/2559
: We Live Security <http://thcert.co/nFWUsO>
200
Petya MFT
(ransomware)
MFT
(
)
Petya
Petya .exe
MFT (Master File Table)
: 29/03/2559
: Bleeping Computer <http://thcert.co/rygvQo>
CYBER THREATS 201
2016
ESET
Remaiten Backdoor
DDoS
Tsunami Gafgyt
23 (Telnet)
(Default Password)
: 31/03/2559
: SC Magazine <http://thcert.co/w7Zye3>
202
Android.Lockdroid
Android
Android.Lockdroid
(ransomware)
Android
2559 Symantec device administrator
Android
10,000 100
Symantec
Android
: 01/04/2559
: Symantec <http://thcert.co/islIM2>
CYBER THREATS 203
2016
: 05/04/2559
: Softpedia <http://thcert.co/j1w54c>
204
OSX.Pirrit Mac OS X
Adobe Photoshop CC
Cybereason Labs
(adware)
Mac OS X
OS X
OSX.Pirrit
Microsoft Office 2016
: 08/04/2559
: Threatpost <http://thcert.co/qUNkp9>
CYBER THREATS 205
2016
CryptoHost
.rar
CryptoHost
(ransomware)
- 2559
.rar CryptoHost
0.33 bitcoin
140
Mulware Hunter
: 11/04/2559
: Bleeping Computer <http://thcert.co/P28v0Z>
206
!
Amazon
Mike Olsen URL
Amazon
admin
admin Amazon
admin
iframe
: 12/04/2559
: ZDNet <http://thcert.co/sZDBUU>
CYBER THREATS 207
2016
Jigsaw
Jigsaw
.fun
Jigsaw
Saw 0.4 bitcoin 160
JigSawDecrypter
(https://download.bleep-
1,000 ingcomputer.com/demonslay335/
JigSawDecrypter.zip)
: 12/04/2559
: Softpedia <http://thcert.co/OfsltG>
208
ATM
Trend Micro Windows XP
European Cybercrime Centre (EC3)
ATM
2554-2558
ATM
2557-2558
15%
ATM
ATM ( )
ATM
: 18/04/2559
: Trend Micro <http://thcert.co/FUkRTG>
CYBER THREATS 209
2016
SamSam JBoss
2559
Cisco
SamSam
JBoss Backdoor
1 Cisco
3.2 JBoss
: 19/04/2559
: The Register <http://thcert.co/4dNQlX>
210
CryptXXX
Bitcoin
CryptXXX
2559
.crypt
1.2 Bitcoin 500
Bitcoin
FTP,
: 20/04/2559
: Proofpoint <http://thcert.co/lCkNQw>
CYBER THREATS 211
2016
TeslaCrypt
Endgame Inc.
TeslaCrypt
TeslaCrypt (
4.1)
.zip
.js
JavaScript
: 21/04/2559
: Threatpost <http://thcert.co/f72VXh>
212
Android
root
Blue Coat Labs
Android
Android towelroot (CVE-2014-3153)
4.4.4 root
Android 4.4.4
Factory Reset
Dogspectus
root
CYBER.POLICE 100%
iTunes Gift Card
Android 4.4.4
2
Hacking Team 2558
: 26/04/2559
: ZDNet <http://thcert.co/1i6NVy>,
Threatpost <http://thcert.co/C73RU0>
CYBER THREATS 213
2016
! Play Store
Doctor Web
Play
Android.Spy.277.origin Google Store
Play Store 100
1
Google Play Store
Doctor Web Google
Play Store
Check Point
: 26/04/2559
: Check Point <http://thcert.co/2HZ5uo>,
Graham Cluley <http://thcert.co/jsYfhZ>
214
Pirate Bay
Malwarebytes
Pirate Bay
23-24 2559
: 27/04/2559
: Malwarebytes <http://thcert.co/A3yG2X>
CYBER THREATS 215
2016
CryptXXX
CryptXXX
2559 1
.crypt
500
Kaspersky
CryptXXX
Kaspersky (http://media.kasper-
sky.com/utilities/VirusUtilities/RU/
rannohdecryptor.exe)
: 27/04/2559
: Threatpost <http://thcert.co/7ncPj5>
216
7ev3n-HONE$T
(ransomware) 7ev3n-
HONE$T
.r5A
1 Bitcoin
400
: 28/04/2559
: Bleeping Computer <http://thcert.co/VXVPWr>
CYBER THREATS 217
2016
: 28/04/2559
: We Live Security <http://thcert.co/mqwk3Q>
218
Alpha
Alpha
https://
download.bleepingcomputer.com/
.encrypt demonslay335/AlphaDecrypter.zip
400
iTunes Gift Cards
: 02/05/2559
: Bleeping Computer <http://thcert.co/S0aWYK>
CYBER THREATS 219
2016
FBI
FBI
(https://
www.fbi.gov/news/stories/2559/april/
incidents-of-ransomware-on-the-rise) FBI
FBI
: 03/05/2559
: Threatpost <http://thcert.co/h7efzq>
220
Android
SMS
: 03/05/2559
: McAfee <http://thcert.co/BTQn89>
CYBER THREATS 221
2016
PhishLabs
Android
Google Play Store Google
2559 11 Play Store
: 03/05/2559
: Softpedia <http://thcert.co/HFFxs0>
222
Dridex
Cerber
Cerber
Adobe Flash
Player 2559
Adobe Flash Player Jigsaw
FireEye
Dridex
Cerber
Microsoft Office
Microsoft Office
Macro Macro
Dridex
Locky
: 13/05/2559
: Fireeye <http://thcert.co/rdG1sp>,
Trend Micro <http://thcert.co/C7J8yp>
CYBER THREATS 223
2016
CryptoXXX 2.0
CryptoXXX Kaspersky
CryptoXXX
2559
.crypt RannohDecryptor 1.9.1.0
500
Kaspersky Kaspersky (https://
support.kaspersky.com/viruses/
disinfection/8547)
( CryptoXXX 2.0)
: 17/05/2559
: Security Affairs <http://thcert.co/dXxUYN>
CYBER THREATS 225
2016
TeslaCrypt
TeslaCrypt
ESET
TeslaCrypt
http://
support.eset.com/kb6051/ https://
id-ransomware.malwarehunterteam.
com
: 19/05/2559
: Bleeping Computer <http://thcert.co/FSAiLm>
226
! WhatsApp Gold
WhatsApp Gold
WhatsApp
WhatsApp Gold
SMS
: 26/05/2559
: Help Net Security <http://thcert.co/Ka05Lt>
CYBER THREATS 227
2016
ZCryptor
.zcrypt
Microsoft
ZCryptor
(
)
( )
Flash Player
Microsoft Office
.zcrypt
: 30/05/2559
: Microsoft <http://thcert.co/I6nnJs>
228
Asus LiveUpdate
Windows
Duo Labs Acer, Asus, Dell,
HP Lenovo
: 08/06/2559
: Morgan Gangwere <http://thcert.co/7FaxBg>
230
Android
URL
2559 Kaspersky
Android Triada (Phishing)
Triada
2559 Kaspersky
Triada
SMS
Triada
:
Android Browser ( Triada
Android), 360 Secure Browser, root
Cheetah Browser Oupeng Browser
(:
Android
)
Home page
URL
: 13/06/2559
: Graham Cluley <http://thcert.co/CAep8s>,
Kaspersky <http://thcert.co/BjALqE>
CYBER THREATS 231
2016
FLocker
Android
FLocker FLock-
er
FLocker
Android
FLocker
2558
iTunes
Gift Card
FLocker
: 13/06/2559
: Graham Cluley <http://thcert.co/CAep8s>,
Kaspersky <http://thcert.co/BjALqE>
232
FireEye iOS
iOS App Store Apple
(SDK) Vpon App Store
App Store
FireEye 2558
XcodeGhost
iOS
(
https://www.thaicert.or.th/
alerts/user/2015/al2015us006.
html)
iOS
FireEye
App Store Vpon iOS
(https://www.
AdsMogo thaicert.or.th/papers/technical/2014/
36 ( pa2014te003.html)
2559)
FireEye Apple
Vpon
: 15/06/2559
: FireEye <http://thcert.co/9tr75i>
CYBER THREATS 233
2016
TeamViewer
TeamViewer 11)
TeamViewer (
) Trend Micro
TeamViewer
1
Trend Micro
TeamViewer
TeamViewer
TeamViewer
Adobe Flash
TeamViewer Player
6.0.17222.0 TeamViewer
2553 ( TeamViewer
: 16/06/2559
: Trend Micro <http://thcert.co/5ee2V1>
234
True
Lenovo P1m SMS
Lenovo
P1ma40_S006_160615_16G_TRUE
> >
1,334 MB
: 20/06/2559
: Lenovo <http://thcert.co/AhnWYE>,
Pantip <http://thcert.co/TKvRKw>
CYBER THREATS 235
2016
JavaScript
RAA
JavaScript ( .js) .exe .js
mgJaXnwanxlS_doc_.
js
Windows Script Host
JavaScript
250 Microsoft
(https://technet.microsoft.com/en-
us/library/ee198684.aspx)
: 21/06/2559
: Bleeping Computer <http://thcert.co/qtxD5m>
236
Godless
Play Store root
Trend Micro
Godless
Google Play Store
root
Trend Micro
850,000
45%
3
Godless
Android
2 root root
CVE-2015-3636
(PingPongRoot) CVE-2014-3153
(Towelroot) factory reset
Android
5.1
Google Play
90% Android
Store 100%
Trend Micro
Google Play
Store Godless
root
: 22/06/2559
: Trend Micro <http://thcert.co/zUOkF9>
CYBER THREATS 237
2016
OTP
Trend Micro 6. OTP
BKDR_MANGIT.SM
OTP
9 7. OTP
8,800
600 10
OTP SMS
1.
