Last week, we covered the results of our survey of more than 600 IT decision-makers at medium-sized companies in the U.S., U.K., and Australia. Participants shared valuable insights into their cybersecurity understanding and preparedness, and I gave my own analysis of what the numbers indicate.

Quick recap

I’ve been in the security industry for more than 20 years, and the survey results brought to light some discrepancies I think are worth further consideration. To review:

• 96% of those surveyed believe they are susceptible to cyber threats.
• 80% use third-party IT security resources (mixed-use IT and security teams).
• 29% think they are ready to handle a cybersecurity-related incident.

If 80% of the businesses we surveyed outsource their cybersecurity to trusted MSPs, shouldn’t all 80% feel confident they have the resources to manage a cybersecurity breach? Why did just 29% of respondents report they feel ready to handle that incident?

To me, these numbers indicate many companies are paying for security resources, but still need to train their internal teams to improve confidence that they could triage an incident successfully. So, what can businesses do to reduce their risk of exposure and prepare themselves for a cybersecurity-related incident?

Three quick processes to help small businesses:

1. Cyber Hygiene: get back to basics. Approximately 80% of the risk facing your organization from the majority of cyber threats can be minimized drastically if you take care of the basics correctly and continuously. You need antivirus and antimalware on all of your endpoints, and you need to make sure they stay up to date. Patch all corporate asset applications and operating systems in a timely manner, particularly critical security patches. (The industry standard is normally 2 weeks after issuance to allow for field testing.)Don’t forget to back up all critical data securely and keep it offsite. Test your backups at least once a quarter. Include a strong firewall for your network, segment your network to protect critical operations, and turn on the personal firewall software on your desktop computers. Below are some useful links to guide you in this process:
   1. S. Cert list of resources to assist small businesses in recognizing their cybersecurity risks: https://www.us-cert.gov/ccubedvp/smb
   2. S. Federal Trade Commission list of 10 practical lessons for small businesses: https://www.ftc.gov/tips-advice/business-center/guidance/start-security-guide-business
2. Training: don’t hate, educate. For small businesses to manage the impact of a cyberattack, they need to train. I recommend using a good threat intelligence feed to help train IT and security personnel on the threats facing the business and then have them meet periodically to go over the procedures to manage a real-world incident. The company needs to build good muscle memory into its incident response team, even if these types of requirements have been contracted out to an MSP. In the latter case, small businesses should work with their MSPs to determine how their in-house staff should support the MSP during an incident.
3. Cyber Insurance: i.e. cover yourself. After a small business has assessed their risks, mitigated, and done as much planning as possible, they should look into cyber insurance policies. The policy would likely be different for each company, depending on the services they require. Remember the costs I listed above. The largest costs post-incident are notifying all affected customers and engaging forensics/data recovery services. Having insurance goes a long way toward helping your business recover quickly and cleanly in the event of a breach.

Today’s online landscape is incredibly dynamic and changes every day. To manage risks in the face of increasing changes and challenges, we recommend small and medium businesses partner with MSPs that can provide critical security services, and work with their in-house teams on education and business continuity strategies. Businesses should also maintain security basics correctly and on a continuous basis, while doing extensive worst-case scenario planning. By taking these types of steps, we can ensure a safer, more secure online experience for all of our respective businesses and customers.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Amazon Echo Resolves Security Flaw

Researchers have recently discovered a major security flaw that affects several generations of the Amazon Echo. The flaw itself involved being able to physically access the device to install malware that records conversations, all while retaining normal usability. Fortunately for consumers, only the 2015 and 2016 devices appear to be susceptible; the flaw was fixed for the 2017 production.

New Features Added to Banking Trojan

As more banking customers use their devices to conduct an increasing number of transactions, authors of banking Trojan, Svpeng, have added in a new enhancement: keylogging. After checking the device’s set language, the malware gives itself full administrative permissions and starts propagating itself as the default SMS app for the phone. Once it gains full access, it starts gathering as much information as it can, from messages to contacts to browsed websites, and then contacts its C&C server to pass along the data.

