Industry Intel

Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

Cyber News Rundown: Hackable Mercedes

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Mercedes Keyless Entry Leads to Car Theft

It was discovered this week that criminals are using an unusual technique to steal late-model that are equipped with keyless entry. By using a frequency relay box, the criminals can boost the signal from keys, often still within the home, to trick the car into thinking they are nearby and unlocking or starting the vehicle remotely. Unfortunately, this trick is also capable of deactivating pre-installed tracking systems, leaving the owner unable to locate the stolen vehicle.

Former Employee Cause of Coca-Cola Data Breach

Coca-Cola officials announced this week that a breach had taken place that could affect the personal data of at least 8,000 employees. The breach was discovered after law enforcement contacted the company regarding a mishandled hard drive. The drive itself was removed from the company by a former employee before he left, though it is still unclear if the information was used maliciously.

Honda India Leaves Unsecure Data on Thousands of Customers Online

It was recently revealed that two Amazon S3 buckets were left publicly exposed, leaving the sensitive information on over 50,000 customers widely accessible. The buckets, originally created for users of the Honda Connect app, contain everything from names and addresses to specific car details such as the VIN and Honda Connect login credentials. Additionally, the researcher who reported the exposed S3 servers also found a note from another researcher who discovered the leak and attempted to inform the owners nearly three months prior.

VPNFilter Botnet Nearing 500,000 Units Strong

Researchers have been monitoring a new botnet as it gains significant strength across the globe, currently affecting upwards of 500,000 unique devices. Using a multi-step process, VPNFilter can access the command and control server to begin gathering and sending data, along with allowing remote code execution. Unfortunately, it is nearly impossible to detect VPNFilter, as it remains relatively hidden while running its processes.

Major Canadian Banks Faced with $1 Million Ransom

Recently, officials from two of Canada’s largest banks announced that the financial information for almost 100,000 customers had been compromised and hackers are demanding $1 million to stop its public release. To make matters worse, neither bank was aware their client’s information had been stolen until the hackers demanded ransom payment, which raises concerns about what, if any, security measures they had in place.

Cyber News Rundown: Comcast Router Bug

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Comcast Router Bug Leaves Credentials Unsecured

Researchers recently found a flaw in the Comcast user authentication process that would allow anyone with an account number and partial address to illicitly access WiFi networks and alter any  credentials found there. Fortunately, Comcast was quick to take down the entire site and make the necessary changes so such detailed information can no longer be gathered without proper verification.

Scam Email Warns Users of Other Scammers

A new phishing campaign is gaining traction throughout the US, with users receiving emails regarding a bank transfer of several million dollars currently being held by the Bank of England. The email itself continues by listing off a respectable number of other “scammers,” warning the victim of potential fraud linked to the listed names. While bank transfers are relatively common, it should be clear that a suspiciously large amount of money offered without context should always be approached with caution.

Teen Monitoring Software Left Available Online

Recently, a mobile app that allows parents to monitor their child’s internet browsing has left two internal servers completely accessible to the internet. While the contained information did not include any payment data, it did have email addresses and passwords for nearly all the app’s clients. TeenSafe has since taken both servers offline, though the Amazon cloud buckets were available for an undocumented amount of time with no mention of unauthorized access during that period.

Fraudulent Fortnite Apps Preceding Official Launch

As Fortnite continues its steady rise in popularity following its latest release on iOS, hundreds of phony apps have already flooded the Google Play store in advance of the Android release. One specific was downloaded over 5,000 times before researchers reported the app to the Google Security team. By promising in-game currency for downloading and rating fake apps, the spyware-laden apps quickly begin gathering call and message logs from the device while simply displaying a Fortnite icon.

Sensitive Information Found on 200 Million Japanese Citizens

Likely accumulated from several data breaches over the last few years, a dataset has been found containing the personal information of at least 200 million individuals living in Japan. The data appears to have been gathered from dozens of websites with login credentials for up to 50 unique sites and stems back to 2013. While the source of the information is still unclear, researchers have found several previous attempts to sell smaller datasets on Chinese dark web pages.