SMS
2.
SMS
3.
Google Play Store Apple Store
4.
5.
: 21/06/2559
: Bleeping Computer <http://thcert.co/qtxD5m>
238
Facebook
- .js .vbs
Facebook
- Windows
Scrip Host
(https://
technet.microsoft.com/en-us/library/
( https:// ee198684.aspx)
www.thaicert.or.th/alerts/user/2016/
-
al2016us001.html)
Facebook - Facebook
JavaScript (.js)
-
Facebook (https://
www.facebook.com/settings?tab=ap-
plications)
-
Facebook
: 28/06/2559
: Hackread <http://thcert.co/RSzuEm>,
StackExchange <http://thcert.co/MvFl54>
CYBER THREATS 239
2016
Office 365
22 2559
Microsoft Office 365 Macro
57%
Microsoft Office 365
Dridex
Cerber
Enable
Content Macros
Cerber
500
: 28/06/2559
: Avanan <http://thcert.co/ftSo2G>,
The Register <http://thcert.co/bpAycH>
240
LevelDropper
Play Store root
Android root Store
Godless
Google Play Store
Android root
LevelDropper Google Play
Store
Android
6.0
Android
root 6.0
Android
root
Google Play
: 28/06/2559
: Lookout <http://thcert.co/MEFVEN>
CYBER THREATS 241
2016
Avast
Retefe
HTTPS
JavaScript
HTTPS
Proxy
HTTPS
: 29/06/2559
: Help Net Security <http://thcert.co/dYYr2z>
242
Hummer Android
35,000 root
Cheetah Mobile
Android
Hummer
root Android
root
Hummer
150,000
9
35,000 Android root
root Android
6.0
Factory Reset Android
6.0
Android
500,000
: 01/07/2559
: Help Net Security <http://thcert.co/YXA5vO>,
Cheetah Mobile <http://thcert.co/kUdcRz>
CYBER THREATS 243
2016
Mac
BitDefender Mac
Eleanor (Backdoor.
MAC.Eleanor) App Store
Backdoor
Mac
EasyDoc Converter
Tor
: 06/07/2559
: BitDefender <http://thcert.co/OCs4jU>
244
Keydnap Mac
ESET Tor,
Keydnap Mac OS X
Keychain
Keydnap
.zip Gatekeeper
.jpg .txt
(Unix
executable)
space ( Mac OS X
screenshot.jpg screenshot.
jpg)
Mac OS X
Terminal
backdoor
: 08/07/2559
: We Live Security <http://thcert.co/cgF5Qy>
CYBER THREATS 245
2016
Pokemon GO
Pokemon GO Pokemon GO
Android iOS
2559
Play Store App Store
Play Store
App Store
Proofpoint
Pokemon GO Android
Backdoor Droidjack
: 11/07/2559
: Proofpoint <http://thcert.co/TvdV5P>
246
Ranscam
Talos
Ranscam
(https://www.facebook.com/
thaicert/videos/657180994430037/)
Ranscam
: 14/07/2559
: Talos <http://thcert.co/IG7Xgh>
CYBER THREATS 247
2016
Europol
Europol
Shade
Intel Security, Kaspersky
Lab Intel Security
No More Ransom Kaspersky Lab
(https://www.nomoreransom.org)
: 26/07/2559
: Help Net Security <http://thcert.co/UrAztL>
248
Microsoft
..WSF ( . 2 )
Microsoft
Nemucod .ZIP
.WSF .
( (
) Nemucod spreadsheet_1529..wsf)
.ZIP
.ZIP .WSF
.. .WSF
.WSF (Windows Scripting
File)
JavaScript VBScript
Windows Scripting Host
: 28/07/2559
: The Register <http://thcert.co/xnpCt9>,
Microsoft <http://thcert.co/czD4Ql>
CYBER THREATS 249
2016
SpyNote
Android
: 02/08/2559
: Threatpost <http://thcert.co/o2f1nF>,
Palo Alto Networks <http://thcert.co/GXRBEv>
250
FossHub
Audacity Classic Shell
Audacity
Classic Shell FossHub
: 04/08/2559
: Softpedia <http://thcert.co/tUYnn1>,
Audacity <http://thcert.co/erqT1S>
CYBER THREATS 251
2016
Dr.Web Dr.Web
Android Google Play Store (SDK) SDK
155
Android.Spy.305
2.8
MaxMitek Inc, Fatty Studio,
Spyware Gig Mobile, TrueApp Lab, Sigourney
Studio, Doril Radio.FM, Finch Peach
Google Mobile Apps Mothrr Mobile Apps
IMEI
: 04/08/2559
: Softpedia <http://thcert.co/9TSk71>,
Dr.Web <http://thcert.co/0RfGlK>
252
Shortcut
Properties shortcut)
shortcut
- executable shortcut
.exe, .com, .scr shortcut
- .docx, .pdf
shortcut
- .js, .vbs
Target shortcut
cmd.exe (Command Prompt
Sophos Windows)
shortcut .js
shorcut
.lnk shortcut
shortcut shortcut
Properties
Windows shortcut
shortcut
(
Target shortcut
CYBER THREATS 253
2016
: 05/08/2559
: Naked Security <http://thcert.co/jiDu8c>
254
Cerber
2559 Cerber
Cerber
.cerber2 ( .cerber)
Cerber
2559 Cerber
Trend Micro
Cerber
: 08/08/2559
: Softpedia <http://thcert.co/WyIwAo>,
Fuzzer <http://thcert.co/CPyDIU>
CYBER THREATS 255
2016
Svpeng Android
Google AdSense
Kaspersky )
Svpeng
Android SMS
Google
AdSense
Android Device Administrator
Google AdSense (
) Factory Reset
Android
.apk Google AdSense
.apk ( https://
www.thaicert.or.th/papers/gener-
al/2014/pa2014ge004.html)
Android
Device
Administrator (
: 17/08/2559
: Business Insider <http://thcert.co/XHpCUY>,
SecureList <http://thcert.co/DXUFO1>
256
FireEye
2559
Locky
.DOCM
Microsoft Word
Macro 2559
88%
2559
FireEye
Locky
2559 17,000
: 23/08/2559
: FireEye <http://thcert.co/qBO5iH>,
ZDNet <http://thcert.co/00itos>
CYBER THREATS 257
2016
Rex Linux
Bitcoin DDoS
Stormshield Dr.Web
Rex
Linux Rex
CMS Drupal
Wordpress - Stopmshield (https://thisisse-
curity.net/2559/08/17/from-website-
locker-to-ddos-rex/)
Bitcoin - Dr.Web (http://vms.drweb.com/
(Command & Control) virus/?_is=1&i=8436299)
DDoS
Drupal : 23/08/2559
: Softpedia <http://thcert.co/q6PZMr>
CVE-2014-3704
(Drupalgeddon) SQL
Injection
Wordpress
CMS
Magento
258
Wildfire
Pegasus iOS
iOS 9.3.5 !
