by Dan Fox | Nov 8, 2018 | Business + Partners, SMBs
Threat researchers and other cybersecurity industry analysts spend much of their time trying to anticipate the next major malware strain or exploit with the potential to cause millions of dollars in damage, disrupt global commerce, or put individuals at physical risk by targeting critical infrastructure.
However, a new Webroot survey of principals at 500 small to medium-sized businesses (SMBs), suggests that phishing attacks and other forms of social engineering actually represent the most real and immediate threat to the health of their business.
Twenty-four percent of SMBs consider phishing scams as their most significant threat, the highest for any single method of attack, and ahead of ransomware at 19 percent.
Statistics released by the FBI this past summer in its 2017 Internet Crime Report reinforce the scope of the problem. Costing nearly $30 million in total losses last year, phishing and other social engineering attacks were the third leading crime by volume of complaints, behind only personal data breaches and non-payment/non-delivery of services. Verizon Wireless’s 2018 Data Breach Investigations Report, a thorough and well-researched annual study we cite often, blames 93 percent of successful breaches on phishing and pretexting, another social engineering tactic.
Cybersecurity Awareness Training as the Way Forward
So how are businesses responding? In short, not well.
24 percent of principals see phishing scams as the number one threat facing their business. Only 35 percent are doing something about it with cybersecurity awareness training.
One of the more insidious aspects of phishing as a method of attack is that even some otherwise strong email security gateways, network firewalls and endpoint security solutions are often unable to stop it. The tallest walls in the world won’t protect you when your users give away the keys to the castle. And that’s exactly what happens in a successful phishing scam.
Despite this, our survey found that 65 percent of SMBs reported having no employee training on cybersecurity best practices. So far in 2018, World Cup phishing scams, compromised MailChimp accounts, and opportunist GDPR hoaxers have all experienced some success, among many others.
So, can training change user behavior to stop handing over the keys to the castle? Yes! Cybersecurity awareness training, when it includes features like realistic phishing simulations and engaging, topical content, can elevate the security IQ of users, reducing user error and improving the organization’s security posture along the way.
The research and advisory firm Gartner maintains that applied examples of cybersecurity awareness training easily justify its costs. According to their data, untrained users click on 90 percent of the links within emails received from outside email addresses, causing 10,000 malware infections within a single year. By their calculations, these infections led to an overall loss of productivity of 15,000 hours per year. Assuming an average wage of $85/hr, lost productive costs reach $1,275,000 which does not necessarily account for other potential costs such as reputational damage, remediation cost, or fines associated with breaches.
One premium managed IT firm conducted its first wave of phishing simulation tests and found their failure rate to be approximately 18 percent. But after two to three rounds of training, they saw the rate drop to a much healthier 3 percent.1
And it’s not just phishing attacks users must be trained to identify. Only 20 percent of the SMBs in our survey enforced strong password management. Ransomware also remains a significant threat, and there are technological aspects to regulatory compliance that users are rarely fully trained on. Even the most basic educational courses on these threats would go a long way toward bolstering a user’s security IQ and the organizations cybersecurity posture.
Finding after finding suggests that training on cybersecurity best practices produces results. When implemented as part of a layered cybersecurity strategy, cybersecurity awareness training improves SMB security by reducing the risks of end-user hacking and creating a workforce of cyber-savvy end users with the tools they need to defend themselves from threats.
All that remains to be seen is whether a business will act in time to protect against their next phishing attack and prevent a potentially catastrophic breach.
You can access the findings of our SMB Pulse Survey here.
1 Webroot. “Why Security Awareness Training is an Essential Part of Your Security Strategy” (November, 2018)
by Randy Abrams | Nov 5, 2018 | Industry Intel
You’re probably familiar with some of the most common requirements for creating passwords. A mix of upper and lowercase letters is a simple example. These are known as password constraints. They’re rules for how you must construct a password. If your password must be at least eight characters long, contain lower case, uppercase, numbers and symbol characters, then you have one length, and four character set constraints.
Password constraints eliminate a number of both good and bad passwords. I had never heard anyone ask “how many potential passwords, good and bad, are eliminated?” And so I began searching for the answer. The results were surprising. If you want to know the precise number of possible 8-character passwords there are if all of the character sets must be used, then the equation looks something like this.