Next Major Broadcaster Breach: HBO

In the past week, officials at HBO have announced that a breach occurred, exposing not only proprietary information, but also several unaired TV episodes and even an upcoming Game of Thrones script. While the company is unsure how it happened, the breach has brought the security of the entire industry into the spotlight.

Third Party Breach Hits Anthem Healthcare, Again

The nation’s largest healthcare provider, Anthem, has spent the last couple weeks notifying nearly 18,000 customers who may have been a part of a recent data breach. The breach comes from a third party insurance company employee who emailed a sensitive document containing Anthem customer’s medical information to their personal email address. While not directly Anthem’s fault, this news comes not long after the company settled on their last data breach, which affected nearly 80 million customers.

German Development Team Hacked

Recently, the Chrome Web Store belonging to German web development team a9t9 was hacked. Along with the initial breach, the team later found that one of their key web extensions had been injected with malicious software, and had been subsequently moved from their account to the attackers’. Unfortunately for anyone using the current extension, a9t9 are unable to deactivate or remove it, as they no longer have control.

DEF CON 25 has come and gone, but the cybersecurity world is still reeling from some of the research and advanced threats demonstrated at this annual convention of the world’s foremost hackers. Security professionals are more aware than ever of the increasing number of threats targeting everyday devices—from smart appliances to voting machines. Keep reading for insight into DEF CON from Webroot security experts.

Wreck the vote

Voting machines were hacked in about 90 minutes at DEF CON. Advanced Voting Solutions (AVS) WINVote was one of the 30 voting machines available to be hacked. The password was… wait for it… “abcde”. These are the same machines that were used for the 2004, 2008, and 2012 U.S. presidential elections. AVS went out of business years ago and stopped supporting the machines in 2007, yet Virginia was still using them in 2015! The implications are huge; not only does this confirm that voting machines are definitely hackable and voting tampering is entirely plausible, but also that government oversight for the security of these machines is grossly negligent.

DEF CON also displayed its notorious “Wall of Sheep,” where experts analyzed unencrypted network packets to show usernames and password, perfectly readable in plain text. We saw some IoT devices using unsecure protocols like FTP, POP3, IMAP, and HTTP, which were practically handing out the credentials people used to log into them. In particular, I saw more than a few smart doorbell devices on the Wall of Sheep while I was in the room. Makes you rethink your sense of home security.

– Tyler Moffitt, Sr. Threat Research Analyst

A CISO’s perspective

Hacking #ICS and #IoT @defcon tell me it’s not that easy? #Webroot #CISOapproved pic.twitter.com/OGQ4S9DNxu

— Gary Hayslip (@ghayslip) July 28, 2017

This year, I was amazed at the size of the crowds. DEF CON is truly becoming a must for security professionals to educate themselves on new threats and get hands-on experience in areas such as physical security, hacking and defending SCADA/ICS systems, and penetration testing on wearable devices.

One event I found especially interesting was by the company NXT Robotics, which offered up one of its security robots for hackers to attack. The bot withstood over 96 hours of continuous testing. When I questioned the founder of NXT, he said the robot was designed with a secured version of Linux from its initial design phase—their whole product life-cycle is focused on “security by design.” That impressed me. Given the growing number of IoT devices on the market today, the security of the device, its data, or how it integrates into larger infrastructures is not always accounted in the prerequisites for design. You can see that clearly in the large number of IoT devices that were on display at DEF CON, including cars, which were being stress-tested by many of the conference attendees.

One last point: many of the discussions centered on new attacks or new vulnerabilities enabled by our increasingly intertwined infrastructure. I hope to see more presentations on unique ways to defend and manage risk for organizations that have disparate networks and technologies. As DEF CON proves, hacking isn’t just for attacking; it can be about being creative in defending as well.

– Gary Hayslip, Chief Information Security Officer

Fresh threat research

Every year, without fail, security researcher Chris Domas of Battelle Memorial Institute has something really cool to share. At DEF CON this year, he presented Sandsifter, a project focused on fuzzing the x86 processor to reveal hidden processor bugs and undocumented instructions. Thanks to Sandsifter, a number of secret processor instructions have been uncovered in x86 chips from every major vendor, revealing both benign and security-critical hardware bugs.