25 2559 Pegasus
Apple iOS 9.3.5 NSO Group
3
iOS
Pegasus
Pegasus iOS 3
CVE-2016-4655, CVE-2016-4656
CVE-2016-4657 3
2559
Citizen Lab Lookout
Lookout Pegasus
Pegasus
iOS
3
GPS Apple Apple
iOS 9.3.5
iOS
: 26/08/2559
: Citizen Lab <http://thcert.co/wEcu2J>,
Lookout <http://thcert.co/jmDSgf>
260
Locky
DLL
Transmission ()
Keydnap Mac OS X
28 2559
transmissionbt.com
Transmission
Linux (
Mac OS X http://transmissionbt.com/
Transmission keydnap_removal/)
2.92
Transmission
Transmission
Keydnap 6 2559
KeRanger
Transmission
Transmission
hash
: 31/08/2559
: We Live Security <http://thcert.co/KXJyXg>,
Transmission <http://thcert.co/3p60wY>
262
CheckPoint
Android Google
40 Google
Play Store Play Store
DressCode Android
DressCode
Google Play Store
2559
2
Botnet
: 01/09/2559
: Softpedia <http://thcert.co/eqyiz7>,
CheckPoint <http://thcert.co/gphLgW>
CYBER THREATS 263
2016
Cerber
Trend Micro
2559 Cerber Cerber 3.0
3.0
.cerber3
.cerber2
: 01/09/2559
: Trend Micro <http://thcert.co/1zw6V3>,
Bleeping Computer <http://thcert.co/iwhWq9>
264
Gugi
Android 6
Kaspersky
Android Gugi
drawing over other
Android 6 apps Gugi
SMS
device
administrator
Google Play
SMS Android 6
(permission)
(command & control) SMS
Android 6
(Marshmallow) Google
CYBER THREATS 265
2016
Gugi
Gugi 2558 Gugi
2559
Gugi
safe mode (
power Play Store
safe mode
)
: 07/09/2559
: Kaspersky <http://thcert.co/dB2lPz>
266
NAS Seagate
Sophos
Mal/Miner-C
Monero ( Bitcoint
(cryptocurrency) ) Sophos
NAS
17,000
Sophos NAS
NAS Seagate Seagate Central
Seagate Central
7,000
( 70%
) Sophos NAS
Photo.scr
: 13/09/2559
: Sophos <http://thcert.co/VZZxxq>
CYBER THREATS 267
2016
iOS 75
App Store
Trend Micro
iOS Haima
(adware)
iOS
75
Haima IMEI IP
enterprise App
App Store Store
iOS
App Store
()
: 14/09/2559
: Softpedia <http://thcert.co/dEVqKg>,
Trend Micro <http://thcert.co/jrQEIV>
268
.hta
Malwarebytes
.hta
.hta (HTML Application)
HTML
Internet Explorer
.hta
VBScript
JavaScript
.hta
PowerShell
Kovter Cerber
: 15/09/2559
: Malwarebytes <http://thcert.co/gqpJPC>
CYBER THREATS 269
2016
Komplex Mac OS X
Palo Alto Networks PDF
Komplex
Mac OS X
(aerospace industry)
MacKeeper Komplex
Remote Code
Execution
(
)
3
Sofacy Group
Mac OS X
(
MacKeeper )
IP
PDF
CYBER THREATS 271
2016
- appleupdate[.]org - itunes-helper[.]net
- apple-iclouds[.]net - 185.10.58.170
: 27/09/2559
: PC World <http://thcert.co/5acxiQ>,
Palo Alto Networks <http://thcert.co/N7do2J>
272
MarsJoke
96
Proofpoint
0.7 Bitcoins
22 2559 (320 10,000
)
96
file_6.exe
MarsJoke
: 28/09/2559
: ZDNet <http://thcert.co/xMbD3Y>
274
Xpan remote desktop
Kaspersky
remote desktop
Xpan Kaspersky
http://
TeamXRat support.kaspersky.com/
Kaspersky
brute force remote desktop
remote desktop brute force
brute force
.___xratteamLucked
1 bitcoin (
20,000 )
: 30/09/2559
: Softpedia <http://thcert.co/uPInia>,
Kaspersky <http://thcert.co/sk3HNz>
CYBER THREATS 275
2016
Mirai IoT
DDoS
Brian Krebs backdoor
Mirai
botnet
IoT
IoT (Internet of Things)
DDoS
DDoS
Mirai
IoT
: 03/10/2559
: Krebs on Security <http://thcert.co/hW8G1i>,
Dr.Web <http://thcert.co/Xb4uxK>
276
Cerber
4
2559
Cerber Cerber
.cerber3
4
( .b71c)
README.hta
Cerber
( MySQL, Microsoft SQL)
: 07/10/2559
: Bleeping Computer <http://thcert.co/7q2rR3>
CYBER THREATS 277
2016
Symantec Odinaff
macro
Symantec Symantec
Odinaff
SWIFT
2559 3
: 12/10/2559
: Symantec <http://thcert.co/votZ7X>
278
NyaDrop
IoT Linux
: 17/10/2559
: Softpedia <http://thcert.co/Ko6Np2>,
Malware Must Die <http://thcert.co/bpM7gb>
CYBER THREATS 279
2016
Mirai
Sierra Wireless
Sierra Wireless
Aircard, 3G Wi-Fi Sierra Wireless LS300,
GX400, GX/ES440, GX/ES450
RV50
Mirai
Sierra Wireless (http://
source.sierrawireless.com/~/media/
support_downloads/airlink/docs/
Mirai technical%20bulletin/sierra%20
(Internet of wireless%20technical%20bulle-
Things - IoT) tin%20-%20mirai%20-%204oct2016.
ashx?la=en)
Mirai
DDoS
: 18/10/2559
: ZDNet <http://thcert.co/OE07nY>,
ICS-CERT <http://thcert.co/TGlmmd>
280
Microsoft
Locky .LNK
Microsoft
Locky shortcut
.ZIP Sophos
.LNK cmd.exe
shortcut
(downloader)
shortcut ( .LNK)
Target shortcut
PowerShell
: 20/10/2559
: Microsoft <http://thcert.co/ZwTiMS>
CYBER THREATS 281
2016
Google AdWords
macOS
macOS (
macOS)
( )
Google AdWords
keyword OSX/InstallMiez
Google
25 2559
keyword Google AdWords
Google Chrome macOS
Google Chrome
Google
Google Chrome
: 02/11/2559
: Cylance <http://thcert.co/DylziN>
282
JavaScript
.apk 1,024
.apk
.apk
: 08/11/2559
: Ars Technica <http://thcert.co/hXGhKz>,
Best Security Search <http://thcert.co/S1w5lR>,
Securelist <http://thcert.co/Jpb5Nd>
CYBER THREATS 283
2016
Mirai (DVR)
Mirai
Internet of Things (IoT)
(
Mirai DDoS )
1 Tbps
IoT
IoT
IoT
(CCTV) Mirai IoT
(DVR) https://www.thaicert.or.th/papers/
general/2016/pa2016ge001.html
: 21/11/2559
: The Register <http://thcert.co/Mo4eUj>,
Pen Test Partners <http://thcert.co/yj6eCv>
284
Facebook
Facebook
Facebook .svg
.svg Nemucod Locky
Facebook
.svg
JavaScript
.svg
(extension)
Google Chrome Facebook https://
Facebook www.thaicert.or.th/alerts/user/2016/
.svg al2016us001.html
: 22/11/2559
: The Hacker News <http://thcert.co/5iNVor>,
Blazes Security Blog <http://thcert.co/mIx4lo>
CYBER THREATS 285
2016
Keygen
Symantec Symantec
Gatak
Stegoloader
Keygen
Keygen
SketchList3D,
BobCAD-CAM, Siemans SIMATIC STEP 7,
CadSoft Eagle Professional,
Manctl Skanect Keygen
: 28/11/2559
: Beta News <http://thcert.co/r3NZ5I>,
Security Week <http://thcert.co/VoEeQp>,
Symantec <http://thcert.co/cL87hs>
286
Gooligan Android
root Google Account
Check Point
Gooligan Google
Android
root
Google 2559 Android
1
Check Point
Google
Play
Store
https://gooligan.checkpoint.
root com/
VROOT (CVE-2013-6282)
Towelroot (CVE-2014-3153)
root Android 4-5 factory reset
root
(inject)
Google Play Google
Mobile Services
Google
: 01/12/2559
: Check Point <http://thcert.co/7uG9xx>
CYBER THREATS 287
2016
Android
Android.
DownLoader.473.origin Android.
Sprovider.7 Dr.Web
17/12/2559
: 23/12/2559
: Hackread <http://thcert.co/SqgASH>,
Trend Micro <http://thcert.co/STQDth>
290
Privacy
CYBER THREATS 291
2016
Apple
FBI Apple
iPhone Backdoor
iPhone Apple
iOS
Data Protection
Apple FBI
FBI Data Protection
Apple (Backdoor) iOS 8 Passcode
Apple (Passcode)
FBI Apple
: 18/03/2559
: The Hacker News <http://thcert.co/WzJDSt>
292
: 25/03/2559
: ThreatPost <http://thcert.co/e1ET4T>
CYBER THREATS 293
2016
QQ Browser
Citizen Lab
QQ Browser
QQ Browser
Tencent Android
Windows, Mac, .apk
iOS Android man-in-the-
middle .apk
QQ Browser Windows
.exe
QQ Browser Android
Windows
IMEI, IMSI, Wi-Fi
, ,
, 2559 Tencent
, QQ Browser
QQ
Browser
: 31/03/2559
: Citizenlab <http://thcert.co/RBlK18>
294
CNBC
CNBC
CNBC
Google Docs
CNBC
HTTP
Google Docs
: 31/03/2559
: BGR <http://thcert.co/ycb4d0>
CYBER THREATS 295
2016
50
6 2559
2551
50
- (80 )
: 07/04/2559
: Wired <http://thcert.co/qXnZ7Q>
296
27 2559
Web Defacement 9
1.3
15.8
2553
: 08/04/2559
: Trend Micro <http://thcert.co/zdEcvF>
CYBER THREATS 297
2016
Privacy International
2544
(MI5, MI6 GCHQ) Investigatory Powers
: 22/04/2559
: Ars Technica <http://thcert.co/3Tb9aK>
298
VPN Opera
Proxy
Opera 2558)
Proxy
VPN
Michal Spacek
VPN Proxy Opera
Proxy
Opera
VPN Opera VPN
api.surfeasy.com (
VPN Opera
: 25/04/2559
: Help Net Security <http://thcert.co/CW1HdS>
CYBER THREATS 299
2016
93.4
Amazon Web Service
(AWS) 2558
15.8
50
AWS
Amazon
: 25/04/2559
: Network World <http://thcert.co/UuQvnR>
300
1.5 GB
SQL injection
(Qatar
National Bank QNB)
1.5 GB
SQL injection
: 29/04/2559
: Security Affairs <http://thcert.co/T06850>,
BTimes <http://thcert.co/PkVrhH>
CYBER THREATS 301
2016
Facebook 2558
13%
6
Facebook 3
3
Facebook
(Transparency report) (https://govtrequests.facebook.
