Industry Intel

Ransomware “Star” Shines on LG Smart TV

As ransomware continues to steal the malware stage, its authors have widened their target audience to include smart devices, such as TVs. Since a number of smart TVs use Android® operating systems, they can be susceptible to the same Android malware that usually strikes mobile devices. Recently, owners of an older LG TV model were presented with a ransomware lock screen after installing a third-party streaming app for movies. The good news for current customers, however, is that many TV manufacturers have taken steps to help prevent these types of attacks by adopting a Linux-based OS.

Facebook Vulnerability May Reveal Private Email Addresses

Bug bounty programs are rewards that many websites offer to encourage “white hat” individuals to report bugs, exploits, and vulnerabilities in their code. They’ve been around for years, and can offer big money to people who can successfully verify a vulnerability in a website or application. One such payout occurred recently when a researcher found a Facebook bug that let him access the private email addresses of any user through the Facebook Group notification function. After sending group invitations, he noticed the page URL showed the recipient’s email address in plain text. Fortunately, thanks to this intrepid bounty hunter, the vulnerability has been addressed.

Ransomworm: The Newest Contender in the Ransomware Ring

A good cybercriminal—that is, one who is good at their trade—is always on the lookout for the latest ways to exploit internet usage habits and vulnerabilities. According to researchers on the subject, the next evolution of highly lucrative ransomware campaigns will likely incorporate network worm capabilities. By adding the functionality of a network worm, ransomware could more easily spread across entire networks, causing exponentially more devastation to its victims. While early variants of a Ransomworm have already been seen in the form of USB propagating infector ZCryptor, it won’t be long before we see wider spread variants in the wild.

Airline Booking Systems Rival TSA for Worst Security Nightmare

“Booking travel.” That’s all I had to say before you groaned, right? Planning a trip already has the potential to be extremely stressful. A lot of the frustration is (at least partially) due to ancient systems that have been in place across the world for decades; and, although they facilitate various necessities for air travel, they don’t always do so quickly or efficiently. More importantly, because many of these systems are over 30 years old, they aren’t up to today’s security standards, and they can be insanely difficult to retrofit—leaving customers’ information vulnerable.

Music Pirate May Walk the Plank

You might think music piracy is sooo early 2000s, but P2P programs that allow users to “share” their music libraries are still alive and well, and authorities confirm that piracy is still thriving. Recently, a UK man was arrested for distributing singles from the country’s Top 40 list across multiple torrent sites and causing untold commercial loss to record companies and artists.

As 2016 comes to a close, it’s time to reflect back on the largest/most significant security news stories that left an impact on the world.

Mirai Botnet

Being hailed as the largest attack of its kind in history, the DDoS attack launched by the Mirai botnet encompassed over 100,000 unique endpoints and hit a peak of 1.2 Tbps, all through the unauthorized use of IoT devices. During the attack, many highly-trafficked sites were brought to a halt along with several critical Internet infrastructure points based on the Dyn server architecture which supports the majority of the Internet’s DNS pathways.

Panama Papers Leak

Early in 2016, it was announced that a confirmed data breach had taken place within Mossack Fonseca, one of the largest offshore law firms in the world. In the breach are over 11 million files with financial documents for thousands of prominent individuals, from actors to politicians to entire corporations.

Adult Dating Sites’ Users Exposed

While several adult dating sites were targeted by hackers in 2016, the farthest reaching was the FriendFinder Network breach that affected over 400 million active customer accounts. Even worse for the victims, the majority of user passwords were stored in plaintext, or without any encryption in place.

Hospital Succumbs to Ransom Demand

With more and more healthcare facilities coming under attack from ransomware, it’s no surprise to see at least one fail to have the proper backups and are forced to pay the ransom to regain their systems. Early in the year, Hollywood Presbyterian medical center was forced to pay a $17,000 ransom to ensure they could continue normal operations, which set an example for attacks in the coming months, for potential targets to properly defend against such attacks.