A serious limitation of this approach is that it tells you nothing about the effects of each constraint alone or relative to other constraints. (I’m also not sure if there were supposed to be four consecutive ∑s or if the mathematician was stuttering.)
We choose to use a Monte Carlo simulation to analyze the mathematical impact of the various combinations of constraints. A Monte Carlo simulation uses a statistical analysis approach that provides a close approximation of the answer, while also providing the flexibility to quickly and easily measure the impact of each constraint and combination of constraints.
A look at minimum length limits
To start, let’s look at the impact of an eight-character length constraint alone. There are 95^8 possible combinations of 8 characters. 26 uppercase letters + 26 lowercase letters + 10 numerals + 33 symbols = 95 characters. For a length of 8 characters, we have 95˄8 possible passwords.
If a password must be at least 8 characters long, then there are also about 70.6 trillion otherwise viable passwords you are not allowed to use (95+(95^2 ) +(95^3 ) +(95^4 ) +(95^5)+(95^6 )+(95^7)). That’s a good thing. It means you can’t use 95 one character passwords, 9,025 two character passwords, and so on. Almost 70 trillion of those passwords you cannot use are seven characters long. This is a great and wholly intended effect of a password length constraint.
The problem with a lack of constraints is that people will use a very small set of all possible passwords, which invariably includes passwords that are incredibly easy to guess. In the analysis of over one million leaked passwords, it was found that 30.8 percent passwords eight to 11 characters long contained only lowercase letters, and 43.9 percent contained only lowercase letters and numbers. In fact, to perform a primitive brute force attack against an eight-character password containing only lower case letters, it’s only necessary to try about 209 billion character combinations. That does not take a computer very long to crack. And, as we know from analyzing large numbers of passwords, it’s likely to contain one of the most popular ten thousand passwords.
To beef up security, we begin to add character constraints. But, in doing so, we decrease the number of possible passwords; both good and bad.
Just by requiring both uppercase and lowercase letters, more than 15 percent of all possible 8-character combinations have been eliminated as possible passwords. This means that 1QV5#T&|cannot be a password because there are no lowercase letters. Compared to Darnrats,which meets the constraint requirements, 1QV5#T&|is a fantastic password. But you cannot use it. Superior passwords that cannot be used are acceptable collateral damage in the battle for better security. “Corndogs” is acceptable, but “fruit&veggies” is not. This clearly is not a battle for lower cholesterol.
As constraints pile up, possibilities shrink
If a password must be exactly eight characters long and contain at least one lower case letter, at least one uppercase letter and at least one symbol, we are getting close to one-in-five combinations of 8 characters that are not allowable as passwords. Still, the effect of constraints on 12 and 16 character passwords is negligible. But that is all about to change… you can count on it.
Are you required to use a password that is at least eight characters long, has lower and uppercase letters, number and symbols? Just requiring a number to be part of a password removes over 40 percent of 8-character combinations from the pool of possible passwords. Even though you can use lowercase and uppercase letters, and you can use symbols, if one of the characters in your password must be a number then there are far fewer great passwords that you can use. If a 16 character long password must have a number, then 13 times more potential passwords have become illegal as a result of that one constraint than the combined constraints of lower and uppercase letters and symbols caused. More than one-in-four combinations of 12 characters can no longer become a passwords either.
You might have noticed that there is little effect on the longer passwords. Frequently there is also very little value in imposing constraints on long passwords. This is because each additional character in a password grows the pool of passwords exponentially. There are 6.5 million times as many combinations of 16 character pass words using only lowercase letters than there are of eight character passwords using all four character sets. That means that “toodlesmypoodles” is going to be a whole lot harder to crack than “I81B@gle”
Long and simple is better than short and hard
People tend to be very predictable. There are more symbols (than there are in any other characters set. Theoretically that means that symbols are going to do the most to make a password strong, but 80 percent of the time it is going to be one of the top five most frequently used symbols, and 95 percent of the time is will be one of the top 10 most frequently used symbols.
Analysis of two million compromised passwords showed that about one in 14 passwords start with the number one, however for those that started with the number one, 75 percent of them ended with a number as well.
