FireCrypt Ransomware Builder Found in Wild

Researchers have discovered a new ransomware variant that uses “.firecrypt” as its amended extension once encryption has taken place. FireCrypt is compiled using a command line builder software that allows varying inputs and outputs to be determined by the author for a unique hash, as this allows for better disguise by enabling the author to change the icon and executable name. Along with the usual encryption, FireCrypt also connects to the Pakistan Telecom Authority website and begins downloading all of the available content, thus filling the victims hard drive with thousands of junk files.

Los Angeles College Hit with Cyberattack

While many students are preparing to return to classes after their winter break, employees at Los Angeles Valley College are working to determine the severity of a cyberattack. It is still unclear how the systems were breached or to what extent any sensitive information has been access, though officials are working with law enforcement.

Philippine Army Website Vandalized By Hackers

In the past week, the official Philippine Army website was compromised by a hacker going by the alias, Shin0bi H4x0r. The site itself displayed several messages to any visitors, boasting about the weak security and taunting the site admins. Though the site has since been taken offline, it is still undecided how the site was breached.

Experts Doubtful of Russia’s Part in Recent Hacking

With so many recent stories surrounding Russia’s involvement with the recent utility grid breach in Vermont and the implied connection to the hacks that took place during the election, many security researchers are unsure how involved Russia actually is. Flaws found in the US utility services are not a secret, and officials have been working to resolve them for quite some time. While public outcry over Russia hacking the election has been very pro-America, it stands as a bit hypocritical, as the US is assuredly involved in similar tactics all across the globe.

Malicious Super Mario Run Apps Found on Android

While Super Mario Run was released for iOS in the early part of December, it has yet to hit the official Android app store for sale. Due to the release gap, many cybercriminals have been cashing in by creating at least 9,000 known malicious versions of the app and distributing them through third-party app stores. Users are warned to avoid downloading any Super Mario Run-related apps until the official version has been released by Nintendo on the Google Play Store.

Ransomware “Star” Shines on LG Smart TV

As ransomware continues to steal the malware stage, its authors have widened their target audience to include smart devices, such as TVs. Since a number of smart TVs use Android® operating systems, they can be susceptible to the same Android malware that usually strikes mobile devices. Recently, owners of an older LG TV model were presented with a ransomware lock screen after installing a third-party streaming app for movies. The good news for current customers, however, is that many TV manufacturers have taken steps to help prevent these types of attacks by adopting a Linux-based OS.

Facebook Vulnerability May Reveal Private Email Addresses

Bug bounty programs are rewards that many websites offer to encourage “white hat” individuals to report bugs, exploits, and vulnerabilities in their code. They’ve been around for years, and can offer big money to people who can successfully verify a vulnerability in a website or application. One such payout occurred recently when a researcher found a Facebook bug that let him access the private email addresses of any user through the Facebook Group notification function. After sending group invitations, he noticed the page URL showed the recipient’s email address in plain text. Fortunately, thanks to this intrepid bounty hunter, the vulnerability has been addressed.

Ransomworm: The Newest Contender in the Ransomware Ring

A good cybercriminal—that is, one who is good at their trade—is always on the lookout for the latest ways to exploit internet usage habits and vulnerabilities. According to researchers on the subject, the next evolution of highly lucrative ransomware campaigns will likely incorporate network worm capabilities. By adding the functionality of a network worm, ransomware could more easily spread across entire networks, causing exponentially more devastation to its victims. While early variants of a Ransomworm have already been seen in the form of USB propagating infector ZCryptor, it won’t be long before we see wider spread variants in the wild.

Airline Booking Systems Rival TSA for Worst Security Nightmare

“Booking travel.” That’s all I had to say before you groaned, right? Planning a trip already has the potential to be extremely stressful. A lot of the frustration is (at least partially) due to ancient systems that have been in place across the world for decades; and, although they facilitate various necessities for air travel, they don’t always do so quickly or efficiently. More importantly, because many of these systems are over 30 years old, they aren’t up to today’s security standards, and they can be insanely difficult to retrofit—leaving customers’ information vulnerable.

Music Pirate May Walk the Plank

You might think music piracy is sooo early 2000s, but P2P programs that allow users to “share” their music libraries are still alive and well, and authorities confirm that piracy is still thriving. Recently, a UK man was arrested for distributing singles from the country’s Top 40 list across multiple torrent sites and causing untold commercial loss to record companies and artists.

As 2016 comes to a close, it’s time to reflect back on the largest/most significant security news stories that left an impact on the world.

Mirai Botnet

Being hailed as the largest attack of its kind in history, the DDoS attack launched by the Mirai botnet encompassed over 100,000 unique endpoints and hit a peak of 1.2 Tbps, all through the unauthorized use of IoT devices. During the attack, many highly-trafficked sites were brought to a halt along with several critical Internet infrastructure points based on the Dyn server architecture which supports the majority of the Internet’s DNS pathways.

Panama Papers Leak

Early in 2016, it was announced that a confirmed data breach had taken place within Mossack Fonseca, one of the largest offshore law firms in the world. In the breach are over 11 million files with financial documents for thousands of prominent individuals, from actors to politicians to entire corporations.

Adult Dating Sites’ Users Exposed

While several adult dating sites were targeted by hackers in 2016, the farthest reaching was the FriendFinder Network breach that affected over 400 million active customer accounts. Even worse for the victims, the majority of user passwords were stored in plaintext, or without any encryption in place.