Cyber News Rundown: Chili’s PoS Breached

Chili’s Restaurant Reveals Payment Card Breach

In the last week, officials have discovered a data breach that affects an unknown number of the chain’s 1,600 restaurants across the country. It is believed that the breach could affect customers who visited the restaurant between March and April of this year, and likely includes all payment information, though Chili’s doesn’t retain any additional customer data.

StalinLocker Requires Puzzle Code to Stop Deletion

A new screen-locking malware has been spotted that avoids the ransom and moves quickly to locking the entire screen. Once the lock screen is in place, a 10-minute countdown begins, and requests the user enter a specific code or it will begin deleting the contents of every mapped drive on the computer. Along with running a countdown timer, a picture of Joseph Stalin is displayed across the screen and the USSR anthem plays in the background.

Mexican Bank Funds Transferred Illicitly

Within the past month, the Interbank payment systems of the Mexican Central Bank were compromised, leaving millions of dollars unaccounted for. Abusing the interbank payment system allowed the attackers to immediately make the transfers and withdraw in cash. Even though some of the transfers were stopped for being suspicious, the final estimate rests at over $20 million. Fortunately for the bank’s customers, it appears that the stolen funds were from the bank’s accounts, not their clients.

Latest Dharma Ransomware Variant Uses .bip Extension

The most recent variant of the Dharma/Crysis ransomware has made some subtle changes since its previous iteration. Using a compromised RDP service, attackers are able to manually install the Dharma variant, which begins encrypting all files, including mapped and unmapped network drives with a .bip extension. Even though decryption hasn’t yet been made freely available, victims are still encouraged to attempt restoring from an external backup, as this variant will completely remove all shadow copies from the system.

Danish Train Network Hit with DDoS Attack

Thousands of Danish passengers found themselves unable to purchase train tickets from multiple sources after a DDoS attack took down the purchasing system. Some were fortunate enough to be able to purchase tickets directly from train officials, as even their staff was having difficulties communicating both internally and externally regarding the issue. Luckily, the systems were quickly restored to normal operation with no residual problems.

Cyber News Rundown: Excel JavaScript Support May Open Door to Exploits

Crypto Mining Makes the Jump to Excel

With the recent Microsoft release supporting JavaScript within Excel, it was only a matter of time before the scripting service was manipulated to mine cryptocurrency. Mere hours after the release, the first proof of concept appeared, with easy-to-replicate steps to get CoinHive functioning. While this proof of concept does require an Office Insider build to accomplish, it will likely be just as feasible when JavaScript is introduced into the publicly available version of Excel.

SynAck Ransomware Employs Unique Evasion Tactics

A relatively new ransomware variant, known as SynAck, has recently been spotted using an uncommon method for evading security measures. Using a procedure called Process Doppelganging, the malware can create a copy of a legitimate process and inject malicious code to be executed without running anything suspicious. Additionally, the malware is heavily obfuscated and targets numerous programs before encryption to shut down any running processes or tasks that may be necessary to encrypt.

Japanese Security Cameras Defaced

Over the past several weeks, Japanese officials have been dealing with complaints from victims whose security cameras have been hacked. These attacks arose due to negligence on the part of the camera owners, who disregarded proper security practices and failed to update the default passwords on the devices. To make matters worse, the frequency of these attacks has been steadily climbing in the last couple days, and have begun to include government-owned devices on secured networks.

Facebook Exploit Used for Crypto Mining

Researchers have recently discovered a malicious Chrome browser extension that attempts to steal account credentials for any cryptocurrency trading platform it finds on the system. By spreading through Facebook Messenger, FacexWorm can propagate quickly and begin any data gathering or cryptocurrency mining with relative ease. While most of its victims have been located in Southeast Asia, numerous occurrences have been spotted in Western European countries as well, demonstrating the extension’s reach and speed.