The use of birthdays and names, for example, make it much easier to quickly crack many passwords.
Password strength: It’s length, not complexity that matters
As covered above, all four character sets (95 characters) in an eight character password allow for about 6.634 quadrillion different password possibilities. But a 16 character password with only lowercase letters has about 43.8 sextillion possible passwords. That means that there are well over 6.5 million times more possible passwords for 16 consecutive lowercase letters than for any combination of eight characters regardless of how complex the password is.
My great password is “cats and hippos are friends!”, but I can’t use it because of constraints – and because I just told you what it is.
For years password experts have been advocating for the use of simple passphrases over complex passwords because they are stronger and simpler to remember. I’d like to throw a bit of gasoline on to the fire and tell you, those 95^8 combinations of characters are only half that many when you tell me I have to use uppercase, lowercase, numbers, and symbols.
by Connor Madsen | Nov 2, 2018 | Industry Intel
DemonBot Botnet Gaining Traction
DemonBot, while not the most sophisticated botnet discovered to date, has seen a significant rise in usage over the last week. With the ability to take control of Hadoop cloud frameworks, DemonBot has been using the platform to carry out DDoS attacks across the globe. By exploiting Hadoop’s resource management functionality, the infection can quickly spread itself and allows for remote code execution on affected servers.
Cyber Attack Leaves Pakistani Bank Under Scrutiny
Bank Islami, one of the largest banks in Pakistan, announced that an unusual attack had occurred involving local cards used far outside of the country’s borders. While the bank was quick to return the funds removed from customer’s accounts, the remainder of the malicious transactions processed internationally have the bank being on the hook for nearly $6 million in phony withdrawals, mainly in the US and Brazil. Unfortunately, due to a lack of information regarding the malicious transactions, several other top banks in the country were forced to temporarily restrict international purchases to protect their own clients.
UK Industrial Credentials for Sale
Researchers recently discovered the credentials for over 600,000 individuals, all closely tied to construction or building firms, available for sale on the dark web. Presently it appears that the credentials were all compromised during breaches involving third-parties users would have given corporate email into, rather than specific breaches for the industry group. Fortunately, it appears there haven’t been any related breaches thus far, though this type of data could lead to additional sensitive information being stolen.
Ransomware Demands RDP Access to Encrypted System
A new ransomware variant has been making an unusual request from its victims: allowing remote desktop access in order to decrypt their files. Dubbed CommonRansom, due to the appended extension on the encrypted files, the variant also demands a 0.1 Bitcoin payment before making the request for administrator credentials to the victim’s computer. Even though this variant isn’t widespread, it does appear to be using a similar Bitcoin wallet as other infections, as 65 Bitcoins were recently sent from the designated wallet.
USGS Auditors Find Porn-related Malware on Government Network
Following a recent audit of the US Geological Survey, agency inspectors discovered Russian malware circulating the internal network and were able to trace it back to one employee who had visited over 9,000 pornographic websites from his government-issued computer. The employee was also found to be
by Connor Madsen | Oct 26, 2018 | Industry Intel
Data Breach Affects Centers for Medicare & Medicaid Services
The Centers for Medicare & Medicaid Services (CMS) announced last week they had discovered malicious activity within their direct enrollment pathway, which connects patients and healthcare brokers. At least 75,000 individuals were affected. The pathway has since been disabled to prevent further exposure. Until the pathway is fixed, hopefully within a week, CMS is contacting affected patients and offering them credit protection services.
Ransomware Disables City’s Computer Systems
City officials in West Haven, Connecticut finally gave in to ransom demands following a cyberattack against their systems. The attack began early Tuesday morning and disabled 23 individual servers before a decision was made to pay a ransom in hopes for the return of their data. While it is still unclear if the systems were fully restored, the town was lucky to receive a relatively small ransom request ($2,000 given the significant amount of data stolen.
User Data Exposed on Adult Sites
A string of eight adult sites, all owned by the same individual, fell victim to hackers who took advantage of poor security to expose records for up to 1.2 million individuals. While not as large as similar adult-related breaches, it still presents questions as to why proper security measures aren’t put in place on these sites proactively. The owner of the sites has since taken them down and replaced them with messages warning users to update their passwords and take extra security precautions.