Facebook com/country/Thailand/2015-H2/)
2015
46,763
6 2558
13% 60%
: 29/04/2559
: The Register <http://thcert.co/Umz1OH>
302
Telegram
SMS OTP
2 (2- Telegram
step verification) SMS OTP
29 2559
SMS
Telegram
SMS
(One Time
Password - OTP) SMS
SMS Telegram
log Telegram
IP
Telegram
2559
Telegram
: 02/05/2559
: Bellingcat <http://thcert.co/DYRuoC>
CYBER THREATS 303
2016
NHS
1.6 Google AI
New
Scientist
Google
NHS (National Healthcare System) (Opt-in)
Google
1.6 (Opt-out)
Streams
HIV Google
: 02/05/2559
: The register <http://thcert.co/LKP2YR>
304
: 06/05/2559
: Reuters <http://thcert.co/GgAHKF>
CYBER THREATS 305
2016
Dataminr
Twitter Twitter
Dataminr
Twitter Dataminr
NSA
John C. Inglis
NSA Twitter
NSA
: 10/05/2559
: CSO <http://thcert.co/cQY4fD>
306
Runkeeper
Norwegian Consumer
Council (NCC) Fitness-
Keeper Runkeeper
GPS
Runkeeper Runkeeper
Runkeeper
: 17/05/2559
: Help Net Security <http://thcert.co/vChkvI>
CYBER THREATS 307
2016
! LinkedIn
2555
LinkedIn 2555
: 19/05/2559
: Smart Company <http://thcert.co/Me51YB>
308
LinkedIn
123456
18 2559 LinkedIn
LinkedIn
LinkedIn
100
LinkedIn
LinkedIn
2555
Leaked Source 2
(2-Factor Authentication)
5 123456, linkedin,
password, 123456789 12345678
: 23/05/2559
: LinkedIn <http://thcert.co/mp6gTX>,
Leaked Source <http://thcert.co/y0FtV0>
CYBER THREATS 309
2016
Anonymous
33
Anonymous
33
SQL Excel 10 DDoS
: 24/05/2559
: Softpedia <http://thcert.co/QshRPx>
310
Facebook Facebook
Google, Twitter
Facebook
2
Facebook
Facebook Twitter
https://twitter.com/privacy
Facebook
Titan https://www.facebook.com/policy.
URL php
Google
https://privacy.google.com/da-
ta-we-collect.html
: 24/05/2559
: The Hacker News <http://thcert.co/O3ZjFp>
CYBER THREATS 311
2016
Tumblr
Tumblr Tumblr
Tumblr 2
2556 (2-Factor Authentication)
65 Tumblr (https://www.tumblr.com/
docs/en/account_security)
Have I been
pwned?
Tumblr
https://haveibeenpwned.com
: 31/05/2559
: Motherboard <http://thcert.co/Pf1OKh>
312
FBI
2559
LinkedIn, Tumblr
MySpace
FBI
FBI
( 2 5 Bitcoin
38,000 95,000 )
: 03/06/2559
: FBI <http://thcert.co/3IhlBU>
CYBER THREATS 313
2016
TeamGhostShell
MongoDB 36
TeamGhost-
Shell
MongoDB MongoDB
NoSQL
MongoDB
Security Checklist
MongoDB (https://docs.mongodb.
com/manual/administration/secu-
rity-checklist/)
: 06/06/2559
: Hackread <http://thcert.co/AL9Jgf>
314
Facebook Netflix
LinkedIn, Tumblr
MySpace
Facebook Netflix
2
Adobe
3 Facebook
: 08/06/2559
: ZDnet <http://thcert.co/wahIwQ>
CYBER THREATS 315
2016
SMS
Settings
Android 6.0
: 09/06/2559
: The Register <http://thcert.co/LWUXn4>
CYBER THREATS 317
2016
GitHub
2FA
GitHub
GitHub
14
2559
GitHub GitHub
2
(2-Factor Authentication)
GitHub (https://help.github.
com/articles/providing-your-2fa-au-
thentication-code/)
: 16/06/2559
: GitHub <http://thcert.co/TdrlfS>
318
Mark Zuckerberg
Mark Zuckerberg
Facebook
Facebook
Spyware
: 22/06/2559
: The Next Web <http://thcert.co/8XQzO0>
CYBER THREATS 319
2016
LogMeIn
LogMeIn
(accounts.logme.in)
LogMeIn
Remote Desktop
2
: 22/06/2559
: Help Net Security <http://thcert.co/zyfVqf>
320
154
154 2558
2
()
L2
: 24/06/2559
: Naked Security <http://thcert.co/Lnna1R>,
The Daily Dot <http://thcert.co/P8wCcM>
CYBER THREATS 321
2016
Google
Google
(https://privacy.google.com/
data-we-collect.html)
Google Privacy Checkup (https://myaccount.
google.com/privacycheckup/)
2559
Google
My Activity (https://myactivity.
google.com/myactivity)
: 01/07/2559
: Life Hacker <http://thcert.co/toDIKj>
322
22
: 14/07/2559
: iMedicalApps <http://thcert.co/7a1MPw>
CYBER THREATS 323
2016
Maxthon Browser
Exatel
: 15/07/2559
: Softpedia <http://thcert.co/ggYSZD>
324
EFF
Electronic Frontier Foundation
(EFF) PDF
Operation Manul
Remote
Access Trojan (RAT) Bandook
JRat
(Spear Phishing)
: 05/08/2559
: Softpedia <http://thcert.co/LSsfmk>,
EFF <http://thcert.co/U7YYXL>
CYBER THREATS 325
2016
Dota 2
2
Dota 2 (http://dev.
dota2.com) vBulle-
Dota 2 tin LeakedSource
10 80%
2559
IP
2 Dota 2
: 10/08/2559
: ZDNet <http://thcert.co/OsDcih>,
LeakedSource <http://thcert.co/r4TbZf>
326
Dropbox 60
Dropbox
2555 2
Dropbox (https://
www.dropbox.com/en/help/363)
: 31/08/2559
: TechCrunch <http://thcert.co/yfqm8N>,
The Register <http://thcert.co/FdMOpl>
328
Seagate
Seagate
social engineering
14 2559
2559
Seagate
CEO
W-2
Seagate
10,000
: 13/09/2559
: Softpedia <http://thcert.co/QHS9lJ>
CYBER THREATS 329
2016
Yahoo 500
22 2559 Yahoo
Yahoo
500
2557
Yahoo
2
( bcrypt) SMS
(https://www.thaicert.or.th/papers/
Yahoo general/2015/pa2015ge001.html)
: 23/09/2559
: CNN <http://thcert.co/4M4pOu>,
Yahoo <http://thcert.co/HmcS5u>
330
Dropbox 60
2559
Dropbox
Dropbox 60 2
Dropbox (https://
www.dropbox.com/en/help/363)
(
)
Dropbox
2557
: 05/10/2559
: Hackread <http://thcert.co/dqsdel>
CYBER THREATS 331
2016
Dailymotion
85
Dailymotion
Dailymotion
85.2 20 2559
Dailymotion
18.3
: 06/12/2559
: ZDNet <http://thcert.co/RWHWu5>
332
VR
3
University of Stuttgart,
Saarland University Max Planck 97%
Institute for Informatics
: 21/04/2559
: Gizmodo <http://thcert.co/UTM7q7>
334
2559
University of West Florida
Virginia Department of Education
: 20/06/2559
: University of West Florida <http://thcert.co/FIm2IY>,
WSET <http://thcert.co/zR5nxg>
CYBER THREATS 335
2016
KeySniffer
Bastille KeySniffer
Bluetooth
10 Logitech, Dell Lenovo
Bluetooth
2553
Anker, EagleTec, General Electric, KeyKeriki 2558
Hewlett-Packard, Insignia, Kensing- KeySweeper
ton, Radio Shack, Toshiba
100
250
76
: 28/07/2559
: Security Affairs <http://thcert.co/CHS9iM>,
KeySniffer <http://thcert.co/w0wQOP>
336
/
Princeton University
HTML5 API
Firefox
VPN
Chrome
: 05/08/2559
: The Guardian <http://thcert.co/rKxJq8>,
IACR <http://thcert.co/bM1ifR>
CYBER THREATS 337
2016
Carnegie
Mellon
Passphrase
16-64
NIST
(National Institute for Standards
and Technology)
60-90
Password Manager KeePass
P@ssw0rd1
P@ssw0rd2
: 15/08/2559
: Washington Post <http://thcert.co/U7x4Yl>
338
white-hat hacker
100
The Japan News
(The
Internal Affairs and Communications 25
Ministry) 1
2560
white-hat
hacker
(cyber drill)
2
100
(National Institute
of Information and Communications
Technology NICT)
: 06/09/2559
: The Japan News <http://thcert.co/gD44Lp>
CYBER THREATS 339
2016
CrowdStrike
-
-
-
cloud
-
: 06/09/2559
: CrowdStrike <http://thcert.co/XrgrPR>
340
F-Secure Helsinki
F-Secure
Helsinki
()
Cyber Security Base with
F-Secure
2558
25
2559
209,000 2562 (http://
mooc.fi/courses/2559/cybersecurity/)
1.5
Cyber Security Base
with F-Secure
: 14/09/2559
: Voice & Data <http://thcert.co/saPW4E>
CYBER THREATS 341
2016
iPhone 5c
iOS iPhone
( NAND Chip)
10 9
2559 FBI
iPhone 5c iPhone 5c
FBI
Apple iOS
3,000
Apple 40 PIN 4
6
iPhone 5c
( iPad iPhone
https://www.youtube.
com/watch?v=tM66GWrwbsY)
(http://
arxiv.org/abs/1609.04327)
: 21/09/2559
: Threat Post <http://thcert.co/wFX3yh>,
Ars Technica <http://thcert.co/UHA50H>,
CNN <http://thcert.co/1rjJsJ>
342
Europol
2559
Europol ATM
NFC
2559 Internet Organised 5.
Crime Threat Assessment
8
6. Darknet
1.
(Crime-as-Service)
7. social
engineering
CEO fraud
2.
3. 8. Bitcoin
4.