Phishing is Still Leading Mobile Infection Rates

In a recent report based on phishing statistics over the past year, officials found that Apple iOS® users had a significantly higher chance of receiving a phishing attempt than downloading malware. With over 4000 new phishing sites being created daily and over half of all internet usage occurring on mobile devices, it’s no surprise that attackers have shifted their focus to this immense group of users, who typically lack security software for their devices and typically don’t consider mobile security necessary.

Tech Support Scams: From Bad to Worse

Fake tech support scams aren’t going anywhere. In fact, recent data shows this type of social engineering attack is on the rise—with phony tech support calls, emails, and pop-ups peddling the digital equivalent of snake oil to unsuspecting internet users around the world.

While many people have grown wise enough to spot the warning signs of the typical tech support scam, a significant percentage fall victim, and exploiting their naivety can prove quite profitable for cybercriminals. A recent report from Microsoft describes a growing global problem: 153,000 reports were received from Microsoft customers involved in tech support scams in 2017, leading to a 24 percent rise in tech scams reported by Microsoft from the previous year. Those who lost money forked over an average of $200 and $400.

“It doesn’t require a great deal of technical knowledge to carry out a support scam, so it’s easy to see why criminals are choosing to jump into this field,” said Marcus Moreno, Supervisor of Threat Research at Webroot. “All that’s is needed is gaining the user’s trust and knowing more than they do about their computer. Whether criminals pay websites to host their fake support banners, or they proactively reach out to you, it doesn’t take much expertise.”

Due to the lucrative nature and relative success rate of these social engineering tactics, tech support fraud continues to propagate. The FBI’s Internet Crime Complaint Center (IC3) received around 11,000 cases of tech support scams in 2017, with victims claiming nearly $15 million in losses. That’s a shocking 86 percent increase from 2016!

The IC3 report also noted new variations of the typical tech support scam, with attackers resorting to posing as law enforcement to re-target previous victims by offering phony recovery assistance in exchange for a fee. Tech support scams are also turning to target cryptocurrency users, where the stakes can be higher, netting potentially thousands of dollars from a single victim.

Cold calls? Hold the phone!

The number one thing to keep in mind is that major tech companies—whether that’s Microsoft, your security software provider, or your device manufacturer—will never call you out of the blue. Beyond attempting to dupe a victim out of a fee for fake support services, cybercriminals can also try to gain remote access to your computer to steal personal information and install malware that can carry on the attack after the phone call has ended.

It’s also important to know that tech support scams also appear in the form of malvertising, such as pop-ups that can be found even on legitimate websites. These scam ads try to trick users with various fake system errors or malware infection warnings. Thousands of websites were recently discovered to be infected with malicious ads that lock users’ browsers and display a fake infection warning, according to SC Magazine. Web-based threats like this highlight the importance of keeping your devices updated and secure, as well as practicing safe browsing habits.

Visit our Cybersecurity Education Resources to understand more about common tech support scams and how to avoid falling victim. There you can also find blacklists of URLs and phone numbers known to impersonate Webroot and target our customers.

Cyber News Rundown: GDPR Edition

As the EU’s General Data Protection Regulation (GDPR) edges closer, we’re looking back on the five most significant stories during the lead up to its implementation. Read about GDPR’s impact on data security and find out how to get prepared with five steps to compliance.

What aspect of GDPR will have the biggest impact on you or your business? Let us know in the comments below!

GDPR Myths

On April 14, 2016, the EU received its final legislative approval for GDPR, making the changes official as of May 25, 2018. Many myths surround the legislation, stirring confusion among those affected. One major myth is that GDPR compliance is focused on a fixed point in time, similar to the Y2K bug. However, GDPR will be an ongoing journey that requires a complete change to many company procedures. The regulation will begin in May 2018, so businesses may not be pleased to discover they are currently in the “grace period,” and there will not be another one after the implementation date.