McAfee Tech Support Scam on the Rise
A new browser-based tech support scam has been spotted recently that warns users their McAfee subscription has run out and needs to be renewed. Rather than redirect victims through an affiliate link to the real McAfee site, though, this latest scam directly prompts the user to input payment card information and other personal data into a small pop-up window. To top it off, once payment info is entered, an additional pop-up appears that suggests contacting support to help install your new software and eventually falsely claiming payment wasn’t successful and users must re-purchase the software.
Iowa City Shuts Down After Ransomware Attack
The city of Muscatine, Iowa is working to determine how several of their main computer systems, both within city hall and its library, were infiltrated by ransomware that’s knocked them offline. Officials have announced that no information was stolen and the city does not maintain any payment records, so citizens shouldn’t be worried. The city’s emergency services were also unaffected and continue to operate as normal.
by Paul Crespin | Oct 25, 2018 | Home + Mobile
By now, you likely know that a Virtual Private Network (VPN) is essential to remaining safe when working remotely. But, once set up, how can you optimize your VPN to work well with your devices and meet your security needs? Here are our top five tips for maximizing your VPN experience.
Pair it with an Antivirus
One of the biggest misconceptions about VPNs is that they protect your device from malicious programs. While a VPN will encrypt your network traffic, preventing others from viewing intercepted data, most do not warn you when you visit dangerous sites. If your VPN provides advanced web filtering for risky sites, that can be an additional defense against cyber threats such as malware and phishing. Alternatively, while strong antivirus software actively monitors for viruses and malware within files and applications, it does not encrypt your data or prevent it from being monitored. Both are equally important for protecting your devices, and are ideally used together. Combining the two services provides additional security.
Enable a Kill Switch
Setting up a VPN to keep your data safe is an important first step, but what happens if your VPN server goes down or disconnects while you are entering sensitive data and you don’t notice the connection was lost? Without the protection of a VPN kill switch, your devices will often automatically reconnect to the network without alerting you, this time without the protection of your VPN. A kill switch feature blocks sending and receiving data until the VPN connection is re-established.. For maximum protection, select a VPN with a kill switch feature and ensure it has been enabled.
Understand the Impact of Setting Up a VPN on Your Router
Having a VPN on your home router may seem like a helpful boost to your cybersecurity, but it’s actually the opposite. Most routers lack the processing power of a modern CPU, meaning that even older personal devices (phones, tablets, computers) will have a much easier time handling the task of encrypting/decrypting data than your router will. Instead, set up a VPN for each personal device to prevent a bottleneck of data to your router while simultaneously securing it at all access points. Selecting an easy-to-use VPN solution with cross-device functionality will make this task much easier on the end user, while providing maximum security.
Protect All of Your Smart Devices
When it comes to cybersecurity, we tend to imagine a nefarious hacker out to steal and sell your data. But not all data collection is illegal. Your Internet Service Provider (ISP) has a vested interest in tracking your streaming habits, and they may even throttle your network depending on your usage. Our phones, computers, and tablets are each a potential interception point for our private data. Securing each of your smart devices with a VPN, even those that stay in your home, is the best way to prevent your data from potentially being monitored by third parties.
Encrypt Your LTE Connection
While your cellular network is more secure than public WiFi options, it remains vulnerable to an attack. LTE user data can be exploited by what is known as an “aLTEr attack”. This attack redirects domain name system (DNS) requests, performing a DNS spoofing attack that can fool your device into using a malicious DNS server. This spoofed DNS server will deliver you to websites as normal until you request a high-value website the attack is targeting, like your banking or email provider. Oftentimes this fake website will scrape your data before you realize what has happened. You give yourself an extra layer of security by wrapping your LTE connection in a VPN, allowing you to access your most sensitive data confidently.
When it comes to getting the most out of your VPN, this list is just the beginning. Our privacy concerns and security needs will continue to change as our connected devices mature and we recommend keeping an eye on your VPN provider for any potential updates to their services.