CYBER THREATS 343
2016
: 29/09/2559
: Help Net Security <http://thcert.co/GOv7KZ>,
Europol <http://thcert.co/io7ntU>
344
(NCSC) 700
NCSC
(National Cyber Security (Bank of England)
Centre NCSC)
(critical infrastructure)
700
Ciaran Martin
GCHQ CEO NCSC
: 03/10/2559
: Security Affairs <http://thcert.co/wOCfPb>
CYBER THREATS 345
2016
University of Wash-
ington
(
Bluetooth Wi-Fi)
50
25
: 05/10/2559
: Engadget <http://thcert.co/M30rLs>,
University of Washington <http://thcert.co/iBHgeS>
346
Smart Nation
10 2559
4 (National Cybercrime Action Plan)
2559
(Cyber
Security Agency of Singapore - CSA)
(National Cyber Incident Cyber
Response Team) Security Associates and Technologists
(National (CSAT)
Cyber Security Centre) 3
(Cybersecurity 6
Act) 2560
CYBER THREATS 347
2016
: 10/10/2559
: Channel News Asia <http://thcert.co/zU5PGt>
348
Singtel
cybersecurity
-
(National University of Singapore
NUS) Singtel (Internet of Things and industrial
control systems)
(NUS-Singtel Cyber -
Security Research and Development (cyber-
Laboratory) security systems based on quantum
technology)
30
4
5
- 100 NUS
(data and cloud security) Singtel
- 120
(predictive security analytics)
: 28/10/2559
: ZDNet <http://thcert.co/jUxQwJ>
CYBER THREATS 349
2016
CPU
machine learning
Binghamton University
CPU
National Science Foundation
275,000
3
CPU
machine learning
CPU
: 09/11/2559
: Phys.org <http://thcert.co/qgxp3h>,
Binghamton University <http://thcert.co/aoEXVX>
350
Phillips Hue
Phillips Hue
ZigBee (Internet
(symmetric key) of Things IoT)
400
Phillips
Phillips Hue
: 14/11/2559
: The Register <http://thcert.co/VGLitA>,
<http://iotworm.eyalro.n net>
CYBER THREATS 351
2016
IBM
(Internet of Things
IoT) Cloud
: 21/11/2559
: Threatpost <http://thcert.co/XyvGFC>
352
(
YouTube https://www.youtube.com/
watch?v=ez3o8aIZCDM)
RealTek
Ben Gurion
RealTek
: 25/11/2559
: Wired <http://thcert.co/E4eA1D>,
<http://thcert.co/L2nUFH>
CYBER THREATS 353
2016
: 13/12/2559
: Infosecurity Magazine <http://thcert.co/jJAUBm>,
Hakin9 <http://thcert.co/DeKvq6>
354
NIST NSRL
15 2559 NIST
(digtal forensics) Android
iOS 23,000
NSRL
(data reduction) 200,000
(
)
(hash)
RDS Hashsets
NIST (http://
www.nsrl.nist.gov/)
National Software Reference Library
(NSRL) NIST
RDS Hashsets
: 19/12/2559
: CSO <http://thcert.co/nC3TzT>,
NIST <http://thcert.co/56Jcdg>
CYBER THREATS 355
2016
356
Statistics
CYBER THREATS 357
2016
2558
Star Wars
SplashData
2558
1 2 123456
password
Star Wars
starwarssolo
princess
: 20/01/2559
: Gizmodo <http://thcert.co/uX5Q1a>
358
FBI 2.3
2
FBI
2556
2559 17,000
Botnet
2.3
Mimecast
67% 2556
: 11/04/2559
: Softpedia <http://thcert.co/HGwQiQ>
CYBER THREATS 359
2016
Apple iOS 80
Touch ID 89%
Apple Apple
iOS
80
iPhone/iPad 89%
Touch ID
Apple Touch
ID
: 25/04/2559
: Apple Insider <http://thcert.co/r3mPCl>
360
Kaspersky
DDoS 2559
Kasperky
DDoS 10
1 2559 (Kaspersky
DDoS Intelligent Report Q1 2016) 3
3 Syn DDoS
TCP DDoS HTTP DDoS
8
DDoS
: 03/05/2559
: Secure List <http://thcert.co/KpFAJc>
CYBER THREATS 361
2016
PandaLabs 2559
227,000
PandaLabs
Panda Antivirus
2559 Panda
227,000 (http://www.pandasecurity.com/
mediacenter/src/uploads/2016/05/
Pandalabs-2016-T1-EN-LR.pdf)
IoT (Internet of Things)
: 10/05/2559
: Panda Security <http://thcert.co/yRWvz7>
362
Mail.ru, Google, Yahoo, Microsoft
272 https://
Google haveibeenpwned.com/
Mail.ru
98%
Mail.ru
15%
2
(2-Factor Authentication)
,
SMS
Google,
Yahoo Microsoft
: 12/05/2559
: Hold Security <http://thcert.co/it45s9>,
Mail.ru <http://thcert.co/iwn8ID>,
TroyHunt <http://thcert.co/YAjuVu>
CYBER THREATS 363
2016
Internet
: 12/05/2559
: Info Security <http://thcert.co/NiNXdX>
364
Ransomware
90,000
Flashpoint
Deep & 7,500
Dark Web (
Tor) 10-15 600
Ransomware Ransomware
30 300
Ransomware
Ransomware
Ransomware
( Ransomware-as-a-
Service)
: 03/06/2559
: Flashpoint <http://thcert.co/J0HZxN>
CYBER THREATS 365
2016
Ransomware 2559
10 2558
Ransomware
2-3
FBI
FBI
2559
209 10
2558
25
: 07/06/2559
: LA Times <http://thcert.co/X2Ns7B>
366
Ponemon Institute
2558 2557
64%
(Data breach)
(Incident Response)
100
3.23
100
70% 4.38
: 17/06/2559
: Help Net Security <http://thcert.co/ylhkdY>
CYBER THREATS 367
2016
58 59 2.3
Kaspersky
(ran-
somware) 2558 2558-2559
2559 2557 2,315,931
2558 2557-2558 17.7% ( 2557-2558
1,967,784 )
Android
2557-2559 Android 2559
136,532
4 2557-2558
35,413
718,536
(
) 5.5
2557-2558
: 30/06/2559
: Softpedia <http://thcert.co/zK6IsC>,
Kaspersky <http://thcert.co/TEIVpT>
368
Blancco
200
eBay Craigslist
67%
11%
36%
(https://www.thaicert.or.th/papers/
general/2013/pa2013ge006.html)
: 30/06/2559
: Blanco <http://thcert.co/X0f6M4>
CYBER THREATS 369
2016
10
LightCyber
2016 Cyber Weapons Report
50,000
99%
Angry IP
Scanner, Nmap, TeamViewer, WinVNC,
Radmin, WinSCP
LightCyber (http://
lightcyber.com/cyber-weapons-re-
port-network-traffic-analytics-re-
veals-attacker-tools)
: 12/07/2559
: Threatpost <http://thcert.co/vz8ok4>
CYBER THREATS 371
2016
DDoS 2559
124,000 579 Gbps
Arbor Networks 6
DDoS DNS
2559
Armada Collective
DDoS
2559 DDoS 100,000
124,000
579
Gbps DDoS
- DNS Amplification DDoS Attack
DDoS 1 Gbps (https://www.thaicert.or.th/papers/
technical/2013/pa2013te002.html)
6 986 Mbps
- NTP Reflection DDoS attack
(https://www.thaicert.or.th/papers/
1.15 Gbps
technical/2014/pa2014te002.html)
Reflection amplification
DNS, NTP, SSPD
: 22/07/2559
: Security Week <http://thcert.co/VecZi4>,
Imperva <http://thcert.co/3swdCG>
372
88%
Solutionary
Q2 2016 Threat Intelligence Report Solutionary
(https://www.solutionary.com/
Security Engineering Research Team threat-intelligence/threat-reports/
(SERT) quarterly-threat-reports/sert-threat-
report-q2-2016/)
2559
88%
6%
4%
: 01/08/2559
: Help Net Security <http://thcert.co/SGLMpL>,
Solutionary <http://thcert.co/F5v7SD>
CYBER THREATS 373
2016
: 03/08/2559
: Kaspersky <http://thcert.co/JCy7ln>
374
Healthcare Information
and Management Systems Society
(HIMSS)
32%
52%
10%
: 24/08/2559
: IT World <http://thcert.co/WeOP5Q>
CYBER THREATS 375
2016
21
SentinelOne
2558 Bournemouth UCL
21
71
23
: 29/08/2559
: MetaCompliance <http://thcert.co/wSb7dl>
376
2559
200%
Quick Heal
-
2 2559
- (adware)
-
-
-
(Internet
of Things)
2559
200%
-
(ransomware-as-a-service) Quick Heal (http://
dlupdate.quickheal.com/documents/
others/Quick_Heal_Threat_Report_
Q2_2016.pdf)
: 08/09/2559
: Help Net Security <http://thcert.co/gTzC7y>,
Quick Heal <http://thcert.co/7rizDV>
CYBER THREATS 377
2016
1 5
- 1 5
-
33%
31%
- 89%
: 09/09/2559
: Infosecurity Magazine <http://thcert.co/O3oiuc>,
Trend Micro <http://thcert.co/1oBd5U>
378
Blancco
- 30%
Blancco
-
14%
400
11%
10%
9%
- 50%
31%
( NIST
( Recycle Bin) 22%
Special Publication 800-88)
2
- 33% (https://www.thaicert.or.th/papers/
general/2013/pa2013ge006.html)
: 23/09/2559
: Blancco <http://thcert.co/gk4FUQ>
CYBER THREATS 379
2016
40%
Word
CyberArk CyberArk
750
- 40%
Word Excel 28%
- 95%
45%
- 68%
57%
cloud
: 26/09/2559
: eSecurity Planet <http://thcert.co/jRXuRB>,
CyberArk <http://thcert.co/qvOpDH>
380
Sucuri 2559
WordPress Joomla!