Hospital Succumbs to Ransom Demand

With more and more healthcare facilities coming under attack from ransomware, it’s no surprise to see at least one fail to have the proper backups and are forced to pay the ransom to regain their systems. Early in the year, Hollywood Presbyterian medical center was forced to pay a $17,000 ransom to ensure they could continue normal operations, which set an example for attacks in the coming months, for potential targets to properly defend against such attacks.

FBI vs. Apple Encryption Debate

As data privacy concerns continue to grow, the dispute between the FBI and Apple regarding a phone used by a suspect in the San Bernadino shootings being unlocked possible evidence in the case. The issue ended up going to court with Apple defending its customers rights by declining to assist with bypassing the encryption, as the workaround could be used limitlessly once created. The case was eventually dropped as the FBI was able to gain access to the device without Apples’ assistance.

Credit card fraud and email scams aren’t the only thing you have to worry about this holiday season. Criminals in the UK are stepping up their game by using radio frequencies to steal cars.

Ransomware Uses Credit Card Emails with Infected Attachments

A new ransomware variant of Cerber is using fake credit card reports to entice users into opening infected email attachments. By tricking users with fake fraudulent charges for items they never purchased, the malware authors hope the victim will open the malicious document to review and cancel the charge. Fortunately, the emails are poorly-worded and contain several spelling mistakes to make them easier to spot.

Another Yahoo Hack…

Many of you have heard of the fairly large hack that affected Yahoo users in the last few years, and have (hopefully) taken steps to protect yourselves from fraudulent activity. But Yahoo recently came forward to reveal a much larger hack that could affect over 1 billion users and their account information. Although Yahoo was able to identify the infiltration point, the information—both encrypted and unencrypted—had been compromised for at least a year before they discovered the breach.

Enterprising Car Thieves Use Radio Waves to Keep Doors From Locking

Criminals are jamming the radio signals that lock and unlock vehicles, leaving unattended cars open and ready to steal. While the majority of recent thefts have taken place in the UK, this could easily become a global concern. As vehicle technology continues to advance, it’s no surprise that car thieves are keeping up with the times.

Health Service Providers Stuck on Old OS

A recent study on UK National Health Service trusts found that over 90% of healthcare providers were running their networks on Windows XP. Microsoft themselves stopped supporting this outdated operating system over a year ago and, as such, it’s full of vulnerabilities. Unfortunately, many providers around the world use outdated software with known security issues, which can put sensitive patient information at risk.

Evernote Changes Tune After Privacy Concerns

In the past few days, Evernote, the popular note-taking app, announced they would begin allowing select employees to view snippets of user data to better enhance their machine learning algorithms. The program was launched as an opt-out, but the issue of privacy erupted almost immediately. After just one day’s worth of outcry, the company changed the policy to opt-in and sent an apology to their 200 million users.

Personal computers and devices aren’t the only targets for ransomware authors. Their methods have evolved to target government offices and profitable organizations, forcing them to rethink their cybersecurity mitigation plans.

Blackheart Records Data Left Exposed Online

Recently, it has been discovered that a large, unsecured database containing sensitive information on several prominent recording artists from Blackheart Records was left publicly available for an undetermined amount of time. The data that was found included passport scans, banking information, and other sensitive login information for Joan Jett and several of her bandmates. While the database has since been taken offline, the researchers state that there are still hundreds of servers and private machines that use Rsync as a backup, which leaves the server vulnerable.

GoldenEye Ransomware, New Petya Variant

In the past week, a new variant of the Petya ransomware has been discovered in the wild. Going by the name ‘GoldenEye‘, the variant runs the file encryption prior to gaining administrative privileges to modify the MBR (Master Boot Record), unlike Petya which would attempt the MBR modification first. While encrypting the hard drive, ‘GoldenEye’ displays a fake ChkDsk screen to placate the user until the process is complete. Currently, it’s main targets appear to be German-speaking users and is primarily spread through spam email campaigns.

Stegano Embeds Malicious Code in Banner Ads

In the past few months, researchers have been seeing a steady rise in the malicious ad campaign dubbed ‘Stegano’, which places malicious code into the parameters controlling transparency for pop-up banner ads. This recent campaign could potentially lead to millions of end-users becoming infected, as the altered ads have been found on many high-traffic news sites that typically have higher levels of security. Once the code ensures the system is running Internet Explorer, it begins redirecting the victim to sites hosting Adobe Flash exploits and attempts to infect and gather sensitive data. Fortunately for many users, several of the Flash exploits have already been resolved, which will lead to fewer infections.

Pennsylvania Prosecutor’s Office Pays Ransom

While the Avalanche Network was being dismantled by cooperating government agencies last week, the prosecutor’s office in Pennsylvania was recovering from a cyber attack which demanded a $1,400 bitcoin ransom payment. The attack was linked to a 2015 employee breach, but the after effects are still being seen after they decided to pay the ransom. In the six-year span that the Avalanche group operated, they are credited with infecting over half a million computers across nearly 200 countries.

Indiana County Out $200,000 After Ransomware Attack

Recently, it was announced that Madison County, Indiana spent a total of $200,000 in the wake of a ransomware attack on several county offices. With a ransom of $21,000 being paid out to the attackers, the additional expenditures were to recover their infected systems and provide better long-term security, including a backup solution for their data. Even with a high ransom, it’s not surprising to see the costs continue to rise as the victims scramble to rebuild and begin the hard task of creating and implementing a cybersecurity mitigation plan.