Researcher Dimitry Snezhkov, a senior security consultant for X-Force Red at IBM, presented a tool that can offer command and control to penetrated environments via webhooks. In this way, hackers can use approved sites for communication, perform data transfers, and more without detection. (The idea is that HTTP accesses to GitHub are not likely to be filtered and will probably fly under the radar of network administrators.)

– Eric Klonowski, Sr. Advanced Threat Research Analyst

Last week, Black Hat USA 2017 brought an impressive 15,000+ cybersecurity professionals to Las Vegas to talk shop about the biggest issues facing businesses today. Here’s a recap from the perspective of the Webroot security experts who attended.

A hacker’s economy

Black Hat 2017 continued a recent trend of more corporate and business involvement than ever before. We are witnessing history-in-the-making as the threat landscape continues to evolve… and not for the better. Nation state-grade security tools, techniques, and vulnerabilities are increasingly more available to cybercriminals. The price of entry has dropped. It’s as if we’ve lost plans for the atom bomb, while plutonium is just a dollar a pound.

Fortunately, Black Hat continues to be an engaging forum for cross-pollination of security ideas, as well as some scary tactical discussions, but most of all it provides education for individuals and businesses who want to find out how to defend themselves and their employees. My advice to CTOs everywhere is to become conversant in security trends and best practices, whether it’s writing secure code, deploying secure apps, or making sure colleagues are aware of the risks they face every day.

– Hal Lonas, Chief Technology Officer

A CISO’s view

One thing I found interesting this year is that everyone seems to have acknowledged they need machine learning, artificial intelligence (AI), and analytics for their security platforms. Many of the security vendors were talking about using machine learning and AI to differentiate themselves, but I still thought something was missing: nobody was really talking about integration and automation. More vendors are now offering APIs to plug their products into an organization’s SIEM of choice, but from a CISO’s point of view, I want solutions that I can automate to perform specific functions and orchestrate into my security suite.

Unfortunately, I didn’t see much designed to fill that need. With small security teams and tight budget resources, I find CISOs want to implement solutions that can be integrated into their current security platform and exchange/provide data to create a more comprehensive view of the organization’s threat profile in real time. Black Hat has always showcased some amazing technologies, and this year was no different. But from a practical point of view, I was hard-pressed to understand how I would integrate these innovations without having to make major changes to my current security investments.

– Gary Hayslip, Chief Information Security Officer

Understanding machine learning

Industry confusion continues around machine learning and artificial intelligence with the terms being used synonymously. There is still ground to cover to eliminate misnomers when identifying these types of technologies.

That aside, savvy consumers are beginning to understand that machine learning has some limitations. It takes years of experience to properly implement and even more time to build and refine the models to achieve a high level of accuracy. It also isn’t a silver bullet to solve all security problems. Many companies in our space are new to machine learning and haven’t yet had the time to understand its nuances. With over 10 years of experience in machine learning, Webroot is in a unique position, both to provide machine learning technology, but also to educate organizations about how to make the best security decisions for their business.

– David Dufour, Senior Director Engineering

Cryptocurrency fueling ransomware

Ransomware will continue to be a pervasive threat, there is absolutely no questioning this. As long as blockchain payment systems remain (relatively) anonymous, attackers have a direct way to force victims to launder the ransom themselves. Ransomware operators can also shift payments between blockchains, creating another layer of obfuscation. At Black Hat, researchers presented a small glimmer of hope. While methods are far from perfect, they’re developing tactics for tracking payments as they move through the blockchain.

With regard to the malware development, authors are aware of the growing prevalence of machine learning throughout the cybersecurity industry. As such, we can expect to see ransomware developed with a specific emphasis on defeating these models.

