by Tyler Moffitt | Jul 20, 2017 | Industry Intel
The world’s leading information security events, Black Hat USA and DEF CON, are happening next week in Las Vegas. In its 20th year, Black Hat will bring over 15,000 IT and security pros together to discuss the latest information security research, development and trends. Among these attendees, you will find academics, researchers, as well as leaders in the public and private sectors addressing the security community needs.
While Black Hat’s corporate appeal means it is generally safer than DEF CON, it’s always smart to practice good habits while in the company of hackers, many of whom are looking to demonstrate their skills. Here are my top tips for the average attendee to consider in order to stay safe and secure at this year’s Black Hat and DEF CON events:
Don’t take the bait
Over the past two years, businesses have cited phishing attacks as the most common threat they faced. Beware of falling victim to tried-and-true tactics such as phishing. Watch out for standard phishing attempts, especially those that may resemble Outlook Web Access (OWA) or other login pages you typically use for work.
Goodbye, Wi-Fi
You’re going to a hacker conference … think twice before using public Wi-Fi. While the official network at the Mandalay Bay is presumed secure, public networks in the venue or surrounding area are a definite no-go. Potentially millions of Android and iOS devices are particularly vulnerable this year due to a recently revealed bug called Broadpwn in the ubiquitous Broadcom Wi-Fi chipsets. Google has released a patch as part of its July 2017 Android Security Bulletin, so verify that your Android device is indeed running the most-recent Android security patch level dated July 5, 2017.
The same goes for other data connections on your mobile devices such as Bluetooth and NFC. Consider putting your device in airplane mode or powering down while attending sessions at either event. Stick to your cell provider’s 4G network if you must be online while you’re on the show floors. It’s also a good idea to keep these connections off on the flight to Las Vegas, also.
Protect your plastic
RFID scanners were once a common threat at Black Hat, able to pull data off credit cards at range, even those left inside a wallet. Thankfully, most credit cards are now equipped with a chip that must be inserted for the card to function, eliminating the vulnerability posed by RFIDs. Double check your credit cards to insure they are indeed using an EMV chip, and if they aren’t, call your bank for a replacement (and definitely don’t bring them to Black Hat).
Remember, some items such as passports and employee badges are still using RFID chips. These should be left secured in your hotel room or kept in special RFID-proof sleeves. Also, don’t forget to thoroughly inspect ATMs in and around the event venue. Card skimmers will likely abound on the Vegas Strip throughout Black Hat and DEF CON.
Ahoy, Bus Pirates
When piloting the show floors, you may see people showing off hacking devices known as ‘bus pirates.’ These flexible multi-tools allow hackers to interface with a large range of electronic devices using common protocols such as I²C, SPI, and MIDI. For obvious reasons, don’t allow one of these tools to be demonstrated on your device(s). The same goes for the seemingly innocuous hardware, too. You may be compelled to use the charging stations or those free USB drives being given out as takeaway gifts, but just say no. Malware can be downloaded through these connections.
All Devices Left Behind
A safe rule of thumb: avoid bringing any unnecessary devices to Black Hat. This goes for smart watches, fitness trackers, and, yes, even your car. Hackers at nearby DEF CON are known to sell signal repeaters that can replicate the frequency from wireless key fobs to unlock and even start up vehicles.
Join us in winning the fight against advanced cyber attacks and modern malware. To learn more about Webroot and beyond, visit www.webroot.com/blackhat and follow us on Twitter. We look forward to seeing you at Black Hat 2017.
by Connor Madsen | Jul 14, 2017 | Industry Intel
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Verizon Call Logs Found Exposed Online
Over the past month, researchers have been learning more about the recent discovery of unsecured customer service call records for over 14 million individuals on an Amazon server. The server in question is controlled by Nice Systems, an enterprise software company based in Israel, and contained call logs from January through June of this year. In the unencrypted records were customers’ names and their Verizon account login credentials. Even after Verizon became aware of the server’s vulnerability, it took over a week to get it properly secured by Nice Systems.