Ready to take back control of your privacy? Learn how our Webroot WiFi Security VPN protects what matters most wherever you connect.
by Connor Madsen | Oct 19, 2018 | Industry Intel
2018 Voter Records for Sale
As the United States midterm elections draw closer, concern surrounding voter information is on the rise, and for good reason. Records for nearly 35 million registered voters from 19 different states were found for sale on a hacker forum, with prices ranging from $500 to $12,500, depending on the state. Unfortunately, a crowdfunding campaign has begun on the forums to purchase each database and post them publicly, with 2 states already being published.
County Water Utility Struck by Ransomware
Just a week after Hurricane Florence hit land in North Carolina, a coastline county’s water utilities fell victim to a ransomware attack. Effectively shutting down all services during a time when they are working on emergency operations left the local water authority with limited capabilities until they began the lengthy process of restoring everything from backup files. By choosing to ignore the ransom and restore manually, the utility service has taken on a more time and resource consuming task, as they continue operating without any of their online systems.
PS4 Exploit Causes System Crash
A new exploit has been discovered that allows attackers to send a malicious message to other PlayStations that will effectively render the console unusable. The message itself doesn’t even need to be opened to cause considerable damage, resulting in most users performing a factory reset to return everything to normal. While some users have been successful in deleting the message from the mobile app before it causes any harm, others still had to rebuild the system’s database.
iPhone Passcode Bypass Still Active
Days after Apple released a patch for iOS 12.0 that shutdown a passcode bypass method, the same researcher was able to find yet another way to access the phone illicitly. By using a combination of Siri and the VoiceOver feature, anyone with physical access to the device could obtain pictures, and other data with ease. To make matters worse, the latest bypass also gives attackers the ability to send files to other devices and view them in full resolution, rather than minimized like the previous bypass allowed.
Massive Phishing Campaign Targets Iceland
Over the weekend, thousands of emails were sent out to the relatively small population of Iceland, most of which claimed to be from the local police and threatened judicial action if they did not comply. The email then linked victims to a nearly perfect replica of the official Icelandic Police website and requested their social security number. The attack itself was focused on gaining bank details and further compromising already infected computers for more information.
by Meaghan Moraes | Oct 18, 2018 | Business + Partners, Managed Service Providers
There’s a reason major industry players have been discussing cybersecurity more and more: the stakes are at an all-time high for virtually every business today. Cybersecurity is not a matter businesses can afford to push off or misunderstand—especially small and medium-sized businesses (SMBs), which have emerged as prime targets for cyberattacks. The risk level for this group in particular has increased exponentially, with 57% of SMBs reporting an increase in attack volume over the past 12 months, and the current reality—while serious—is actually quite straightforward for managed service providers (MSPs):
- Your SMB clients will be attacked.
- Basic security will not stop an attack.
- The MSP will be held accountable.
While MSPs may have historically set up clients with “effective” security measures, the threat landscape is changing and the evolution of risk needs to be properly, and immediately, addressed. This means redefining how your clients think about risk and encouraging them to respond to the significant increase in attack volume with security measures that will actually prove effective in today’s threat environment.
Even if the security tools you’ve been leveraging are 99.99% effective, risk has evolved from minimal to material due simply to the fact that there are far more security events per year than ever before.
Again, the state of cybersecurity today is pretty straightforward: with advanced threats like rapidly evolving and hyper-targeted malware, ransomware, and user-enabled breaches, foundational security tools aren’t enough to keep SMB clients secure. Their data is valuable, and there is real risk of a breach if they remain vulnerable.Additional layers of security need to be added to the equation to provide holistic protection. Otherwise, your opportunity to fulfill the role as your clients’ managed security services providerwill be missed, and your SMB clients could be exposed to existential risk.
Steps for Responding to Heightened Risk as an MSP
Step 1: Understand Risk
Start by discussing “acceptable risk.” Your client should understand that there will always be some level of risk in today’s cyber landscape. Working together to define a businesses’ acceptable risk, and to determine what it will take to maintain an acceptable risk level, will solidify your partnership. Keep in mind that security needs to be both proactive and reactive in its capabilities for risk levels to remain in check.
Step 2: Establish Your Security Strategy
Once you’ve identified where the gaps in your client’s protection lie, map them to the type of security services that will keep those risks constantly managed. Providing regular visibility into security gaps, offering cybersecurity training,and leveraging more advanced and comprehensive security tools will ultimately get the client to their desired state of protection—and that should be clearly communicated upfront.
