The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any questions? Just ask.
NC County Crippled by Ransomware Attack
Recently, a county in North Carolina was the target of a substantial ransomware attack that took many of their official systems offline, and may have affected over a million residents. Nearly 10% of the county’s servers were forced offline with a ransom demand of $23,000. County officials have stated they will not be paying, as there are no guarantees with ransomware, and will work to recover systems as quickly as possible.
Starbucks In-Store Wi-Fi Used to Mine Cryptocurrency
In the past week, a researcher discovered that the Argentinian rewards site for Starbucks was silently running a coin-mining script to generate Monero coins. Even more worrisome: more than 5,000 unique sites have been identified which are also be running some form of CoinHive code to mine cryptocurrency by sapping unsuspecting visitor’s CPU power. Fortunately for fans of free WiFi, Starbucks was quick to contact their internet service provider and resolve the issue.
Brand New HP Laptops Come with a Nasty Surprise
Keylogging software was recently discovered on over 400 models of HP laptops—preinstalled in their keyboard drivers. Even though the keylogger is disabled by default, it wouldn’t be difficult for anyone with access to the device to compromise its security by enabling it to record users’ keystrokes. Luckily for HP users, the company promptly issued a patch that removed the keylogging software from affected devices.
Spider Ransomware Focused on Balkans
Over the last few days, researchers have been monitoring a new ransomware variant called “Spider” as it works its way across the Balkan region of Europe. Surprisingly, this variant gives victims a mere 96 hours to pay the ransom. In addition to the tight deadline, the ransomware makes several attempts to ease the payment process for victims by providing an “educational” video tutorial and giving the user steady reassurance on how simple it is. As with many other ransomware variants, Spider spreads through malicious Microsoft® Office documents that request users to enable macros.
Mirai Botnet Creators Federally Charged in US
The creators of the original Mirai botnet have been federally charged for its initial creation and use as a DDoS-for-hire service. At its peak, Mirai affected over 300,000 individual IoT devices. Apparently, after the major DDoS attack earlier this year against DNS provider Dyn, one of the creators released the source code in the hope that others might use it, thereby obscuring the trail leading back to him.