Bupa Healthcare Services Breached
In the last week, international healthcare provider Bupa was the victim of a data breach that included basic customer information, such as names, birthdates, and nationalities. The breach originated with an employee incorrectly transferring data between systems of Bupa Global, which handles international health insurance for frequent travelers—around 108,000 customers in total. The affected branch of Bupa has contacted all affected customers, and has stated that no other branches worldwide have been compromised.
Botnets Distributing New Point-of-Sale Malware
With the recent influx of botnet-related cyberattacks in the last year, it’s hardly surprising that Point-of-Sale malware is now spreading through the same channels. A variant that currently only affects Brazilian companies, LockPOS, has proven difficult to track. It makes minimal noise on the systems it infects, and spreads quickly using the FlokiBot botnet. Researchers have found samples as recent as June 24th that use the standard two-stage approach for downloading the LockPOS payload to the victim’s system.
Cryptocurrency Miner Nearly Tops Mac Malware List
In the past month, an old bitcoin miner that originally appeared in 2011 has been making a staggering reoccurrence across Mac® computers, and is involved in over 20% of all Mac malware detections in June. By spreading through malicious Mac torrent sites, it is likely being used to mine multiple different cryptocurrencies, while also stealing any cryptocurrency wallets it finds on the infected machines.
Ex-Employees Can be Major Data Security Concern
A recent study of IT-directors across the UK revealed nearly half of all ex-employees still have access to corporate networks and drives. Even worse, of the 600 companies surveyed, nearly 25% had experienced a data breach caused by a recently released employee. While the majority of survey participants have procedures in place for de-provisioning former employees, their processes are not automated, and must be completed manually. This leaves potentially lengthy (and dangerous) gaps between an employee’s departure and subsequent offboarding.
by Connor Madsen | Jul 7, 2017 | Industry Intel
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
British Lawmakers’ Logins Targeted
Over the last week, multiple parliament members and other lawmakers in the UK have been the focus of cold-callers attempting to gain login credentials, following a successful brute force attack that compromised the credentials of several other officials. Passwords for the remainder of the parliamentary staff have received a force reset to avoid any further exploitation of their systems.
Banks Still Struggle with Security
The Online Trust Alliance recently conducted an anonymous study of 1,000 websites across many different sectors, to test for security, privacy, and consumer protection. Of the 100 largest US banks in the study, only 27% passed all 3 categories, while 65% failed in at least one category. Although the American Banking Association still believes that banks are the current standard for security, the long list of breaches throughout the last year alone leave many consumers questioning just how secure their banks really are.
Sabre Breach Exposes Google Employee Data
In the past few days, Google has been sending out notifications to employees after Sabre Hospitality Services experienced a breach in their reservation system. While the breach appears to have occurred between August 2016 and March 2017, most employees’ data should still be secure, since Sabre automatically deletes reservation details after 60 days. In addition to Google employees, this breach may affect anyone who has used Sabre booking services during the suspected breach period. Those who believe they may have been affected should check their billing statements regularly for discrepancies.
Feedback Scammers Pick 5,000 Companies to Extort Millions
Scammers are now using the .feedback top-level domain (TLD) to extort money from companies. The TLD exists so companies can invite their customers to provide comments on their services. Sounds pretty swell, but only if the company is the first to register the .feedback domain for their brand. A new group of scammers has created domains for 5,000 top companies, with the demand that companies either pay monthly to receive the feedback their customers submit, or pay a lump sum to have the site taken down entirely.
Mozilla Site Security Review Has Shocking Results
Mozilla just completed a study of the top 1 million websites to determine their overall ability to protect visitors from various types of cyberattacks. Unfortunately, nearly 94% of study participants received an “F” across the 13-point test. While an increasing number of sites continue to improve their security year-over-year, the majority still have a long way to go.
by George Anderson | Jul 1, 2017 | Business + Partners, Managed Service Providers
Savvy MSPs know that automation improves efficiency and strengthens their bottom line. In a nutshell, automation enables an MSP to reduce the amount of time its technicians spend handling routine or repetitive tasks, thus cutting costs for service delivery and freeing those techs to devote more attention to activities that generate more revenue.