– Eric Klonowski, Sr. Advanced Threat Research Analyst

Integrating FlowScape™ Analytics for comprehensive threat coverage

I spent a lot of time on the show floor with our new FlowScape solution, which is great to discuss and to demo, not only for the unique network anomaly and threat detection that it covers, but also for its integration with so much of our other technology. For example, it uses our BrightCloud® IP Reputation threat intelligence to detect communications with known bad IPs. It also enables alerts and monitoring of infected and unprotected hosts through our SecureAnywhere® Business Endpoint Protection management systems via our Unity API.

With FlowScape Analytics, users can clearly visualise the impact of an infection or other cyberattack throughout their network. Getting to demonstrate this solution to other professionals in the cybersecurity space, it was clear we weren’t the only ones excited about the implications of this kind of technology for business security worldwide.

– Matt Aldridge, Solutions Architect

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies (with between 100 and 499 employees) in the U.S., U.K., and Australia. The survey focused on how these small businesses perceived new threats facing their organizations. Were they prepared to manage fallout and recovery process after a cyberattack? Did they understand the costs to their organization if they were victimized by a cyberattack? Some of the answers were surprising.

Key survey statistics:

• 96% of those surveyed believe they are susceptible to cyber threats.
• 80% use third-party IT security resources (mixed-use IT and security teams).
• 94% are updating their security budgets to account for mitigating new threats.
• 29% think they are ready to handle a cybersecurity-related incident.
• 89% are confident they have the staff or resources necessary to manage a cyber incident if and when it happens.
• 65% believe their brand reputation will be the most difficult thing to restore after an incident.
• Those surveyed believe the average total cost to their organization for a breach of customer data records would be:
  • $580,000 U.S.
  • £738,000 U.K.
  • AUD 1,893,000

Why these numbers worry me

As a security professional with more than twenty years’ experience in the industry, I’m concerned about several issues these numbers bring to light. Let’s dive a little deeper into the statistics, and what they mean for small- and medium-sized businesses.

Almost all small businesses surveyed (96%) believe they’re susceptible to cyber threats, and 94% are adjusting their security budgets to mitigate these risks. In addition, more than 80% are using a third-party cybersecurity resource. Traditionally, small businesses expand their IT departments gradually and don’t have dedicated security staff. Many of these growing companies assign security duties to a senior IT technician or contract it out to a managed service provider (MSP). Often, cybersecurity is viewed as a drain on resources that doesn’t generate revenue. But whether you’re a home-based business with one employee or a large office with 450 endpoints, if your business connects to the internet, you’re a target. Simple as that.

Given that 80% of the small businesses we surveyed outsource their cybersecurity to trusted MSPs, I would expect that all 80% feel confident they have the resources necessary to manage a cybersecurity incident. That’s why the next number shocks me. Only 29% of those companies feel they’re ready to handle an incident. Why is that?

I believe it’s because they don’t feel their own staff is adequately trained to respond. As a small business, it makes sense to contract security and incident response services to an MSP rather than try to maintain in-house resources. However, as a business, you are still responsible for how you and your partners respond when you have a breach. You can’t contract away your accountability to your customers for due diligence. To me, these numbers indicate that many companies are paying for security resources, but still need to train their teams to improve confidence that they could triage a cybersecurity incident successfully.

The second survey point that concerns me is the estimated total costs respondents believe they will pay to resolve a data breach. In June of 2016, the Ponemon Institute published their global analysis on the cost of a data breach (Ponemon, 2016). This document estimated that the average cost of a breach was $158 per compromised record. This cost is based on numerous factors that impact the business as they try to recover from a successful breach, including:

• Notifying all customers that their data was compromised
• Hiring a Public Relations team to assist with the emergency
• Hiring forensics services to understand how the incident happened, what was compromised, and what needs to be restored
• Restoring data and cleaning up the enterprise networks that have been breached
• Recruiting legal services to deal with any lawsuits or government investigation
• Lost revenue due to reputation damage or loss of compliance certifications

Take a moment to imagine the cost if 10,000 records were compromised in a single breach. As you can imagine, the impact on any business could be devastating, particularly for smaller organizations with more limited budgets. But what can a business do to reduce their risk of exposure and prepare themselves for a cybersecurity-related incident?

