PC PORTAL

Experienced. Trusted. Solutions.

ransomware

By

Cyber News Rundown: Dharma Diversion

Reading Time: ~2 min.

Dharma Ransomware Employs Diversion Tactics

Researchers recently discovered a new ransomware variant that displays an ESET AV removal screen once launched in order to divert the a victim’s attention from the silent encryption taking place. Initially dropped by an email spam campaign, the payload comes as a password protected zip archive, with the password made available in the body of the email to entice curious readers. In addition to the ESET removal instructions, the archive also contains a traditional ransom demand with instructions for purchasing and transferring Bitcoin.

Binance Crypto-Exchange Hacked

At least 7,000 Bitcoin were illicitly removed from the hot wallet of Binance, an international cryptocurrency exchange, in a single transaction. By compromising the personal API keys and bypassing two-factor authentication, the hackers were able to access the wallet and steal roughly $41 million worth of Bitcoin. The complete details of the breach are still unknown.

Global Malvertiser Sentenced in US

A man operating several fake companies distributing hundreds of millions of malicious ads across the globe has been arrested and is facing charges after his extradition to the U.S. For nearly five years, Mr. Ivanov and his co-conspirators created dozens of malvertising campaigns, usually starting a new one immediately after the previous one was flagged by a legitimate ad network. While this is not the only case of malvertising campaigns causing chaos on the web, it is one of the first to see actual indictments.

Robbinhood Ransomware Shuts Down Two US Cities

Both Baltimore City Hall and the city of Amarillo, Texas, were victims of a variant of Robbinhood ransomware this week. Following the attack, citizens of both cities will be seeing online bill payment options temporarily offline as they work to restore networks that were damaged or disconnected to stop the spread of the infection. This is the second cyber attack to hit both cities within the past year, with Potter County, Texas recovering from a similar attack just a couple weeks ago. Neither city has released more information on the ransom amount or when the attack began.

Freedom Mobile Exposes Payment Credentials

An unencrypted database containing millions of customer records for Freedom Mobile, a Canadian telecom provider, was discovered to be left freely available to the public. While the database was secured in less than a week, the time it was left accessible to criminals is cause for concern. The data contained full payment card information, including essentially everything a criminal would need to commit identity fraud against millions of people. Though Freedom Mobile claims the 15,000 were affected, it calls into question the practices used to store their sensitive data.

The post Cyber News Rundown: Dharma Diversion appeared first on Webroot Blog.

By

Cyber News Rundown: Tax Extortion Ransomware Scams Corporations

Reading Time: ~2 min.

Tax Extortion Emails Bring Major Threats

A new email campaign has been spotted threatening ransomware and DDoS attacks over fake tax documents allegedly held by the attackers if a Bitcoin ransom isn’t paid. The campaign authors also threaten to send fake tax documents to the IRS through a poorly-worded ransom email that even provides Wikipedia excerpts for each threat put forward. Fortunately, as the campaign seems to be focused on corporations rather than individuals, no payments have been made to the attacker’s crypto coin wallet address.

Hotel Reservation Data Leaking Through Third-Party Services

As major data breaches continue to flood headlines, a recent study has revealed that nearly two of every three hotels exposes information about its guests to third-parties. Excerpts of the data show names, social security numbers, and payment card details that could give unauthorized users the ability to compromise identities or make changes to current reservations. Most of the exposed data involves comping through third-party services run on hotel websites offering customers additional packages.

Ransomware Conspirator Jailed in the UK

Police in the UK have officially charged and jailed a man for his part in the operation of a global ransomware campaign with ties to a Russian criminal organization. Charges range from fraud and blackmail to computer misuse relating to DDoS attacks and the Essex man is set to face at least six years. By masquerading as an advertising agent looking to purchase ad space on high-traffic sites, he was able to infect ad links with malware and other exploits to spread his campaign.

Firefox Begins Blocking Cryptomining Scripts

Even after the demise of CoinHive, cryptomining scripts are still being secretly deployed on thousands of websites without the knowledge of their owners and visitors. With the release of Firefox 67 beta, Mozilla is hoping to completely protect their users from malicious scripts that download and run cryptominers and other unwanted tracking software by using a blacklist created by Disconnect, a VPN developer with a reputation for privacy protection. Additionally, the new Firefox version will block fingerprinting scripts commonly used to invade a user’s browsing privacy.

MyCar App Uses Hardcoded Credentials

Thousands of cars were left vulnerable after a widely used vehicle telematics systems was found to be using hardcoded credentials in their mobile apps. Used in dozens of different car models to enable remote control functions, the hardcoded credentials leave these vehicles accessible to anyone with the app’s source code and the plaintext credentials within. Fortunately for users, the latest iOS and Android versions of the MyCar app have been updated to resolve this vulnerability.

The post Cyber News Rundown: Tax Extortion Ransomware Scams Corporations appeared first on Webroot Blog.