Enabling Creativity Spurs Growth
It’s no secret that computers are more efficient than humans when it comes to performing repetitive work, while humans deliver superior results in situations that require creativity, critical thinking, and decision making. Part of the reason automation is so effective is because it enables MSPs to take advantage of these fundamental truths.
Freeing up your technicians for more appropriate endeavors presents benefits beyond simple cost savings. It also gives you the opportunity to differentiate yourself from other MSPs and position your business for future growth by finally enabling your technicians to see the forest for the trees.
When an MSP’s technicians are mired in routine administration and maintenance responsibilities—such as deploying security upgrades, performing regular disk cleanup, or managing tickets—there’s no time to step back and evaluate the overarching IT challenges that affect that particular client. And that means missed business opportunities.
More Time for Personalization
Proactively identifying a client’s IT challenges will help that client improve their business operations. This will not only differentiate you from other MSPs, it will also establish a foundation of trust upon which you can build long-term relationships with your customers; which, of course, is key to generating recurring, predictable revenue.
But an MSP can only design creative solutions to its clients’ business and IT challenges if its team has the time to identify those challenges. They need the bandwidth to consciously and continuously review each client’s business operations and craft powerful and personalized solutions.
Automation can solve that problem. Not only does it free up your IT team to focus on the specific issues each client faces, it also allows you to deliver a more comprehensive range of services individually tailored to those clients.
Today’s combination of automated and dynamic cloud services let you choose from an array of solutions for each of your clients, while still ensuring management is automated for maximum efficiency. The net result? You’ll boost your profitability by increasing customer satisfaction and long-term patronage, all while significantly reducing your management and operational costs.
Learn More… and Enter for a Chance to Win!
The Webroot #MSProfits Program is dedicated to helping MSPs boost their profitability by automating their business operations. Learn more about the benefits of automation or 5 steps you can take to help automate your MSP business, and enter for a chance to win a sophisticated home technology package.
by Connor Madsen | Jun 30, 2017 | Industry Intel
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Ukraine Hit With Nationwide Cyberattack
In the past week, Ukrainian officials have been making announcements regarding a cyberattack that has affected nearly all of the nation’s industries and government sectors. Also affected is Ukraine’s main airport, creating significant delays. While it is still unclear who initiated the attack, officials are saying that the infection was targeted to cause destruction across a variety of the country’s essential systems.
Wind Farms Surprisingly Insecure
As we move get closer to mass-production of wind power, the security of the turbines themselves is coming under scrutiny. Over the past few years, researchers have been performing penetration tests on multiple wind farms across the US, and have discovered that most are only as secure as the tumbler lock on the turbine door. After accessing the interior of the rarely-manned turbine, researchers were able to gain full control of not only that individual turbine, but every other one connected to the network. In light of such tests, the industry will soon have to make significant improvements to the turbines’ physical security of the turbines, as well as the networks they use.
Petya Ransomware Destroys Data, Rather than Ransoming It Back
Following this week’s Petya cyberattacks, researchers have been working tirelessly to understand the exact circumstances involved. While some believed it to be a ransomware attack, it appears the malware author’s intent was purely destructive. Rather than the typical bitcoin ransom demand, the infection virtually destroys the hard drive in question by encrypting the Master File Table and removing any access to the remainder of the encrypted files.
8Tracks Music Social Network Hacked
Over the past few days, a hacker operating on the Dark Web has posted an offer for 18 million 8Tracks user accounts and passwords. A sample of the data was verified, and, although the usernames and passwords are all SHA-1 encrypted, several web tools are readily available to any buyers determined to crack it. 8Tracks has since confirmed the breach and recommended that all users change their login credentials, especially those that have been used for multiple sites.