Data Breached

We discovered in 2017 that many corporations are far too negligent when it comes to securely storing sensitive consumer data. It seemed like hardly a week passed without another major data breach making headlines. The year saw Equifax fall victim to the largest data breach in corporate history, Uber conceal a breach affecting 57 million users for over a year, and more than a million patients’ records stolen from the NHS’s database, to name just a few high profile cases. GDPR will not stop data breaches entirely, but the introduction of fines as high as €20 million, or 4% of annual turnover, for noncompliance should force companies to take their data responsibilities more serious.

Brexit

Britain’s decision to exit the European Union has added confusion concerning GDPR compliance for companies within the UK. In September, however, the UK updated their data protection legislation, which brings GDPR wholesale into UK law. This confirms that the UK also recognises the importance of data protection and suggests UK companies will need to be at least as careful as their EU peers. Also, any company dealing with EU citizen data (even those located outside of the EU), will be expected to comply with these standards.

Google and the Right to be Forgotten

Google received 2.4 million takedown requests under the EU’s updated ‘right to be forgotten’ laws, which have been in place for search engines since 2014. GDPR will now expand on this right to certain data subjects- giving people more control over deletion of their data once it’s no longer necessary for a company to have. Data subject rights have been enhanced, so companies that process personal data will be expected to have procedures in place to act on requests in the proscribed timeframes.

Facebook

Facebook have been in the news a lot over data rights, most recently for allegedly allowing Cambridge Analytica to harvest the data of more than 50 million Facebook users. Previously, the ICO had gotten WhatsApp to sign an undertaking in which it committed publicly to not share personal data with its parent company Facebook until the two services could do it in a GDPR-compliant way. GDPR is clearly bearing down on big companies that have been negligent with customer data previously.

How to get prepared

Are you prepared for GDPR? A company can take the following steps to help become GDPR-ready:

  1. Know the facts: GDPR is coming, so make sure everyone in your company is aware of the important components and are fully trained to comply. Examine what data your company has and who you share it with. Auditing your data will help you to understand how you can meet the terms.
  2. Privacy Information:  Revisit the procedures governing how you inform individuals about personal data your company may be holding. Make amendments to those procedures as necessary to meet GDPR requirements.
  3. Individuals Rights: Verify your procedures cover the rights of individuals, including your processes for deleting or responding to a subject access request.
  4. Enforcement and Sanctions: It should be noted that GDPR will simplify enforcement for supervisory authorities and significantly increase fines.
  5. Consent: Data must be processed lawfully. There are many legitimate bases for processing personal data. However, most companies will use consent, contractual necessity, or legitimate interest as a basis for doing so.

Did You Know?

Webroot Security Awareness Training offers GDPR-specific compliance training modules to help ensure your employees are up to speed with the new regulations, in addition to industry-specific compliance courses. Learn more at webroot.com/awareness.

Cyber News Rundown: Facebook Reveals “Clear History” Feature

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Cyberattack Shuts Down Mexico Central Bank

Within the past week, several payment systems associated with Mexico’s central bank were compromised for an unspecified amount of time. The impacted systems led to delays with money transfers and processing of transactions for central bank customers, but officials claim no funds or data were stolen. It is still unclear how the attackers accessed the systems, though the issue has heightened awareness of possible security flaws.

Facebook Implementing History Removal Tool

In the wake of the data mishandling scandal that tarnished Facebook’s privacy standards, the company announced it’s working on a new tool that will allow users to clear browsing history and cookies from within Facebook, along with opting out of allowing Facebook to gather future browsing data. While this tool is still being created, Mark Zuckerberg has said Facebook hopes to give more privacy controls back to the users who trust the site.

Fitbit Adopts Google Healthcare API

Recently, Fitbit announced they will be integrating their current systems to incorporate the Cloud Healthcare API from Google in order to give healthcare providers better access to important data. Fitbit has been working towards this for some time by constantly improving their data analysis and providing better feedback to users and their health professionals. The partnership with Google’s API allows them to use an industry-compliant system, without the trouble of creating one from the ground up.