Join us for part 2 in this blog series to learn three quick processes I recommend to help small businesses beat modern threats.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Mac Backdoor Just Discovered, Active For Years

Researchers have only recently discovered a previously undetectable backdoor for Mac® computers that has been active for several years. The infection itself remains silent while working to gain control of everything on the system, from webcams to the keyboard and mouse, Fruitfly has been found throughout. Unfortunately, researchers are still unclear on the actual intentions of the malware, as it continues to be updated for use on the latest MacOS versions, though in a lower capacity.

Banking Trojans Ramp up Sophistication

Recently, a new banking Trojan variant has been found with enhanced capabilities for determining whether it is being run by a regular user, or within a virtualized testing sandbox. By monitoring the mouse movements, this variant can detect if a person is actually interacting with the machine, or simply analyzing malicious samples. Another unusual feature of this latest variant: it focused more on Mozilla Thunderbird user data than on actual banking credentials, leaving researchers scratching their heads about what its next steps may be.

Third Party Android Chock Full of Malware

Over the past few months, a Turkish Android™ app store has come under fire for distributing malware with every app download. The app store, CepKutusu.com, has been redirecting users to a malicious download page that offers Adobe Flash Player, which has been unused by Android since 2012. Fortunately, the issue has been resolved by the app store itself, after receiving hundreds of reports for the misleading app downloads.

Italian Bank Faces Largest Financial Data Breach

Officials have been working tirelessly throughout the last month to resolve a data breach that affected nearly 400,000 Italian banking customers. These accounts were accessed illicitly via a third-party provider, and contain the affected customers’ full account details. This breach is a follow-up to the one that occurred last fall, spurring even further security efforts to prevent similar breaches in future. The bank is also undertaking changes among partners who haven’t adopted higher security standards.

Scottish IDs for Sale on Dark Web

Over 100,000 unique credentials have been posted for sale on the Dark Web, mainly those of Scottish citizens residing in Edinburgh. While the source of these credentials is still unknown, officials are warning anyone who feels they may be at risk of identity theft to contact local authorities. Included in the stolen data are email addresses, passwords, and credit card information. To make matters worse, the seller is offering a money-back guarantee that at least 80% of the data is accurate and usable, adding further enticement to anyone in the market to buy.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Malware Lurking in Game of Thrones Torrents

Viewers hoping to catch an illegal copy of the season 7 premier of Game of Thrones, released last Sunday evening, stumbled across something much more dangerous than White Walkers. The most pirated TV show in the last 5 years, Game of Thrones torrents often come with an extra side of malware, and have even released a Cerber ransomware variant onto unsuspecting viewers. While some lucky pirates have escaped with clean torrents, others haven’t been so fortunate. Use caution in all your internet activities, whatever they may be.

Twitter Porn Bot Shutdown

In the last few weeks, researchers have been attempting to bring down a Twitter botnet that took over 86,000 bot accounts to send out a relentless stream of porn ads to Twitter users across the globe. The botnet itself began by creating systematically generated Twitter accounts to send out a malicious URL payload to victims, which would then redirect them to a variety of porn sites controlled by the same network.

Adoption Data Leaked in Newcastle

Recently, officials of the Newcastle City Council have been attempting to resolve a data breach in which a spreadsheet of over 2,700 adopted children’s information was exposed through an online invitation for adoptive parents. The email was only sent to 77 individuals, who’ve all received contact regarding the leak. The council is still working to contact people whose data may have been affected. While this was yet another case of human error, the council are implementing new security measures in the hopes of decreasing the chances of another such breach in the future.

GhostCtrl Android Malware Taking Over Devices

A new variant of the OmniRAT malware, GhostCtrl, has been showing up on Android devices and it has a variety of capabilities. Able to spy, collect and steal data, and launch a ransomware attack, GhostCtrl also acts as a backdoor that enables hackers to gain further device control. Unfortunately for many users, researchers have already discovered three separate version of the malware, which is easy enough to avoid by keeping devices up to date and avoiding questionable apps.