FBI vs. Apple Encryption Debate

As data privacy concerns continue to grow, the dispute between the FBI and Apple regarding a phone used by a suspect in the San Bernadino shootings being unlocked possible evidence in the case. The issue ended up going to court with Apple defending its customers rights by declining to assist with bypassing the encryption, as the workaround could be used limitlessly once created. The case was eventually dropped as the FBI was able to gain access to the device without Apples’ assistance.

Credit card fraud and email scams aren’t the only thing you have to worry about this holiday season. Criminals in the UK are stepping up their game by using radio frequencies to steal cars.

Ransomware Uses Credit Card Emails with Infected Attachments

A new ransomware variant of Cerber is using fake credit card reports to entice users into opening infected email attachments. By tricking users with fake fraudulent charges for items they never purchased, the malware authors hope the victim will open the malicious document to review and cancel the charge. Fortunately, the emails are poorly-worded and contain several spelling mistakes to make them easier to spot.

Another Yahoo Hack…

Many of you have heard of the fairly large hack that affected Yahoo users in the last few years, and have (hopefully) taken steps to protect yourselves from fraudulent activity. But Yahoo recently came forward to reveal a much larger hack that could affect over 1 billion users and their account information. Although Yahoo was able to identify the infiltration point, the information—both encrypted and unencrypted—had been compromised for at least a year before they discovered the breach.

Enterprising Car Thieves Use Radio Waves to Keep Doors From Locking

Criminals are jamming the radio signals that lock and unlock vehicles, leaving unattended cars open and ready to steal. While the majority of recent thefts have taken place in the UK, this could easily become a global concern. As vehicle technology continues to advance, it’s no surprise that car thieves are keeping up with the times.

Health Service Providers Stuck on Old OS

A recent study on UK National Health Service trusts found that over 90% of healthcare providers were running their networks on Windows XP. Microsoft themselves stopped supporting this outdated operating system over a year ago and, as such, it’s full of vulnerabilities. Unfortunately, many providers around the world use outdated software with known security issues, which can put sensitive patient information at risk.

Evernote Changes Tune After Privacy Concerns

In the past few days, Evernote, the popular note-taking app, announced they would begin allowing select employees to view snippets of user data to better enhance their machine learning algorithms. The program was launched as an opt-out, but the issue of privacy erupted almost immediately. After just one day’s worth of outcry, the company changed the policy to opt-in and sent an apology to their 200 million users.

Personal computers and devices aren’t the only targets for ransomware authors. Their methods have evolved to target government offices and profitable organizations, forcing them to rethink their cybersecurity mitigation plans.

Blackheart Records Data Left Exposed Online

Recently, it has been discovered that a large, unsecured database containing sensitive information on several prominent recording artists from Blackheart Records was left publicly available for an undetermined amount of time. The data that was found included passport scans, banking information, and other sensitive login information for Joan Jett and several of her bandmates. While the database has since been taken offline, the researchers state that there are still hundreds of servers and private machines that use Rsync as a backup, which leaves the server vulnerable.

GoldenEye Ransomware, New Petya Variant

In the past week, a new variant of the Petya ransomware has been discovered in the wild. Going by the name ‘GoldenEye‘, the variant runs the file encryption prior to gaining administrative privileges to modify the MBR (Master Boot Record), unlike Petya which would attempt the MBR modification first. While encrypting the hard drive, ‘GoldenEye’ displays a fake ChkDsk screen to placate the user until the process is complete. Currently, it’s main targets appear to be German-speaking users and is primarily spread through spam email campaigns.

Stegano Embeds Malicious Code in Banner Ads

In the past few months, researchers have been seeing a steady rise in the malicious ad campaign dubbed ‘Stegano’, which places malicious code into the parameters controlling transparency for pop-up banner ads. This recent campaign could potentially lead to millions of end-users becoming infected, as the altered ads have been found on many high-traffic news sites that typically have higher levels of security. Once the code ensures the system is running Internet Explorer, it begins redirecting the victim to sites hosting Adobe Flash exploits and attempts to infect and gather sensitive data. Fortunately for many users, several of the Flash exploits have already been resolved, which will lead to fewer infections.