Northeast School District Pays Hefty Ransom

Following the April 14 cyberattack that encrypted much of a Massachusetts school district’s computer systems, local police recommended the district pay the $10,000 ransom to restore the system. While it paying ransoms is normally suggested only as a last resort, it would appear that the district wasn’t capable to restoring the systems on their own. In the end, it opted to pay the requested amount in hopes the criminals stay true to their word.

DVRs Being Compromised

A researcher recently released a tool that would allow anyone access to several brands of DVRs and illicitly obtain both device credentials and live video recordings. Using Shodan, the researcher was able to identify nearly 55,000 unique, accessible DVR devices that could be exploited with his tool using a previously discovered flaw for DVR devices.

‘Smishing’: An Emerging Trend of Phishing Scams via Text Messages

Text messages are now a common way for people to engage with brands and services, with many now preferring texts over email. But today’s scammers have taken a liking to text messages or smishing, too, and are now targeting victims with text message scams sent via shortcodes instead of traditional email-based phishing attacks.

What do we mean by shortcodes

Businesses typically use shortcodes to send and receive text messages with customers. You’ve probably used them before—for instance, you may have received shipping information from FedEx via the shortcode ‘46339’. Other shortcode uses include airline flight confirmations, identity verification, and routine account alerts. Shortcodes are typically four to six digits in the United States, but different countries have different formats and number designations.

The benefits of shortcodes are fairly obvious. Texts can be more immediate and convenient, making it easier for customers to access links and interact with their favorite brands and services. One major drawback, however, is the potential to be scammed by a SMS-based phishing attack, or ‘Smishing’ attack. (Not surprisingly given the cybersecurity field’s fondness for combining words, smishing is a combination of SMS and phishing.)

All the Dangers of Phishing Attacks, Little of the Awareness

The most obvious example of a smishing attack is a text message containing a link to mobile malware. Mistakenly clicking on this type of link can lead to a malicious app being installed on your smartphone. Once installed, mobile malware can be used to log your keystrokes, steal your identity, or hold your valuable files for ransom. Many of the traditional dangers in opening emails and attachments from unknown senders are the same in smishing attacks, but many people are far less familiar with this type of attack and therefore less likely to be on guard against it.

Text messages from shortcodes can contain links to malware and other dangers.

Smishing for Aid Dollars

Another possible risk in shortcodes is that sending a one-word response can trigger a transaction, allowing a charge to appear on your mobile carrier’s bill. When a natural disaster strikes, it is common for charities to use shortcodes to make it incredibly easy to donate money to support relief efforts. For instance, if you text “PREVENT” to the shortcode 90999, you will donate $10 USD to the American Red Cross Disaster Relief Fund.

But this also makes it incredibly easy for a scammer to tell you to text “MONSOON” to a shortcode number while posing as a legitimate organization. These types of smishing scams can lead to costly fraudulent charges on your phone bill, not to mention erode aid agencies ability to solicit legitimate donations from a wary public.

Another common smishing technique happens during tax-filing season and involves IRS-themed requests for the taxpayer to update personal and financial information. An uptick in these scams after the pandemic prompted the FBI to post public warnings.

Protect yourself from Smishing Attacks

While a trusted mobile security app can help you stay protected from a variety of mobile threats, avoiding smishing attacks demands a healthy dose of cyber awareness. Be skeptical of any text messages you receive from unknown senders and assume messages are risky until you are sure you know the sender or are expecting the message. Context is also very important. If a contact’s phone is lost or stolen, that contact can be impersonated. Make sure the message makes sense coming from that contact.

Related Resources:
Webroot blog: Smishing Explained: What It Is and How to Prevent It

Webroot blog: What’s Behind the Surge in Phishing Sites? Three Theories

Cyber News Rundown: Amazon DNS Service Hijacked

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Amazon IPs Rerouted for Several Hours

Early Tuesday morning attackers compromised an ISP that allowed them to reroute 1,300 IP addresses belonging to Amazon’s Route 53 DNS service. Amazon quickly released a statement on the issue and clarified that it was a specific vendor’s domain that was sharing the traffic across multiple peer networks. In doing so, the attackers were able to masquerade as MyEtherWallet.com, which netted them over $150,000 in cryptocurrency.