Step 3: Prepare for the Worst
At this point, it’s not a question of ifSMBs will experience a cyberattack, but when. That’s why it’s important to establish ongoing, communicative relationships with all clients. Assure clients that your security services will improve their risk level over time, and that you will maintain acceptable risk levels by consistently identifying, prioritizing, and mitigating gaps in coverage. This essentially justifies additional costs and opens you to upsell opportunities over the course of your relationship.
Step 4: Live up to Your Promises Through People, Processes, and Technology
Keeping your security solutions well-defined and client communication clear will help validate your offering. Through a combination of advanced software and services, you can build a framework that maps to your clients’ specific security needs so you’re providing the technologies that are now essential for securing their business from modern attacks.
Once you understand how to effectively respond to new and shifting risks, you’ll be in the best possible position to keep your clients secure and avoid potentially debilitating breaches.
by Austin Castle | Oct 17, 2018 | Home + Mobile
For the past 20 years, Webroot’s technology has been driven by our dedication to protecting users from malware, viruses, and other online threats. The release of Webroot® WiFi Security—a new virtual private network (VPN) app for phones, computers, and tablets—is the next step in fulfilling our commitment to protect everyone’s right to be secure in a connected world.
“Launching Webroot WiFi Security is a valuable and exciting progression in our mission,” said Webroot Director of Consumer Product Andy Mallinger. “Antivirus solutions protect your devices from malware and other cyber threats, and a VPN protects your data as it’s sent and received over networks—especially public networks. This combination allows us to extend our protection of personal data beyond the device to the network.”
Shifting tides
Webroot WiFi Security arrives at a time when the fragile state of our online privacy is becoming more apparent and better understood by internet users around the world. Recent revelations of government surveillance via the Snowden leaks, social media data collection like that in the Facebook/Cambridge Analytica scandal, and data breaches including the Equifax hack have fueled a palpable rise in data privacy concerns.
Over half of internet users from around the world say they are “more concerned about their online privacy than they were a year ago,” according to a 2018 CIGI-Ipsos Global Survey on Internet Security and Trust.
Another key factor with grave implications for data privacy in the United States specifically was the 2017 repeal of privacy regulations for Internet Service Providers (ISPs), which aimed to ensure broadband customers had choice, greater transparency, and strong security protections for their personal info collected by ISPs.
“ISPs are facing less regulation today, and so can continue to share, sell, and profit by passing on user information to third parties— browser history, location, communications content, financial details, etc.—without the user’s knowledge or consent,” said Webroot Sr. VP of Product Strategy & Technology Alliances Chad Bacher.
Taking control of privacy
Now more than ever, individual users must take steps to regain control over their online privacy and security. Along with keeping trusted antivirus software installed on mobile and home devices, users should actively protect their data in transit over networks with a VPN.
But it’s important to note that all VPN applications are not created equal. Many users looking for a privacy solution find themselves wondering if they can trust that their VPN provider has their interests at heart. Consumer wariness concerning the privacy of VPN products is justified—some VPN apps, especially free ones, are guilty of sharing or selling their user data to third parties, limiting bandwidth, or serving ads. Facebook’s VPN app was recently removed from the Apple App Store® following concerns over the app’s misuse of user data.
Webroot WiFi Security provides one of the most powerful forms of encryption available, AES 256-bit encryption, and protects user data from cybercriminals and ISPs alike. Webroot WiFi Security does not collect your browsing activity, the sites you visit, downloaded data (or shared or viewed), DNS queries, or IP addresses. The full Webroot WiFi Security Privacy Statement can be found here.
Privacy plus the protection of Web Filtering
In addition to the privacy safeguards of Webroot WiFi Security that protect users while they work, share, bank, and browse online, users also benefit from the integration of Webroot BrightCloud® Threat Intelligence.* The app’s Web Filtering feature provides an extra layer of protection to keep your financial information, passwords, and personal files from being exploited. Webroot WiFi Security is powered by the same threat intelligence platform the world’s leading IT security vendors trust.
“Not only is Webroot protecting user privacy, it’s also shielding users from phishing sites and websites associated with malware,” said Malinger.