Smart Toys Still Leave Security Concerns

Technology marches ever forward, bringing even the most innocent-seeming items with it: the toys we give our children. Unfortunately, many of these toys lack even simplest security measures, even as they gather a broad range of data from the users. Some forms of data collected by the toys are transferred back to the manufacturer and stored on servers for benign purposes, but these transfers often lack basic data encryption. Several government agencies have issued warnings for parents to do their homework extensively before purchasing a smart toy.

The world’s leading information security events, Black Hat USA and DEF CON, are happening next week in Las Vegas. In its 20^th year, Black Hat will bring over 15,000 IT and security pros together to discuss the latest information security research, development and trends. Among these attendees, you will find academics, researchers, as well as leaders in the public and private sectors addressing the security community needs.

While Black Hat’s corporate appeal means it is generally safer than DEF CON, it’s always smart to practice good habits while in the company of hackers, many of whom are looking to demonstrate their skills. Here are my top tips for the average attendee to consider in order to stay safe and secure at this year’s Black Hat and DEF CON events:

Don’t take the bait

Over the past two years, businesses have cited phishing attacks as the most common threat they faced. Beware of falling victim to tried-and-true tactics such as phishing. Watch out for standard phishing attempts, especially those that may resemble Outlook Web Access (OWA) or other login pages you typically use for work.

Goodbye, Wi-Fi

You’re going to a hacker conference … think twice before using public Wi-Fi. While the official network at the Mandalay Bay is presumed secure, public networks in the venue or surrounding area are a definite no-go. Potentially millions of Android and iOS devices are particularly vulnerable this year due to a recently revealed bug called Broadpwn in the ubiquitous Broadcom Wi-Fi chipsets. Google has released a patch as part of its July 2017 Android Security Bulletin, so verify that your Android device is indeed running the most-recent Android security patch level dated July 5, 2017.

The same goes for other data connections on your mobile devices such as Bluetooth and NFC. Consider putting your device in airplane mode or powering down while attending sessions at either event. Stick to your cell provider’s 4G network if you must be online while you’re on the show floors. It’s also a good idea to keep these connections off on the flight to Las Vegas, also.

Protect your plastic

RFID scanners were once a common threat at Black Hat, able to pull data off credit cards at range, even those left inside a wallet. Thankfully, most credit cards are now equipped with a chip that must be inserted for the card to function, eliminating the vulnerability posed by RFIDs. Double check your credit cards to insure they are indeed using an EMV chip, and if they aren’t, call your bank for a replacement (and definitely don’t bring them to Black Hat).

Remember, some items such as passports and employee badges are still using RFID chips. These should be left secured in your hotel room or kept in special RFID-proof sleeves. Also, don’t forget to thoroughly inspect ATMs in and around the event venue. Card skimmers will likely abound on the Vegas Strip throughout Black Hat and DEF CON.

Ahoy, Bus Pirates

When piloting the show floors, you may see people showing off hacking devices known as ‘bus pirates.’ These flexible multi-tools allow hackers to interface with a large range of electronic devices using common protocols such as I²C, SPI, and MIDI. For obvious reasons, don’t allow one of these tools to be demonstrated on your device(s). The same goes for the seemingly innocuous hardware, too. You may be compelled to use the charging stations or those free USB drives being given out as takeaway gifts, but just say no. Malware can be downloaded through these connections.

All Devices Left Behind

A safe rule of thumb: avoid bringing any unnecessary devices to Black Hat. This goes for smart watches, fitness trackers, and, yes, even your car. Hackers at nearby DEF CON are known to sell signal repeaters that can replicate the frequency from wireless key fobs to unlock and even start up vehicles.

Join us in winning the fight against advanced cyber attacks and modern malware. To learn more about Webroot and beyond, visit www.webroot.com/blackhat and follow us on Twitter. We look forward to seeing you at Black Hat 2017.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Verizon Call Logs Found Exposed Online

Over the past month, researchers have been learning more about the recent discovery of unsecured customer service call records for over 14 million individuals on an Amazon server. The server in question is controlled by Nice Systems, an enterprise software company based in Israel, and contained call logs from January through June of this year. In the unencrypted records were customers’ names and their Verizon account login credentials. Even after Verizon became aware of the server’s vulnerability, it took over a week to get it properly secured by Nice Systems.