Middle East Ride-Hailing App Compromised

In an announcement at the beginning of this week, the ride-hailing app Careem addressed a data breach that occurred in mid-January. The breach could affect nearly 14 million customers, though officials have stated that no payment information was amongst the compromised data, as it is stored off-site. Fortunately, the breach shouldn’t affect anyone who signed up for the app after January 14.

Complaints of Tech Support Scams on the Rise

Over the course of 2017, Microsoft saw a 24% rise in the number of complaints regarding tech support scams their customers fell victim to. This increase is similar to the findings of the FBI’s Internet Crime Complaint Center, which saw an 86% change from the previous year. While the tactics used have not varied much, the number of scam calls have gone up significantly and have branched out to include both Mac and Linux users.

City of Atlanta Closing in on $3 Million Mark for Ransomware Recovery

It was recently revealed the City of Atlanta has spent close to $3 million to recover from a ransomware attack nearly a month ago. Though the original ransom was set at $51,000, paying it would not guarantee a swift resolution. Even now, Atlanta is still working on returning its systems to full working order. The delay may have been lengthened by the unknown amount of time the hackers had access to its system.

Malicious Crypto-miner Disables System Security

The newly dubbed PyRoMine, a cryptocurrency miner, which uses the EternalRomance NSA exploit to propagate, has been spotted in the wild over the past month. By disabling any security services it encounters, as well as Windows Updates, the malicious VBScript is able to compromise RDP to allow consistent traffic through port 3389. Even though it hasn’t spread widely, the number of unpatched machines still accessible to malware authors is a goldmine just waiting to be found.

Cyber News Rundown: Russia Bans Telegram

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Russia Blocks Millions of IPs to Halt Use of Telegram

Recently, Russia has been putting pressure on Telegram, an end-to-end encrypted messaging service, to release a master key that would allow Russian officials to monitor suspected terrorist communications. Many of the blocked IPs belong to Amazon and Google, which have prompted Telegram users to switch to VPN services to continue using the app.

Facebook Accounts Breached by Stress Relief App

Within the last week, nearly 40,000 Facebook accounts have been compromised after users installed a stress relief painting program that silently steals available browser data. Likely being spread through spam emails, the malware itself runs a fully functional painting program that closely imitates the recently defunct Microsoft Paint and continues to gather data anytime its host computer restarts.

New Cryptominer Bypasses Open Browser Requirement

A recently discovered cryptominer functions like most previous miners, though its XMRig has been updated to no longer require an open internet browser session to begin its This change is significant, as it means the malware itself has been changed from being internet-reliant to endpoint-based, which allows it to function on the infected device without user interaction. While XMRig is still not the most prolific cryptominer currently operating, it’s believed to have spread to over 15 million unique endpoints around the world.

Tax Season is Open Season for Cyber Criminals

As the 2018 tax season wraps up, officials are working hard to determine if high volumes of tax returns being sent from individual computers are from tax professionals or criminals. While the IRS does have methods for stopping massive quantities of returns from being issued from a single device, tax professionals regularly file up to hundreds of returns per year. So how do they determine if they are legitimate or not? Now, cybercriminals have also recognized this loophole and have begun targeting pros, rather than individuals, to stay undetected while submitting fraudulent tax returns.

Microsoft Engineer Charged for Ransomware Money Laundering

A Microsoft employee was charged this week with laundering money accrued from a Reveton ransomware variant that was used as a prominent screen-locker several years ago. The engineer is accused of transferring over 100,000 USD to a partner in the UK that had been extorted as ransom for restoring the system to its normal functionality.

