PC PORTAL

Experienced. Trusted. Solutions.

ransomware

By

Cyber News Rundown: Emotet Targets Tax Season

Reading Time: ~ 2 min.

Tax Season Brings Emotet to the Front

As Americans prepare for tax season, Emotet authors have started a new campaign that imitates a W-9 tax form requested by the target. As with most malicious phishing, an attached document asks users to enable macros when viewing the files. This campaign can be particularly dangerous, because many people don’t spend much time looking at W-9s since they are only sent to contractors and clients who often quickly sign and return them. Emotet infections can further harm companies by downloading additional info-stealing malware and using infected machines to distribute spam campaigns.

Australian Logistics Company Faces Delays After Ransomware Attack

Toll Group, a major transportation company in Australia, fell victim to a ransomware attack this week that forced them to take several vital systems offline. Due to company cybersecurity policies, no customer data was accessed and the damage was minimized by a quick response from their team. While many customers have been able to conduct business as normal, some are still experiencing issues as they wait for all of Toll Group’s systems to return to normal operation.

Cryptomining Botnet Found on DoD Systems

A bug bounty hunter recently found an active cryptocurrency mining botnet hidden within systems belonging to the U.S. Department of Defense (DoD). The bug was also being used as a silent backdoor for additional malware execution. Unfortunately, the misconfigured server had already been illicitly accessed and the attackers had installed a cryptominer to obtain Monero coins, but officials for the DoD worked quickly to secure the system before further damage could be inflicted.

Maze Ransomware Targets Multiple French Industries

At least five French law firms and a construction corporation have fallen victim to the Maze ransomware variant, which is known for quickly exfiltrating sensitive information. Maze authors also made an announcement that they will begin releasing the stolen data if the victims refuse to pay the ransom. Though only two of the law firms have had their data posted so far, the remaining firms are expected to be exposed if the ransom is not paid.

British Charity Falls for Impersonation Scam

The British housing charity Red Kite recently fell victim of an impersonation scam in which nearly $1 million was redirected to a scammer’s account. By disguising their domain and illicitly accessing previous Red Kite email threads, the attackers were able to impersonate a contracting company without payment system safeguards stopping the payment or notifying victims that anything was abnormal until it was too late.

The post Cyber News Rundown: Emotet Targets Tax Season appeared first on Webroot Blog.

By

Cyber News Rundown: Cannabis User Data Breach

Reading Time: ~ 2 min.

Point-of-Sale Breach Targets U.S. Cannabis Industry

Late last month, researchers discovered a database owned by the company THSuite that appeared to contain information belonging to roughly 30,000 cannabis customers in the U.S. With no authentication, the researchers were able to find contact information as well as cannabis purchase receipts, including price and quantity, and even scanned copies of employee and government IDs. Though many of the records were for recreational users, medical patients were also involved in the breach, which could prompt additional investigations regarding HIPAA violations.

Ransomware Attack Shuts Down Florida Libraries

At least 600 computers belonging to the library system of Volusia County, Florida were taken offline after falling victim to an unconfirmed ransomware attack. While the libraries were able to get 50 computers back up and running, many of their core functionalities are still offline for the time being. Though officials still have not confirmed that ransomware was the cause of the shutdown, the attack is similar to ones targeting multiple California libraries less than a week earlier.

UK Government Allows Gambling Firms Access to Children’s Data

The Information Commissioner’s Office (ICO) was recently informed of a data breach that could affect nearly 28 million students in the UK. A gambling firm was apparently given access to a Department for Education database by a third-party vendor to complete age and ID verification, though it is unclear just how much information they were gathering. Both firms and the Department for Education have begun examining this breach to determine if this requires a full GDPR investigation.

International Law Enforcement Efforts Take Down Breach Dealer Site

In a combined effort from multiple law enforcement agencies in the U.S. and Europe, two individuals who operated a site that sold login credentials from thousands of data breaches were arrested. Immediately following the arrests, the domain for WeLeakInfo was taken down and all related computers were seized by police, who then promptly put up an official press release and request for any additional info on the site or owners. WeLeakInfo, which boasted access to over 12 billion records, was originally hosted by a Canadian company, but was quick to employ Cloudflare to continue their nefarious dealings privately.

UPS Store Exposes Customer Data

Roughly 100 UPS Stores across the U.S. fell victim to a phishing attack that compromised sensitive customer information over the last four months. This incident stems from a malicious phishing attack that allowed some individuals to compromise store email accounts, which then allowed access to any documents that had been exchanged between the accounts and customers, from passports and IDs to financial info. Fortunately, UPS has already begun contacting affected customers and is offering two years of credit and identity monitoring.

The post Cyber News Rundown: Cannabis User Data Breach appeared first on Webroot Blog.

By

Cyber News Rundown: Ryuk Uses Wake-on-Lan

Reading Time: ~ 2 min.

Ryuk Adds New Features to Increase Devastation

The latest variant of the devastating Ryuk ransomware has been spotted with a new feature that allows it to turn on devices connected to the infected network. By taking advantage of Wake-on-Lan functionality, Ryuk can is able to mount additional remote devices to further its encryption protocols. While it’s possible to only allow such commands from an administrator’s machine, those are also the most likely to be compromised since they have the largest access base.

Learn more about ransomware infections and how to protect your data from cybercrime.

Bank Hackers Arrested Outside London

Over the course of six years, two individuals were able to successfully hack into many hundreds of bank and phone accounts with the intent to commit fraud. With the information they gathered, the two were also able to open new credit accounts and take out significant loans to purchase extra tech hardware. Officials for the London Metropolitan Police have made it known that cybercrime is taken just as seriously as any other crime.