Pennsylvania Prosecutor’s Office Pays Ransom

While the Avalanche Network was being dismantled by cooperating government agencies last week, the prosecutor’s office in Pennsylvania was recovering from a cyber attack which demanded a $1,400 bitcoin ransom payment. The attack was linked to a 2015 employee breach, but the after effects are still being seen after they decided to pay the ransom. In the six-year span that the Avalanche group operated, they are credited with infecting over half a million computers across nearly 200 countries.

Indiana County Out $200,000 After Ransomware Attack

Recently, it was announced that Madison County, Indiana spent a total of $200,000 in the wake of a ransomware attack on several county offices. With a ransom of $21,000 being paid out to the attackers, the additional expenditures were to recover their infected systems and provide better long-term security, including a backup solution for their data. Even with a high ransom, it’s not surprising to see the costs continue to rise as the victims scramble to rebuild and begin the hard task of creating and implementing a cybersecurity mitigation plan.

Between a handful of high profile network hacks and the steady stream of ransomware attacks, the last week of November didn’t pull any punches in the constant sparring match that is cybersecurity. In the wake of headlines about a US Navy breach, large scale network outages across Germany, and more, internet users across the globe must stay watchful and wary of their next click.

US Navy Sees Massive System Compromise

Officials in the US Navy have been notified of a security breach stemming from a Hewlett Packard Enterprise contractor whose laptop had been compromised. Currently, the Navy is contacting those who may be a part of the nearly 140,000 names and social security numbers that were affected, though it is still unclear on exactly how the breach occurred. With the steady rise in cyberattacks, the stress on IT departments of all sizes is mounting to defend against future attacks.

Tech Support Scammers Using Ransomware to Boost Income

Researchers have discovered an unsettling evolution to the traditional cold-calling tech support scams: executing ransomware on their victims’ computers to ensure payment for their “cleaning services”. While typical scammers will attempt nearly anything to get personal information, the use of ransomware takes the threat one step further by maliciously forcing payment regardless of any services rendered. Even worse for victims of VindowsLocker—as the ransomware is dubbed–the authors failed to properly setup the ransom transactions and thus, users may be unable to regain their files even if the ransom is paid.

UK National Lottery User Accounts Hacked

Major website hacks are occurring regularly due to reused login credentials, and it’s still a shock when a large site operator has to begin notifying tens of thousands of users about a possible data breach. Now we’re adding the UK National Lottery to the list. Only a small fraction of the National Lottery’s users were compromised, but Camelot, the operator for the lottery, has been forcing password resets for any potentially compromised individuals. While password re-use is the likely cause of the breach, it is still uncertain why the Lottery didn’t offer any additional authentication prior to the user accounts that were taken over.

San Francisco Train System Brought Down By Ransomware

In recent days, it has been discovered that the San Francisco Municipal Transit Agency was taken offline with only a poorly worded ransom message displaying for customers and employees alike. The attack led to the SFMTA providing free rides to customers while the issue was being resolved. In a surprising stance, the excessive ransom demanded–100 bitcoins totaling over $70,000 USD—was not paid to the attackers. For many public utilities and services, having the capability to promptly return to normal functions after such an attack is extremely important, and fortunately the SFMTA have announced that no customer information was compromised.

German Telecom Provider Hit with Mirai Variant

There is no doubt the world is now more attentive after the last Mirai botnet attack that took down several prominent sites. Yet, a similar variant has been deployed keeping DSL customers in Germany disconnected. Recently, nearly 900,000 telecom customers have been unable to access anything reliant on their DSL routers, which have been under attack for several days. By scanning for commonly open ports on routers, the attackers are able to remotely execute code resulting in a widespread DDoS attack.

Alarming Number of Sites Still Using SHA-1 Certificates

The January deadline for switching over to SHA-2 rapidly approaching. For the vendors that are still lagging behind, they will begin to see browser warnings to their customers stating the site is untrustworthy for processing sensitive information. Surprisingly, 1/3 of all worldwide sites are still using the insecure algorithm. Unfortunately for many of these vendors, switching to SHA-2 could take quite a bit of work, as they have to locate and identify their current SHA-1 certificates before the migration can start.