By

Security roundup: April 2019

We round up interesting research and reporting about security and privacy from around the web. This month: healthy GDPR, gender rebalance, cookie walls crumble, telecom threats and incident response par excellence.

A healthy approach to data protection

Ireland’s Department of Health is now considering amendments to the Health Research Regulations, with data protection as one of the areas under review. The Health Research Consent Declaration Committee, which was formed as part of the Health Research Regulations made under GDPR, confirmed the possible amendments in a statement on its website.

GDPR triggered significant changes to health research because of the obligations on data protection impact assessments. Our senior data protection consultant Tracy Elliott has blogged about this issue.

The newly announced engagement process may lead to changes to the Health Research Regulations “where any such amendments are sound from a policy perspective and legally feasible”, the HRCDC said. There’s a link to a more detailed statement on the proposed amendments at this link.

A welcome improvement

Women now make up almost a quarter of information security workers, according to new figures from ISC(2). For years, female participation in security roles hovered around the 10-11 per cent mark. The industry training and certification group’s latest statistics show that figure is much higher than was generally thought.

Some of this increase is due to the group widening its parameters beyond pure cybersecurity roles. The full report shows that higher percentages of women security professionals are attaining senior roles. This includes chief technology officer (7 per cent of women vs. 2 per cent of men), vice president of IT (9 per cent vs. 5 per cent), IT director (18 per cent vs. 14 per cent) and C-level or executive (28 per cent vs. 19 per cent).

“While men continue to outnumber women in cybersecurity and pay disparity still exists, women in the field are buoyed by higher levels of education and certifications, and are finding their way to leadership positions in higher numbers,” ISC(2) said.

The trends are encouraging for any girls or women who are considering entering the profession; as the saying goes, if you can see it, you can be it. (The report’s subtitle is ‘young, educated and ready to take charge’.) After the report was released, Kelly Jackson Higgins at Dark Reading tweeted a link to her story from last year about good practice for recruiting and retaining women in security.

Great walls of ire

You know those annoying website pop-ups that ask you to accept cookies before reading further? They’re known as cookie walls or tracker walls, and the Dutch data protection authority has declared that they violate the General Data Protection Regulation. If visitors can’t access a website without first agreeing to be tracked, they are being forced to share their data. The argument is that this goes against the principle of consent, since the user has no choice but to agree if they want to access the site.

Individual DPAs have taken different interpretations on GDPR matters. SC Magazine quoted Omar Tene of the International Association of Privacy Professionals, who described the Dutch approach as “restrictive”.

This might be a case of GDPR solving a problem of its own making: The Register notes that cookie consent notices showed a massive jump last year, from 16 per cent in January to 62.1 per cent by June.

Hanging on the telephone

Is your organisation’s phone system in your threat model? New research from Europol’s European Cybercrime Centre and Trend Micro lifts the lid on network-based telecom fraud and infrastructure attacks. The Cyber-Telecom Crime Report includes case studies of unusual attacks to show how they work in the real world.

By accessing customers’ or carriers’ accounts, criminals have a low-risk alternative to traditional forms of financial fraud. Among the favoured tactics are vishing, which is a voice scam designed to trick people into revealing personal or financial information over the phone. ‘Missed call’ scams, also known as Wangiri, involve calling a number once; when the recipient calls back, thinking it’s a genuine call, they connect to a premium rate number. The report includes the eye-watering estimate that criminals make €29 billion per year from telecom fraud.

Trend Micro’s blog takes a fresh angle on the report findings, focusing on the risks to IoT deployments and to the arrival of 5G technology. The 57-page report is free to download from this link. Europol has also launched a public awareness page about the problem.  

From ransom to recovery

Norsk Hydro, one of the world’s largest aluminium producers, unexpectedly became a security cause célèbre following a “severe” ransomware infection. After the LockerGoga variant encrypted data on the company’s facilities in the US and Europe, the company shut its global network, switched to manual operations at some of its plants, and stopped production in others.

Norsk Hydro said it planned to rely on its backups rather than paying the ransom. Through it all, the company issued regular updates, drawing widespread praise for its openness, communication and preparedness. Brian Honan wrote: “Norsk Hydro should be a case study in how to run an effective incident response. They were able to continue their business, although at a lower level, in spite of their key systems being offline. Their website contains great examples of how to provide updates to an issue and may serve as a template for how to respond to security breaches.”

Within a week, most of the company’s operations were back running at capacity. Norsk Hydro has released a video showing how it was able to recover. Other victims weren’t so lucky. F-Secure has a good analysis of the ransomware that did the damage, as does security researcher Kevin Beaumont.

Links we liked

Remember the Melissa virus? Congratulations, you’re old: that was 20 years ago. MORE

New trends in spam and phishing, whose popularity never seems to fade. MORE and MORE

For parents and guardians: videos to spark conversations with kids about online safety. MORE

A look behind online heists on Mexican banks that netted perpetrators nearly $20 million. MORE

While we’re on the subject, more cybercriminal tactics used against financial institutions. MORE

This is a useful high-level overview of the NIST cybersecurity framework. MORE

This campaign aims to hold tech giants to account for fixing security and privacy issues. MORE

How can security awareness programmes become more effective at reducing risk? MORE

An excellent security checklist for devices and accounts, courtesy of Bob Lord. MORE

Shodan Monitor alerts organisations when their IoT devices become exposed online. MORE

The post Security roundup: April 2019 appeared first on BH Consulting.