Cyber News Rundown: Hacktivists Strike YouTube Music Videos

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Music-Oriented YouTube Channels Hacked

Within the last week, hackers have defaced multiple YouTube music videos, focusing largely on Vevo channels with high view counts. Most of the videos were quickly taken down after suspicious upload activity was found on several accounts, leaving some videos with the statement “Free Palestine” in the description. Vevo worked quickly to resolve the defacement and is in the process of returning the affected videos to viewable status.

Pen Test Reveals Security Risks for Radar

Researchers have recently been working to determine if radar is truly secure, as industry professionals have claimed, since it doesn’t interact with the Internet. Unfortunately, after a bit of effort, these same researchers were able to successfully breach the core systems for radar on a Navy vessel and modify it enough to set the ship off course without raising alarms. The system, had it been maliciously compromised, could have easily run the ship aground or sent off on a dangerous interception course. In addition to taking control of the vessel, the researchers were also able to remove all radar detections and leave the ship effectively blind in the water.

Majority of Android Users Denied Consent to Facebook over Data Collection

In a recent survey, nearly 90% of the 1,300 users had refused consent to Facebook for collecting SMS and call data. Unsurprisingly, Facebook has replied that the choice was an opt-in rather than out and users should have been asked, though many agree that no choice had ever been presented to them. Some users have even reported seeing over two years worth of call and SMS data saved within their Facebook account’s data.

Facebook Announces Permissions Change

In the wake of the Cambridge Analytica fiasco, Facebook has made multiple changes to its policy on app permissions that collect user data. Any app that hasn’t been accessed within the last 90 days will require the user to go through the Facebook login page and re-consent to any data collection that may take place. These changes will not be immediate, but instead rolled out over a two-week period, giving users time to decide which apps they want to use and letting expired data tokens be deleted.

Department of the Interior Faces Malware Infection

Nearly three years after the data breach within the Office of Personnel Management, the Interior Department is still having issues with properly securing their systems. The latest internal threat stems from a US Geological Survey employee who was found to be watching pornography and saving the videos to an external hard drive, which led to their computer hosting Russian malware. This likely ties back to the department relying on automated security systems, rather than having trained personnel actively monitoring for malicious activity.

Cyber News Rundown: Breaking Panera Bread

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Panera Ignores Security Flaw for Months

This week it was revealed that Panera failed to disclose or resolve a data breach affecting nearly 37 million customers for more than eight months. When researchers initially reached out to the company in August of last year, Panera officials believed the e-mail to be spam and ignored it until the researcher followed up about the leak. While a resolution has finally been put forth by Panera, their attempts to downplay the leak to the media and extreme delay in taking action are unacceptable for an organization of that size.

Indian Utility Company Facing Ransom

A regional power utilities system in India was recently breached and now finds their billing data held hostage for nearly 20 Bitcoins. While officials are the cause of the attack, the billing systems are already back to normal, as there were several methods for backing up the data. The affected site was one of two that monitor many districts’ electricity billing throughout the region.

Under Armour Fitness Tracking App Breached

Under Armour announced this past week that their MyFitnessPal app had been subject to a data breach potentially affecting nearly 150 million users. Fortunately, the breach seems to contain only usernames, email addresses, and passwords for the app. Customers’ more sensitive information is stored beneath another layer of encryption. Under Armour has since released a full FAQ site along with a public statement in less than a week from the initial discovery.

Employee Info Leaking from Live Chat Widgets

Several live chat widgets have been found to expose a considerable number of personal details for employee conducting the chats. What’s more worrisome, the offending widgets can be found on hundreds of the largest websites, though the data being leaked varies based on company data policies. At least one of the notified widget creators has acknowledged the issue and will hopefully resolve it quickly.

High-end Retailers Have Payment Data Stolen

At least three separate high-end retailers recently disclosed a payment system breach that could impact millions of recent customers. A few hundred thousand cards have already been released, with the hacker group known as JokerStash promising to release more than 5 million in total, likely split amongst the stored data of the three retailers.