PoisonTap Tool Navigates Around Password-Protected Computers

Recently, a new tool has been making its name by allowing an attacker to gain access to a computer, even while locked, by simply plugging in a malicious USB. The tool, dubbed PoisonTap, gains access to any unencrypted internet traffic and captures cookies used to login to sensitive accounts. Once the information is captured, the tool installs a backdoor to allow the attacker further access to the computer, then transfers all data back to the attacker’s server.

Ransomware Steps Up Blackmailing Methods

Ransomware is still on a steady path of destruction, and one variant has gone the extra step to better ensure the ransom gets paid. By scanning the system for any trace of child exploitation or pirated content, the ransomware is able to display a directed warning message about any files found that it could then expose to the public. By threatening the user with releasing any incriminating files, the attackers hope for a higher number of victims paying the ransom, as it now holds leverage against the payment.

Adult Friend Finder Hack, Possibly Largest Ever

Recently, the adult dating site Adult Friend Finder, and its network of other sites, has fallen victim to one of the biggest data hacks on record. With nearly 412 million users accounts compromised, the network’s security is coming under scrutiny as nearly a third of the passwords found were stored as plain text files or relied on the long-outdated SHA-1 algorithm. Even more worrying, many of the passwords appear to be extremely simple words or number sequences that are likely being re-used alongside the same email address for other websites.

Corporation Chains Hit with Customer Service Malware Attack

In the past few weeks, many vendors have complained about receiving fake customer service emails that contain malicious attachments. These attacks begin by impersonating a customer trying to provide sensitive information via email, and coercing the company representative into opening said attachment. Once opened, the malware begins downloading additional tools for collecting and transferring sensitive information back to the attackers. This method of stealing consumer data is not new, but the approach of remaining on the phone for the duration of the attack is something few researchers have seen before.

Your online identity is at risk now more than ever. This week’s cyber news update covers the growing threat of online banking attacks and phishing scams across the globe.

Tesco Bank Hacked For Millions

Tesco’s banking services released a statement earlier this week announcing that several thousand bank accounts had been hacked, resulting in the theft of nearly $3 million USD. At present, this attack is the largest hack to target a western bank. While Tesco Bank is still looking into the breach, they have already compensated customers whose accounts were affected, and have stated that no confidential customer information was exposed.

Google Safe Browsing Gets More Persistent

Ever since Google launched Safe Browsing over a decade ago, hundreds of millions of users have been prevented from being drawn into malicious websites through fake warning notifications. With the latest updates to Google’s security policies, Google will show additional full-page warnings for any offenders who violate policies repeatedly until the site can be verified. With the addition of the Repeat Offenders policy, sites that attempt to use any coverage gap to revert to harmful activity after the safety verification will be shut down for a period of 30 days.

TrickBot Banking Trojan Spreading Rapidly

A new trojan has risen and is targeting banking customers across the globe. Having started in the UK and spread into continental Europe, TrickBot uses redirection attacks and server-side injection to compromise user login credentials. Using spam emails as their delivery method, attackers have been able to hit a wider range of victims with a very high success rate.

PlayStation Hacks Target UK Gamers

Recently, dozens of PlayStation Network users have reported their accounts had been compromised and used to make fraudulent charges. While it is still unclear how the accounts are being compromised, it likely stems from reusing passwords, or possibly another Sony breach. Due to the increase in attacks, Sony recently released two-factor authentication to provide enhanced security for its users.

Nigerian Prince Scammers Upping Their Tactics

In the early days of the internet and email, scammers took advantage of ignorant users by pretending to be someone of great importance who simply needed help transferring funds. Today, these types of scammers have evolved their strategy by targeting victim computers and stealing login credentials to sensitive sites. Another change in their strategy has been to focus on big businesses, rather than individual consumers, to increase profitability.

Computer safety has never been more of a necessity, regardless of your location in the world. This week’s cyber news recap spans from Western Europe to Australia, with a variety of threats that everyday users may face themselves.