Cryptominer Found After Multiple BSODs

Following a series of “blue screens of death” (BSoDs) on a medical company’s network, researchers identified a cryptominer that spread to more than 800 machines in just a couple months. The payload, a Monero miner, was hidden within a WAV file that was able to migrate undetected to various systems before executing the payload itself. To spread efficiently, the infection used the long-patched EternalBlue exploit that had not yet been updated on the network in question, thus leaving them fully susceptible to attack.

Consulting Firm Exposes Professional Data

Thousands of business professionals from the UK have potentially fallen victim to a data leak by the major consulting firm CHS. A server belonging to the company was found to contain passports, tax info, and other sensitive information that could have been archived from background checks within an unsecured Amazon Web Services bucket. While it is still unclear how long the data was available, researchers who discovered the leak quickly contacted both CERT-UK and Amazon directly, which promptly secured the server.

Western Australian Bank Breached

Over the last week officials for P&N Bank in Australia have been contacting their customers concerning a data breach that occurred during a server upgrade in early December. Though personally identifiable information has been exposed, it doesn’t appear that any accounts have been illicitly accessed and relates more to a customer’s contact information. A total number of affected customers has yet to be confirmed.

The post Cyber News Rundown: Ryuk Uses Wake-on-Lan appeared first on Webroot Blog.

By

Cyber News Rundown: Snake Ransomware

Reading Time: ~ 2 min.

Snake Ransomware Slithers Through Networks

A new ransomware variant, dubbed “Snake,” has been found using more sophisticated obfuscation while targeting entire networks, rather than only one machine. In addition, Snake will append any encrypted file extensions with five random characters following the filetype itself. Finally, the infection also modifies a specific file marker and replaces it with “EKANS,” or SNAKE spelled backwards. A free decryptor hasn’t been released yet, and the malware authors have specified that that encryption will be for entire networks only.

Minnesota Hospital Data Breach

Sensitive information belonging to nearly 50,000 patients of a Minnesota hospital has been illicitly accessed after multiple employee email addresses were compromised. While in most cases the information accessed was medical data and basic contact info, some patients may have also had their Social Security and driver’s license numbers compromised. Alomere Health has already contacted affected patients and begun providing credit and identity monitoring services.

Cyberattack Finally Cracks Las Vegas Security

For a city that is the target of roughly 280,000 cyber attacks every month, one attack was finally able to make it through Las Vegas security protocols. The attack appears to have stemmed from a malicious email but was quickly quarantined by city IT officials before it could do any critical damage. Earlier in 2019, Las Vegas officials proposed a measure to refuse payments to any cybersecurity threat actors.

Travelex Falls Victim to Sodinokibi Ransomware

On the first day of 2020, foreign travel service provider Travelex experienced a ransomware attack that used unsecured VPNs to infiltrate their systems. To make matters worse, a demand of $6 million has been placed on the company for the return of their data, or else the ransom will be doubled. Since this attack, a scoreboard has been created to track the six additional victims of the Sodinokibi/REvil ransomware campaign.

ATM Skimmer Arrested in New York

At least one individual has been arrested in connection to an ATM skimming ring that has taken over $400,000 from banks in New York and surrounding states. From 2014 to 2016, this group installed card skimmers in an unidentified number of ATMs in order to steal card credentials and build up fraudulent charges. Eleven other people are connected with this incident and will also likely be charged.

The post Cyber News Rundown: Snake Ransomware appeared first on Webroot Blog.

By

Cyber News Rundown: US Coast Guard Hit with Ransomware

Reading Time: ~ 2 min.

US Coast Guard Facility Hit with Ransomware

During the last week of December a US Coast Guard facility was the target of a Ryuk ransomware attack that shut down operations for over 30 hours. Though the Coast Guard has implemented multiple cybersecurity regulations in just the last six months or so, this attack broke through the weakest link in the security chain: human users. Ryuk typically spreads through an email phishing campaign that relies on the target clicking on a malicious link before spreading through a network.

Crypto-trading Platform Forces Password Reset After Possible Leak

Officials for Poloniex, a cryptocurrency trading platform, began pushing out forced password resets after a list of email addresses and passwords claiming to be from Poloniex accounts was discovered on Twitter. While the company was able to verify that many of the addresses found on the list weren’t linked to their site at all, they still opted to issue passwords reset for all clients. It’s still unclear where the initial list actually originated, but it was likely generated from a previous data leak and was being used on a new set of websites.

Cybersecurity Predictions for 2020: What Our Experts Have to Say

850 Wawa Stores Affected by Card-skimming

Nearly every one of Wawa’s 850 stores in the U.S. were found to be infected with a payment card-skimming malware for roughly eight months before the company discovered it. It appears Wawa only found out about the problem after Visa issued a warning about card fraud at gas pumps using less-secure magnetic strips. WaWa has since begun offering credit monitoring to anyone affected. In a statement, they mention skimming occurring from in-store transactions as well, so card chips would only be effective if the malware had been at the device level, rather than the transaction point.

Microsoft Takes Domains from North Korean Hackers

Microsoft recently retook control of 50 domains that were being used by North Korean hackers to launch cyberattacks. Following a successful lawsuit, Microsoft was able to use its extensive tracking data to shut down phishing sites that mainly targeted the U.S., Japan, and South Korea. The tech company is well-known for this tactic, having taken down 84 domains belonging to the Russian hacking group Fancy Bear and seizing almost 100 domains linked to Iranian spies.

Landry’s Suffers Payment Card Breach

One of the largest restaurant chain and property owners, Landry’s, recently disclosed that many of their locations were potentially affected by a payment card leak through their point-of-sale systems. The company discovered that from January through October of 2019, any number of their 600 locations had been exposed to a card-skimming malware if not processed through a main payment terminal that supported end-to-end encryption.

The post Cyber News Rundown: US Coast Guard Hit with Ransomware appeared first on Webroot Blog.