Sucuri 3
RevSlider, TimThumb
2559 GravityForms
WordPress
Joomla! Sucuri
52% Google
Safe Browsing
blacklist
21,821
WordPress 48%
15,769 backdoor
Norton Safeweb 38%
Joomla! 3,099 McAfee SiteAdvisor
11%
CMS
75% CMS
backdoor
Sucuri
WordPress
22%
: 27/09/2559
: Security Affairs <http://thcert.co/UtJpdH>,
Sucuri <http://thcert.co/5SokNN>
CYBER THREATS 381
2016
DDoS
1
Neustar - 53%
information
security 1,000 DDoS ( DDoS
)
DDoS
DDoS
- 73%
DDoS
DDoS
- DDoS 1.1 Tbps
85% 1 2559
- 49%
DDoS
1 (
350,000 )
- 76%
DDoS 47%
Cloud 37%
DDoS
: 06/10/2559
: Neustar <http://thcert.co/pKg62L>,
Help Net Security <http://thcert.co/LhL7I7>
382
1 10
97%
86%
77%
Trend Micro (disaster recovery
plan) 33%
11%
20%
82%
33%
24%
14%
: 07/10/2559
: Betanews <http://thcert.co/4Xs5BA>
CYBER THREATS 383
2016
Android
1 Play Store
: 19/10/2559
: Security Week <http://thcert.co/1zcENd>,
Cheetah Mobile <http://thcert.co/egcgnt>
384
89%
Wi-Fi
NTT Security 3
2559
NTT Security -
17%
3 2559 (SERT Quarterly Threat
Report Q3 2016)
Security Engineering Research -
Team (SERT)
-
23% (19%)
(18%)
(12%)
(11%) - Netis
(Netcore)
- 43% 2558
Fortinet
SQL injection
-
48
-
73%
: 27/10/2559
: Help Net Security <http://thcert.co/askwO2>
386
15%
20% Telnet
ESET Telnet
12,000
15%
admin
40%
20%
: 28/10/2559
: We Live Security <http://thcert.co/m9Nqwv>
CYBER THREATS 387
2016
SecurityScorecard -
7 63%
2559 (2016 Healthcare
Industry Cybersecurity Report)
700
21st
- Century Oncology
2.2
9 18 Hollywood
5 Presbyterian Medical Center
17,000
6
- 75%
1
90%
: 04/11/2559
: SecurityScorecard <http://thcert.co/Fb0df5>,
PR Newswire <http://thcert.co/gNyJLW>
388
77%
95%
Barkly
60
1
77%
95%
52%
1 3
Barkly
81%
50%
: 15/11/2559
: eSecurity Planet <http://thcert.co/uumJPn>,
Barkly <http://thcert.co/2eo727>
CYBER THREATS 389
2016
Akamai
3 2559 IoT
Akamai CDN 2
cloud computing NTP reflection
3 2559 DDoS
Internet of Things (IoT)
2559 DDoS
IoT Mirai
3 2558
- DDoS
71%
- layer 3 4
77%
-
100 Gbps 138%
- SQL injection
21%
- DDoS UDP
fragment DNS reflection
: 17/11/2559
: Help Net Security <http://thcert.co/JimGCJ>,
Akamai <http://thcert.co/zqIdHz>
390
66%
Ponemon - 2
2016 Cyber Resilient Organization 74%
64%
2,400 - 70%
2558
-
4
( 142 )
-
4 ( 14
(66%) )
3 4
-
3
- 32%
: 24/11/2559
: Resilient Systems <http://thcert.co/y27G6Z>,
Tripwire <http://thcert.co/4ZjHaG>
CYBER THREATS 391
2016
Flash Player,
Internet Explorer Windows
Recorded Future
(exploit kit) Adobe Flash
Player Microsoft
(Internet Explorer, Silverlight
Windows)
Flash Player Internet
2558 2559 Explorer
10
Flash Player
6
Internet Explorer
(CVE-2559-0189)
2559
: 07/12/2559
: Security Affairs <http://thcert.co/UDMn8c>
392
UK 90%
Windows XP
2
(NHS)
90% Windows
XP
15 Microsoft
2557 (
https://www.thaicert.or.th/
papers/general/2014/pa2014ge001.
html)
14%
2559 29%
2560
: 09/12/2559
: The Register <http://thcert.co/a6ZHAI>
CYBER THREATS 393
2016
1 5
(
)
Keepsafe
1,000
20%
- 66%
- 50%
: 15/12/2559
: Help Net Security <http://thcert.co/ACIraw>
394
Google 2559
Android Nexus
4 2559 (Critical) 5
Google (High) 2
Android (Moderate) 5
Mediaserver
Android
Google
Over-The-Air OTA
Nexus
Android Open Source Project
AOSP
Google Nexus
7 2558
Android
Android
12
: 07/01/2559
: Android <http://thcert.co/gUxcV0>
396
VMware privilege
escalation Shared Folder
VMware
privilege escalation Shared Folder VMware
ESXi, Fusion, Player
Workstation
Shared Folder
guest (
CVE-2015-6933)
VMWare
guest
host
: 08/01/2559
: The Register <http://thcert.co/aaLqpu>
CYBER THREATS 397
2016
OpenSSH
Private Key
14 2558 OpenSSH 1. UseRoaming no
OpenSSH global ssh_config(5)
Client Private
Key 2. UseRoaming no
~/.ssh/config user configura-
Roaming tion
Session
3. option -oUseRoam-
Debian
8 2559
Debian
19 Debian
,
(Denial of Service)
(Previlege escalation)
Debian
(3.2.73-2+deb7u3
Wheezy 3.16.7-ckt20-1+deb8u4
Jessie)
: 08/03/2559
: Debian <http://thcert.co/a6EjqE>
CYBER THREATS 399
2016
Microsoft,
Adobe, Google, Mozilla Apple .. 59
2559 Microsoft, Remote Code
Adobe, Google, Mozilla Apple Execution
: 14/03/2559
: Microsoft <http://thcert.co/Ya8S76>,
Mozilla <http://thcert.co/ndLb72>,
Apple <http://thcert.co/pAqpDw>
400
Truecaller
Android 100
Cheetah Mobile
Security Research Lab
Truecaller 22
Android Truecaller
Android
100
Truecaller
IMEI
IMEI
Truecaller
: 29/03/2559
: Cheetah Mobile <http://thcert.co/rZghTm>
CYBER THREATS 401
2016
iOS 9 - 9.3.1
Passcode
videosdebarraquito
YouTube Siri 3D
iOS 9 - 9.3.1 (https:// Touch
youtu.be/Jk7GaO_vAW8) iPhone 6S iPhone
iPhone 6S 6S Plus
Passcode Apple
Siri
Twitter Siri
Twitter
3D Touch
: 05/04/2559
: The Next Web <http://thcert.co/cpcSnN>
402
Cisco
6 2559 Cisco
8 (Remote Code Executiion)
Prime Infrastructure,
Evolved Programmable Network (Denial of Service)
Manager, TelePresence Server, UCS
Invicta
: 07/04/2559
: Cisco <http://thcert.co/O24Wce>
CYBER THREATS 403
2016
8 2559 Adobe
Adobe Adobe Flash CVE-2559-
Player 24 1019
(Adobe Flash
Player 21.0.0.213 Windows
OS X, Adobe Flash Player 11.2.202.616
Linux)
(Remote Code Execution)
: 08/04/2559
: Adobe <http://thcert.co/pusNYl>
404
Samsung Galaxy
. SMS
.
Roberto Paleari Aristide Fattori SMS
Samsung
Galaxy
USB Samsung Galaxy S6,
Galaxy Note 3, Galaxy S4
. SMS
ADB
Samsung
Samsung modem
USB
Linux
m o d e m
device ( /dev/ttyACM0)
device
: 18/04/2559
: Help Net Security <http://thcert.co/I6Zlew>
CYBER THREATS 405
2016
QuickTime Windows
Apple
Trend Micro QuickTime
QuickTime Windows
Windows
QuickTime
Apple QuickTime
QuickTime Windows
QuickTime
Windows
QuickTime
VLC (
)
QuickTime
Adobe
QuickTime
Adobe
: 20/04/2559
: Trend Micro <http://thcert.co/joqPb8>,
vvZDNet <http://thcert.co/6vii0R>
406
Cisco
20 2559 Cisco
Cisco Wireless LAN Controller
Cisco Wireless LAN (Critical)
Controller, Cisco Adaptive Security Cisco
Appliance Software
5
(Denial of Service)
: 21/04/2559
: Cisco <http://thcert.co/O24Wce>
CYBER THREATS 407
2016
HP Data Protector
18 2558
Hewlett Packard (HP) (
6 HP Data Protector 7.03_108, 8.15 9.06)
4
CVSS 10
(Remote Code Execution),
(Private Key)
SSL
Man-in-the-middle
: 26/04/2559
: HP <http://thcert.co/5p7Iyw>
408
Firefox 46
26 2559
Mozilla (Firefox 46)
Firefox 10
1
(Remote Code
Execution)
: 27/04/2559
: Mozilla <http://thcert.co/CXgEsL>
CYBER THREATS 409
2016
Chrome
28 2559 Google
9 Chrome
(50.0.2661.94)
(Remote Code
Execution)
: 29/04/2559
: Chrome Releases <http://thcert.co/Zx8L6J>
410
ImageMagick
ImageMagick
ImageMagick shell command
Linux
distro Ubuntu
ImageMagick 6.9.3-9
4 2559
ImageMagick 1.