UK Hospital System Hit with Malware

In the last few days, a hospital network in the UK was infected with what is likely ransomware. This incident has lead officials of the affected hospitals to temporarily shut down all hospital operations until the infection is isolated and removed. While current patients will still receive care, all emergency cases are being transferred to other area locations. It comes as no surprise to see yet another hospital fall victim to cybercriminals due to the lack due to lack of security that’s systematic across the industry.

Flash Player Android App Actually Banking Trojan

Recently, many smartphone users may have noticed an increase in popups requesting payment card information. While initially unsuspecting, upon installation, the app will request administrative rights for the device and begin gathering data from over 90 different banking apps and other social media apps. Consumers using third-party app stores should be extremely cautious as the trojan uses fake overlays to appear as a legitimate application.

Converse Online Store Hacked

In the weeks following the largest data breach in Australia’s history, the country’s online retail site for Converse shoes was hacked. The prime target was payment card information, as is the norm for many of the recent online-retailer cyberattacks. However, the figures for any compromised information are still unknown. Fortunately for any customers that made purchases during that period of time, the site was able to remediate the incident quickly.

CEO Phishing Scam Targets New Zealand Nurses

With email scams always changing and evolving, the weakest point in an organization’s security is still the employees. Earlier in the week, an email coming from the alleged CEO of the New Zealand Nurses Organization requested the email addresses of all 47,000 employees. The recipient swiftly responded with the full list. Unfortunately for the victim, the email wasn’t from a legitimate source or even a company email domain, as the sender was noted to be a Yahoo address.

Google Discloses Windows Vulnerability, Receives Backlash from Microsoft

In the past week, Google released information regarding a zero-day vulnerability in a Windows OS kernel that was actively being exploited in the wild. After disclosing the information to Microsoft to get the issue resolved, they announced a simplified statement about the vulnerability. As some might suspect, Microsoft took offense as they require a more unified public disclosure. Microsoft has also announced a coordinated effort with Google and Adobe to mitigate any negative outcomes of the recent exploits and that a patch will be released in the coming days.

Fake BSOD Lock Screens Popping Up Again

In a nod to screen-locking malware from past years, a new variant has arrived that now requests a simple call to support for assistance. Rather than demand a ransom to remove the fake screen, it provides a number to a fake tech support line and suggests calling them. Fortunately for many users of Windows 8.1 or higher, the malware is disguised as Microsoft Security Essentials, a security software bundle that was removed and replaced by Windows Defender after Windows 7, which would be suspicious to see on any newer OS.

Surprising Value of Personal Records

The value placed on compromised data has a varied range with cyberattacks becoming the norm in many highly lucrative industries. Due to the high return on investment of financial records, they draw some of the highest price tags—$14 to $25 per record. However, data that may take more effort or time to analyze, such as medical records, can demand only a fraction of that for the sensitive information contained within. Because the medical industry is so low-tech in terms of securing patient information, they are a prime target for attacks, as we have seen in recent months.

Adobe Pushes Emergency Patch after Flaw Exploited

Recently, Adobe Systems was forced to issue an emergency patch to stop a flaw that could allow unauthorized code execution through Flash Player. The move came after reports of the vulnerability being exploited were announced. For most users, simply ensuring they are on the latest versions of any Adobe products in use will protect them from this vulnerability. Additionally, many users who have Flash Player through their browser will have the update installed automatically.

Ontario Schools Hit with DDoS Attack

In the same week as the major DDoS attack that affected the East Coast of the US, students preparing for their Grade 10 literacy test were unable to write the exam as the district’s computer systems were targeted with a similar attack. With this year’s exam being the pilot for future online testing, it was a major setback for officials looking to determine its viability, but also a disappointment for students who had been working hard in preparation for the test.

Russian Cybercriminals Taking Bank Attacks Worldwide

After spending the last couple years attacking local banks with cyberattacks, Russian criminals are now expanding their successful attack techniques to other countries. The largest factor contributing to this expansion is likely the value of the Ruble to other international currencies, as local attacks net a lower profit than foreign attacks on countries with a stronger currency. While the group behind the attacks is still unknown, it is likely they are spread through various countries to avoid detection.