Bupa Healthcare Services Breached

In the last week, international healthcare provider Bupa was the victim of a data breach that included basic customer information, such as names, birthdates, and nationalities. The breach originated with an employee incorrectly transferring data between systems of Bupa Global, which handles international health insurance for frequent travelers—around 108,000 customers in total. The affected branch of Bupa has contacted all affected customers, and has stated that no other branches worldwide have been compromised.

Botnets Distributing New Point-of-Sale Malware

With the recent influx of botnet-related cyberattacks in the last year, it’s hardly surprising that Point-of-Sale malware is now spreading through the same channels. A variant that currently only affects Brazilian companies, LockPOS, has proven difficult to track. It makes minimal noise on the systems it infects, and spreads quickly using the FlokiBot botnet. Researchers have found samples as recent as June 24^th that use the standard two-stage approach for downloading the LockPOS payload to the victim’s system.

Cryptocurrency Miner Nearly Tops Mac Malware List

In the past month, an old bitcoin miner that originally appeared in 2011 has been making a staggering reoccurrence across Mac® computers, and is involved in over 20% of all Mac malware detections in June. By spreading through malicious Mac torrent sites, it is likely being used to mine multiple different cryptocurrencies, while also stealing any cryptocurrency wallets it finds on the infected machines.

Ex-Employees Can be Major Data Security Concern

A recent study of IT-directors across the UK revealed nearly half of all ex-employees still have access to corporate networks and drives. Even worse, of the 600 companies surveyed, nearly 25% had experienced a data breach caused by a recently released employee. While the majority of survey participants have procedures in place for de-provisioning former employees, their processes are not automated, and must be completed manually. This leaves potentially lengthy (and dangerous) gaps between an employee’s departure and subsequent offboarding.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

British Lawmakers’ Logins Targeted

Over the last week, multiple parliament members and other lawmakers in the UK have been the focus of cold-callers attempting to gain login credentials, following a successful brute force attack that compromised the credentials of several other officials. Passwords for the remainder of the parliamentary staff have received a force reset to avoid any further exploitation of their systems.

Banks Still Struggle with Security

The Online Trust Alliance recently conducted an anonymous study of 1,000 websites across many different sectors, to test for security, privacy, and consumer protection. Of the 100 largest US banks in the study, only 27% passed all 3 categories, while 65% failed in at least one category. Although the American Banking Association still believes that banks are the current standard for security, the long list of breaches throughout the last year alone leave many consumers questioning just how secure their banks really are.

Sabre Breach Exposes Google Employee Data

In the past few days, Google has been sending out notifications to employees after Sabre Hospitality Services experienced a breach in their reservation system. While the breach appears to have occurred between August 2016 and March 2017, most employees’ data should still be secure, since Sabre automatically deletes reservation details after 60 days. In addition to Google employees, this breach may affect anyone who has used Sabre booking services during the suspected breach period. Those who believe they may have been affected should check their billing statements regularly for discrepancies.

Feedback Scammers Pick 5,000 Companies to Extort Millions

Scammers are now using the .feedback top-level domain (TLD) to extort money from companies. The TLD exists so companies can invite their customers to provide comments on their services. Sounds pretty swell, but only if the company is the first to register the .feedback domain for their brand. A new group of scammers has created domains for 5,000 top companies, with the demand that companies either pay monthly to receive the feedback their customers submit, or pay a lump sum to have the site taken down entirely.

Mozilla Site Security Review Has Shocking Results

Mozilla just completed a study of the top 1 million websites to determine their overall ability to protect visitors from various types of cyberattacks. Unfortunately, nearly 94% of study participants received an “F” across the 13-point test. While an increasing number of sites continue to improve their security year-over-year, the majority still have a long way to go.