file signature
magic bytes
2. Policy
ImageMagick coders
CVE-2559-3714
ImageMagick
: 04/05/2559
: Openwall <http://thcert.co/mTeIJ3>
CYBER THREATS 411
2016
: 04/05/2016
: Apple <http://thcert.co/4S9V6m>,
rachelbythebay <http://thcert.co/F7yQZs>
412
OpenSSL
OpenSSL
SSL
TLS Open Source CA (Certificate Authorities)
OpenSSL Padding Oracle
Cookie
VPN OpenVPN
SSH AES CBC
OpenSSH (Advanced Encryption Standard Cipher
Algorithm in Cipher Block Chaining)
3 2559
OpenSSL AES-NI (Advanced
OpenSSL 6 Encryption Standard Instruction Set)
2
(Encoder) ASN.1 OpenSSL
(Abstract Syntax Notation One) (1.0.2c, 1.0.1o)
OpenSSL
ASN.1
: 04/05/2559
: OpenSSL <http://thcert.co/n3pIcb>
CYBER THREATS 413
2016
Cisco
Cisco TelePresence
4 2559 Cisco
Cisco TelePresence XML
API
HTTP Request
XML API
Cisco
Cisco FirePOWER
System Software Cisco Adaptive
Security Appliance
(Denial of Service)
: 06/05/2559
: Cisco <http://thcert.co/zQ6GJM>
414
HTTPS
SSL
root CA
SSL Private
root CA key
Kaspersky
2558
30 SSL
Kaspersky
TLS/SSL
Man-in-the-Middle
: 10/05/2559
: The Register <http://thcert.co/WJlxRo>
CYBER THREATS 415
2016
WordPress 4.5.2
6 2559 WordPress
WordPress 4.5.2
2
SOME (Same Origin Method Execution)
Cross-Site
Scripting
: 10/05/2559
: Softpedia <http://thcert.co/Okp6mh>,
WordPress <http://thcert.co/db5t5Y>
416
Microsoft Adobe
10 2559
Microsoft Adobe
(Remote
Code Execution)
Microsoft 16
Windows
Internet Explorer, Microsoft
Edge, Microsoft Office, Microsoft .NET
Framework
Remote Code Execution 7
Adobe
ColdFusion, Acrobat
Adobe Reader
Remote
Code Execution
: 11/05/2559
: Adobe <http://thcert.co/d8iKmm>,
Microsoft <http://thcert.co/Y8CELR>
CYBER THREATS 417
2016
10
2559 Adobe
Flash Player Cerber Locky
(
CVE-2559-4117)
12 Adobe
Flash Player
21.0.0.242 ( Linux
11.2.202.621)
Adobe (https://get.adobe.com/
flashplayer/)
: 13/05/2559
: Softpedia <http://thcert.co/khQfSt>
418
WordPress Jetpack
XSS
27 2559
Sucuri
Jetpack WordPress
WordPress
1
Cross-site
Scripting (XSS)
Sucuri 78%
WordPress 56%
Jetpack
4.0.3
: 31/05/2559
: Sucuri <http://thcert.co/kv9sqE>,
Sucuri <http://thcert.co/XdSfJq>
CYBER THREATS 419
2016
KeePass 2 HTTP
KeePass
2
Auto Update KeePass
Auto Update KeePass
2 HTTP KeePass 2
HTTPS Sourceforge (https://
sourceforge.net/projects/keepass/)
KeePass HTTP (http://
keepass.info/)
KeePass
1.
YouTube (https://www.youtube.
com/watch?v=gOxcQSbpA-Q)
CVE-2559-5119 HTTP
KeePass (2.33)
2. KeePass
Auto Update
KeePass 2
Sourceforge
(http://keepass.
info/integrity.html)
: 02/06/2559
: bogner.sh <http://thcert.co/r0Vhsl>
422
Lenovo Lenovo
Accelerator Application
Duo Labs
(Bloatware) Lenovo Windows 10
( ThinkPad
ThinkStation)
Lenovo Accelerator Application
Lenovo
Lenovo
Lenovo Accelerator
Application
Lenovo Accelerator
Application
Lenovo
: 03/06/2559
: Lenovo <http://thcert.co/u8N5Dq>
CYBER THREATS 423
2016
Mitsubishi Outlander
Mitsubishi Outlander
2556
Wi-Fi
Wi-Fi
Wi-Fi
Wi-Fi
Wi-Fi
: 08/06/2559
: Help Net Security <http://thcert.co/uMSJR7>,
Forbes <http://thcert.co/83UFDv>
424
KeePass
HTTPS
KeePass KeePass
KeePass
Properties
HTTP
KeePass
KeePass
(2.34) HTTPS
: 10/06/2559
: KeePass <http://thcert.co/xjsfZ2>
CYBER THREATS 425
2016
D-Link
Senrio
D-Link (Internet of Things)
DCS 930L Wi-Fi
Wi-Fi
: 10/06/2559
: Threatpost <http://thcert.co/PfguVz>,
Senrio <http://thcert.co/qRALc3>
426
SW Update (Bloatware)
SW Up-
date
: 14/06/2559
: The Register <http://thcert.co/xCOhX9>,
Full Disclosure <http://thcert.co/uxec2v>
CYBER THREATS 427
2016
Symantec
Norton
Google Project Zero
Symantec
Symantec Norton
Symantec
Google
Advanced Threat
Protection (ATP), Symantec Endpoint
Protection (SEP), Norton AntiVirus,
Norton Internet Security, Norton 360
Symantec (https://www.
symantec.com/security_response/
securityupdates/detail.jsp?fid=se-
curity_advisory&pvid=security_ad-
visory&year=&suid=20160628_00)
: 29/06/2559
: Ars Technica <http://thcert.co/NWyEnC>,
Google Project Zero <http://thcert.co/vn0KYh>
CYBER THREATS 429
2016
Foxit
Reader 400
: 01/07/2559
: The Register <http://thcert.co/pFeNpu>
430
LibreOffice
RTF
Cisco Talos CVE-2559-4324
LibreOffice LibreOffice 5.1.4
5.2.0 LibreOffice
RTF
.rtf
: 01/07/2559
: Security Week <http://thcert.co/vDVo5E>,
Cisco Talos <http://thcert.co/iGQrdv>
CYBER THREATS 431
2016
Wget 1.18
redirect
GNU Wget
Unix/Linux
SecuriTeam
Wget 1.17 Wget
redirect
.wgetrc
( CVE-2559-
4971) Proxy
Wget
Wget
URL (
Cron Job)
wget http://attackers-server/
safe_file.txt
Wget
-O
safe_file.txt http://attack-
ers-server
HTTP
30X redirect URL GNU Wget
Wget 1.18
URL
Wget GNU (https://lists.gnu.
redirect org/archive/html/info-gnu/2559-06/
(Configuration file) msg00004.html)
.bash_profile .wgetrc
: 05/07/2559
: SecuriTeam <http://thcert.co/0qfdpj>
432
ThinkPwn BIOS
Lenovo, HP Gigabyte
ThinkPad
Lenovo System
Management Mode (SMM) BIOS Lenovo, HP
Gigabyte
HP
Pavilion
Gigabyte Z68-UD3H, Z77X-
UD5H, Z87MX-D3H, Z97-D3H
BIOS
: 06/07/2559
: NDTV <http://thcert.co/FGMy4Q>,
The Register <http://thcert.co/imtjEU>
CYBER THREATS 433
2016
Microsoft
(CVE-2559-3238)
Vectra
CVE-2559-3238 Windows
Microsoft
Web Point-and-Print Protocol
(MS-WPRN)
Microsoft
3170455
(
: 13/07/2559
: Threatpost <http://thcert.co/oZGPK4>,
Vectra <http://thcert.co/BLvTQ0>
434
iOS Mac OS X
MMS, ,
Internet
Internet Explorer Edge
Explorer Edge
Windows SMB
Microsoft Account file://
SMB network share
Windows IP
src
SMB file://
Windows
Windows 10 (
( 2559)
) Hash
Windows 8 Internet Explorer Edge
Microsoft Account Windows Microsoft
Hash Account
Hash
Microsoft Account
NTLM Firewall
SMB IP
: 04/08/2559
: Medium/@ValdikSS <http://thcert.co/zsoyLG>,
Perfect Privacy <http://thcert.co/YKlLk9>
436
Quadrooter Qualcomm
Snapdragon Android root
Google
Check Point
Qualcomm Android Android
/
2559
3 1
Android Qualcomm (
Snapdragon) root 2559
Android
(Permission)
4 Qualcomm
: 08/08/2559
: ZDNet <http://thcert.co/Mm4zHC>,
EF CON 24 <http://thcert.co/Cb2GAW>
CYBER THREATS 437
2016
! Cisco
Equation Group
Equation Group
(Remote Code Execution)
NSA Cisco
Cisco
15 2559 8.4(3)
Shadow Brokers
Equation Group
ExtraBacon
CVE-2559-6366
Cisco
SNMP
SNMP
17 2559 Cisco
Cisco
EpicBanana SNMP
CVE-2559-6367 Community String
Cisco
DoS (Denial of Service)
: 17/08/2559
: Cisco <http://thcert.co/wJ5itf>
438
Apple OS X
Apple OS X OS X
Yosemite 10.10.5 OS X El Capitan
10.11.6 CVE-2559-4655,
CVE-2559-4656, CVE-2559-4657
Webkit Kernel
3
iOS Pegasus
Apple iOS 9.3.5
3
2559
: 02/09/2559
: VultureBeat <http://thcert.co/RrVLqz>
CYBER THREATS 439
2016
Cisco WebEx
Meetings Server
Cisco 2
2559
2 Cisco
WebEx Meetings Server 2.6
CVE-2559-1482
(Remote Code
Execution) CVE-2559-1483
(Denial
of Service)
: 16/09/2559
: The Register <http://thcert.co/N9G7mV>,
US-CERT <http://thcert.co/qrlmLE>
440
Drupal
: 16/09/2559
: Softpedia <http://thcert.co/N7a1uF>,
SANS Internet Storm Center <http://thcert.co/eLoXa6>
CYBER THREATS 441
2016
Cisco 850,000
0-day BENINGCERTAIN
: 26/09/2559
: Softpedia <http://thcert.co/q0qU4i>,
Shadow Server <http://thcert.co/tnWJsu>,
Cisco <http://thcert.co/EoA6gw>
442
Samsung Knox
Viral Security Group Samsung
Samsung Knox
2559
Android Samsung
Galaxy S6
Galaxy Note 5
KNOXout
CVE-2559-6584
CVE-2015-1805
(iovyroot)
Real-time Kernel Protection (RKP)
Knox root
: 04/10/2559
: Wired <http://thcert.co/zzpG2b>,
Viral Security Group <http://thcert.co/KFAMue>
CYBER THREATS 443
2016
Rapid 7
Animas OneTouch
Ping
900
3 MHz
90
1-2
-
-
: 05/10/2559
: Softpedia <http://thcert.co/NRihM9>,
Rapid 7 <http://thcert.co/JmF859>
444
Avtech
130,000
Search-Lab
http://
Avtech (http:// www.search-lab.hu/media/vulnera-
www.avtech.com.tw/) bility_matrix.txt
- Shodan
CSRF
Avtech 130,000
- (https://www.shodan.