By

Cyber News Rundown: Hacker Exposes 26 Million Personal Records

Reading Time: ~2 min.

Gnosticplayers Adds 26 Million More Records for Sale

After the first 3 major data dumps, which totaled over 600 million records, the hacker known as Gnosticplayers has released his latest cache of data, which contains at least 26 million personal user records. These data caches hold customer information for 32 companies overall and have been obtained over just the past couple months, making the data that much more lucrative. The hacker claims these breaches are done simply out of frustration that security is still not being taken seriously by many major companies from across the globe, which may explain why the price tag for each dump is so low.

Hackers Set Off Tornado Sirens in Texas Towns

At least 30 tornado warning sirens in two Texas towns were triggered in the early morning hours by an unknown hacker. While officials quickly shut down the sirens, they did so just 24 hours prior to a major storm during which they might have needed to use these critical emergency systems. This attack is very similar to one that affected the entire Dallas area in 2017, when hackers successfully compromised a radio system that set off over 100 tornado sirens across the city.

Marketing Firm Exposes 230 Million Records

Another misconfigured Amazon database, this time belonging to Exactis, carries the blame for a data breach that could affect at least 230 million individuals, with more data on 110 million individual records tied to businesses. While it is still unclear exactly how long the database was accessible, the company and an external security auditor maintain that the data was not accessed maliciously during its time online, though the independent researcher who first discovered the database reports that the data may have been spotted for sale on the dark web.

Ransomware Cripples Major Aluminum Manufacturer

Norsk Hydro, a major Aluminum producer, suffered a ransomware attack that successfully shut down a large portion of the company’s operations. The attack forced the company to switch to manual operations at all of its facilities around the world, and temporarily take down their website while they worked to restore their systems from backups. Fortunately, the company retains backups for their major operations, so normal production should resume within the week.

Gearbest Leaks 1.5 Million Customer Records

Following the trend of unprotected databases, researchers recently found yet another one, this time belonging to Gearbest (a Chinese e-commerce site). This database contained unencrypted personal records for over 1.5 million customers around the globe, including payment data, ID and passport info, and even data that could compromise Gearbest itself, as URLs for an internal software platform were also exposed. The company has since claimed that the number of exposed records is much smaller than originally posted. However, they also maintain that they use strong encryption on all stored data, despite this latest evidence to the contrary. 

The post Cyber News Rundown: Hacker Exposes 26 Million Personal Records appeared first on Webroot Blog.

By

Cyber News Rundown: Georgia County Pays for Ransomware Threat

Reading Time: ~2 min.

Georgia County Pays Six Figure Ransom to Restore IT Systems

Following a ransomware attack earlier this month, officials in Jackson County, Georgia decided to pay a $400,000 ransom in order to obtain a decryption key and return their systems to normal operations. While it’s not normally recommended to pay ransoms, but instead to keep proper backups of critical files, the county decided that it would cost significantly more to restore the systems on their own. It is still unclear how the breach unfolded or how long the hackers had access to the network.

Michigan Healthcare Group Compromised

Sensitive information on over 600,000 patients was recently exposed after the Wolverine Solutions Group (WSG) suffered a data breach. The WSG initially suffered a ransomware attack in September of last year, and has been working to decrypt many of their systems since then. Due to Michigan’s lax laws regarding the announcement of a data breach, customers who may have been affected were contacted only within the last month.

Redirect Tags Found on Fortune 100 Sites

Hundreds of third-party redirect tags have been found hidden on the websites of Fortune 100 companies. These tags could allow attackers to access user data from any of the compromised sites and also degrade the performance of sites with multiple hidden tags. Many site owners even expressed concern over possible customer data loss, but did little to clear the tags from  their sites.

Asian Gaming Companies Infiltrated by Backdoors

Several Asia-based gaming companies have discovered hidden backdoors within main executables of some games attracting tens of thousands of players. Fortunately, after identifying the malicious code two of the three companies immediately pushed updates to their software, and the command & control servers for the backdoors were taken offline soon after. The backdoors appear to have originated from a malicious Chinese hacker group that has committed these types of attacks multiple times in recent years.

Info on 1.8 Million Women Found on Unprotected Chinese Database

An unprotected database was recently found which contains extremely sensitive data for nearly 1.8 million women in China. Amongst the personally identifying information was GPS coordinates, political affiliations, and even available video of specific individuals. Unfortunately, while the owners of this one database were successfully contacted, there are still thousands of similarly unprotected databases on Chinese networks.

The post Cyber News Rundown: Georgia County Pays for Ransomware Threat appeared first on Webroot Blog.