Webroot WiFi Security is compatible with devices running iOS®, Android™, macOS® and Windows® operating systems, and is now available to download on the Apple App Store, Google Play™ store, and Webroot.com.
*Only available on Windows, Mac and Android systems
by Connor Madsen | Oct 12, 2018 | Industry Intel
Latest Windows 10 Update Removes User Files
Microsoft recently pulled its latest update, version 1809, after several users complained about personal files being deleted. While some users were able to use third-party software to retrieve deleted files, users whose files wnet missing from the Documents folder are having a much trickier time without restoring from backups. Since hearing of the issue, Microsoft has paused the automatic update until they can find a resolution.
Magecart Campaign Continues Its Spread
Following the attacks on British Airways and Ticketmaster, Magecart skimmer techniques have been discovered on Shopper Approved, a collective of several online stores. Fortunately, the company was able to identify the altered JavaScript code and contact affected vendors. The malicious code itself was targeted at the checkout pages for the affected stores with specific URL keywords, leaving the remainder of the thousands of online retailers unaware anything had occurred.
Vulnerabilities Found in Millions of Chinese Electronics
A new wave of vulnerabilities has been spotted in nearly 9 million devices made by Chinese-based Xiongmai, leaving them susceptible to attack. Serious issues include default admin passwords without a prompt to immediately change it, no encryption when connecting to their cloud servers, and a lack of authorization checks when searching for updates. Many of these devices were known to be compromised during the Mirai botnet attacks, though the access points used for that have since been patched.
FCC To Block Illegal Spam Calls
Most people have received at least one unwelcome call on their mobile phone from a robotic auto-dialer. Now the attorneys general from 35 states are coming together in hopes the FCC can do something about those annoying calls. These types of spam calls seem to have increased in volume in recent years, even after the 2017 Call Blocking Order aimed at stopping them, forcing customers to block calls themselves. With an estimated 40 billion robocalls this year alone, it’s no surprise so many states are interested in putting a stop to this nuisance.
Google+ Goes Out on Low Note
After constantly struggling with low adoption, Google’s response to more popular social media platforms like Facebook has officially reached its end of its life. Several months ago an API bug was spotted that allowed unauthorized access to thousands of Google+ user accounts. The bug was patched but remained undisclosed until recently. With new GDPR regulations on breach disclosure, even the possibility of low volumes of affected clients could still be trouble for Google.
by Connor Madsen | Oct 5, 2018 | Industry Intel
Brazilian Bank Traffic Rerouted by Massive Botnet
A botnet containing more than 100,000 routers and other devices was recently spotted hijacking traffic destined for several Brazilian banks. The hijacking victims are then sent to one of at least 50 confirmed phishing sites that will attempt to steal any information the user will provide. Backing this ever-growing botnet are a small collection of tools used to brute-force weak passwords and continue to search for other devices with poor security.
Cyber Attack Shuts Down Canadian Restaurants
A major Canadian restaurant chain announced several of their restaurant brands had suffered a ransomware attack that affected nearly 1,400 stores in recent days. While many of the IT systems were quickly taken offline to prevent further spread of the infection, customers were met with non-functioning payment systems or just closed doors. Fortunately, the company keeps regular backups and was able to restore their systems without paying a ransom.
High-Profile Instagram Accounts Being Hacked
Several high-profile Instagram accounts were hacked and held hostage recently, with some accounts being deleted even after a payment was sent. Though many victims have contacted Instagram multiple times regarding access to their accounts, some were sent automated responses while others regained control of their accounts without hearing from the company.
Google Chrome Cracks Down on Extensions
With dozens of new extensions being added to Google’s Chrome Web Store every day, it has become increasingly difficult for Google to police for malicious apps. That’s why, accompanying the release of Chrome 70, will be the ability for users to restrict browser extensions to a single site and limit the amount of permissions the extension has over the pages viewed. Additionally, Chrome has implemented 2-step verification for all developer accounts to curb the volume of hacked apps made available.
Port of San Diego Hit by Ransomware
It was revealed last week that the Port of San Diego, which controls over 34 miles of coastline, suffered a ransomware attack that temporarily knocked out their computer systems. Fortunately, most routine port operations remained able to function normally while systems were offline. There is still no information on whether the ransom has been paid or how the infection occurred.