plaintext io/search?query=avtech)
- DVR
- Bypass captcha
login=quick Avtech
CYBER THREATS 445
2016
Avtech
: 12/10/2559
: The Register <http://thcert.co/RcFAlP>,
SecLists <http://thcert.co/I2zsaM>
446
Jon Sawyer
( Justin Case backdoor
jcase) Foxconn
Android
Pork Explosion bootloader
bootloader Foxconn reboot-ftm
Factory Test
Mode
Factory Test Mode InFocus M810 Nextbit
Robin
SELinux
adb
2
Foxconn
brute force
: 13/10/2559
: Android Police <http://thcert.co/qlZMlv>,
BBQ and 0days <http://thcert.co/ldcjwV>
CYBER THREATS 447
2016
Nine Android
Netis,
D-Link, Asus 3
Fortinet s3cur1ty.de/m1adv2013-017)
2
1 30 2559 Asus
3 Netis (Netcore), infosvr UDP 9999
D-Link Asus
Netis 2557 (
(Netcore) backdoor https://github.com/jduck/
UDP 53413 asus-cmd)
9
Fortinet
2557 ( http://
blog.trendmicro.com/trendlabs-secu-
rity-intelligence/netis-routers-leave-
wide-open-backdoor/)
1.75
D-Link
command.php
2556 ( http://www.
: 20/10/2559
: Fortinet <http://thcert.co/MCoTXF>
450
Linux kernel
kernel 2.6.22 (
Linux 2550)
root
Dirty
COW CVE-2559-5195 21 2559
Linux Red Hat, Debian
Ubuntu
race condition copy-on-write
(COW)
http://dirtycow.ninja/
root
setuid
root
: 21/10/2559
: The Register <http://thcert.co/87TWRo>,
Graham Cluley <http://thcert.co/fwjqUK>
CYBER THREATS 451
2016
Joomla! 3.6.4
25 2559
Joomla! Joomla! 3.4.4 3.6.3
Joomla! 3.6.4
2
Joomla!
3.6.4
CVE-2559-8869
CVE-2559-8870
: 26/10/2559
: Joomla! <http://thcert.co/mLzetj>,
Softpedia <http://thcert.co/WTlsCQ>
452
Adobe
Flash Player
26 2559 Adobe
Adobe
CVE-2559-7855
Adobe Flash Player Adobe
Flash Player
(23.0.0.205
Windows macOS, 11.2.202.643
(Remote Code Execution) Linux)
- Adobe Flash Player
23.0.0.185 Adobe Flash
Windows macOS Player
(https://www.
- Adobe Flash Player thaicert.or.th/papers/general/2015/
11.2.202.637 pa2015ge003.html)
Linux
: 27/10/2559
: Adobe <http://thcert.co/EugmN8>,
Dark Reading <http://thcert.co/pkGgLs>
CYBER THREATS 453
2016
Joomla!
3.6.4 25,000
Joomla! db_cfg
3.6.4 fsugmze3
25 2559
ringcoslio1981@gmail.com
/index.php/component/
Joomla! users/?task=user.register
25,000
Sucuri
Joomla!
Joomla!
: 31/10/2559
: Softpedia <http://thcert.co/HpFnw5>,
Sucuri <http://thcert.co/p0l5Ru>
454
MySQL, MariaDB
PerconaDB
(CVE-2559-6663, CVE-2559-6664)
- Percona Server
Legal Hackers 5.5.51-38.2, 5.6.32-78-1, 5.7.14-8
MySQL, MariaDB PerconaDB
(CVE-2559-6663 - Percona XtraDB Cluster
CVE-2559-6664) 5.6.32-25.17, 5.7.14-26.17,
race condition root privilege 5.5.41-37.0
escalation MySQL PerconaDB
2
MariaDB
( mysql) CVE-2559-6663
CVE-2559-6664
( root)
- MySQL 5.5.51, 5.6.32,
5.7.14
- MariaDB 5.5.52,
10.1.18, 10.0.28
: 03/11/2559
: Threatpost <http://thcert.co/bdRdyS>,
Legal Hackers <http://thcert.co/sHA1i3>,
Legal Hackers <http://thcert.co/gGfbuC>
CYBER THREATS 455
2016
D-Link DIR
remote administration
: 08/11/2559
: CERT <http://thcert.co/YIT85u>,
The Register <http://thcert.co/obzaU6>
456
Netis 15,000
2
0-day Firefox
Tor Browser
Firefox
0-day Mozilla
Firefox JavaScript Firefox Tor
Windows Browser JavaScript ()
FBI : Mozilla
Tor
2556 Firefox 50.0.2 Tor Browser 6.0.7
Firefox 41
50 Windows
Tor Browser
Tor
Firefox 45 ESR
: 30/11/2559
: Ars Technica <http://thcert.co/fr6vi4>,
Tor Project <http://thcert.co/Ydf2qi>
CYBER THREATS 459
2016
(pacemaker)
(
http://www.ns.mahidol. 5
ac.th/english/th/departments/MN/
th/med-km55-1.html)
10
: 02/12/2559
: The Register <http://thcert.co/RcwPvj>,
<http://thcert.co/CFSfX6>
460
Sony
80
6 2559 Sony
SEC Consult
(IP Camera)
Sony 80 https://www.sec-consult.com/
admin root fxdata/seccons/prod/temedia/adviso-
ries_txt/20161206-0_Sony_IPELA_En-
gine_IP_Cameras_Backdoors_v10.txt
: 08/12/2559
: Threatpost <http://thcert.co/7ploSh>,
The Register <http://thcert.co/UjyWUP>
CYBER THREATS 461
2016
Netgear
Netgear
Netgear R6400, R7000 R8000
command Netgear
injection
http://<router_IP>/cgi-bin/;kil-
lall$IFShttpd
http://<router_IP>/
cgi-bin/;COMMAND
root
: 13/12/2559
: US-CERT <http://thcert.co/vGwI7s>,
Bas <http://thcert.co/f8hqhI>,
462
! Joomla!
3.6.4 admin
Joomla! Joomla!
3.6.5
CVE-2559-9838
Joomla!
1.6.0 3.6.4
PHP .php6, .php7, .phtml
.phpt web
shell CVE-2559-
9836
: 19/12/2559
: Bleeping Computer <http://thcert.co/0hyxfA>,
Joomla! <http://thcert.co/6ncgGE>
CYBER THREATS 463
2016
Netgear R6250,
R6400, R7000 R8000
US-CERT
R6250, R6400, R7000 R8000
Netgear (R6700,
19 2559 R6900, R7100LG, R7300DST, R7900,
Netgear D6220, D6400)
(beta)
Netgear
: 20/12/2559
: Graham Cluley <http://thcert.co/SjHh1w>,
Netgear <http://thcert.co/C3gPxC>
464
Netgear ZyXEL
ZyXEL P660HN-T
Billion 5200W-T 4
Netgear ZyXEL Remote Code
Execution
4
ISP
Netgear WNR2000
3
Remote Code Execution
(Remote Administration)
Shodan
10,000
3
: 27/12/2559
: Bleeping Computer <http://thcert.co/4ZiFs1>,
SecList <http://thcert.co/RLIz6t>
CYBER THREATS 465
2016
(,
Awareness ) MasterCard
(
,
Fraud )
(
Incident
, )
SWIFT
12
Law & Policy
(
, ,
Malware )
CTB-Locker
(,
Privacy )
QQ Browser
Research &
Education
FBI
Statistics 2.3 2
Vulnerability
D-Link
468