South Korean Banks Face Large DDoS Ransom Demand
In the last few days, at least 5 major South Korean banks have been threatened with a large-scale DDoS attack unless they pay a ransom of $315,000 in bitcoins. It’s no coincidence that this attack comes just weeks after the successful ransom of a South Korean web hosting service, though it would appear that the attackers never followed through, as the banks’ sites have remained up and running past the Monday deadline.
by Tyler Moffitt | Jun 27, 2017 | Industry Intel
[Updated June 29, 2017, 10:20 a.m. MDT]
A host of companies across industries have confirmed attacks today by a brutal wave of ransomware, including global law firm DLA Piper, U.S. pharmaceutical giant Merck, and the Danish shipping company Maersk. Although targets originally appeared in Ukraine—shutting down power plants, banking services and supermarkets—this latest cyberattack has quickly spanned critical economic sectors around the globe.
Webroot customers are protected against this variant. This cyberattack was first seen by our threat research team at roughly 10:00 a.m. UTC on June 27, 2017.
What we know
Webroot’s threat researchers have confirmed that this ransomware is a variant of an older attack dubbed Petya, except this time the attack uses EternalBlue to target Windows systems—the same exploit behind the infamous WannaCry attack. While this variant appears to be an upgraded version of Petya, there is no confirmation that this attack is from the same author.
This variant mirrors Petya in that it encrypts the Master File Table (MFT) by overwriting the bootloader code, though unlike previous versions, it encrypts files based on file extension. The system fails to boot as usual and the end user instead sees a screen that appears similar to DOS and demands payment. The shot below depicts the preparation of the EternalBlue triggering packet.
This is the same attack vector that made WannaCry so effective, but we have also observed additional techniques used to infect more machines.
Here we can see that the worm is also utilizing WMI (Windows Management Instrumentation) in a technique to further reach through the network using credentials siphoned from the local machine.
Once the machine is infected, the computer will immediately restart to what looks like a ‘chkdsk,’ but isn’t. Below is an image from Ukrainian Prime Minister Pavlo Rozenko’s Facebook showing the world what the ransomware looks like while it encrypted his computer during this fake chkdsk stage.
This stage is the ransomware encrypting files on your hard drive. We found that the ransomware doesn’t encrypt the entirety of your files with matching extensions, but instead encrypts up to the first mebibyte of data. This is done presumably to save time during the encryption process, but also ensures that enough of the file is encrypted to be unlikely to restore without paying the ransom.
Once the fake chkdsk is complete (or all the files on the computer are encrypted) the infection will reboot the computer once more to this screen:
There is no way for a victim to retrieve their files other than to email the cybercriminal after paying the bitcoin address listed in the ransom. In fact, the email address listed in the ransom has, as of now, been shut down by the email provider. Essentially, this means victims are unable to get their files back, even after paying the ransom, as the payload author is now prevented from checking this email.
It now seems the attack’s intended effect was not to generate ransom payments at all. In a detailed post on the Microsoft Malware Protection Center blog, the initial route of infection was revealed to be a malicious update to tax accounting software deployed by the Ukrainian company M.E.Doc.
Given the initial attack vector and level of sophistication, the underlying motive appears to be aimed at wreaking the maximum amount of disruption in Ukrainian infrastructure, while merely operating under the guise of ransomware. This suspicion is supported by the absence of a payment portal or functional email address to deliver the ransom payment.
Why it matters
The bottom line is that companies are still failing to adequately secure their IT systems from the EternalBlue vulnerability in the Windows Server Message Block (SMB) server.
Microsoft issued critical security updates to patch this vulnerability on March 14, 2017. To verify that the MS17-010 patch is installed, follow the directions in this Microsoft support article.
If you’d like to learn more about this Petya-based attack, catch the replay of my webinar: Deep Dive into Petya-based & WannaCry Ransomware Attacks.
An interesting tidbit
Our threat researchers have determined that this infection includes a check to see if a file named “perfc” or “perfc.dat” exists in the Windows root directory before executing (a kill switch of sorts). Of course, the best “kill switch” is to perform updates that patch known vulnerabilities such as EternalBlue.
by Connor Madsen | Jun 23, 2017 | Industry Intel
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
WannaCry Shuts Down Honda Production Plant
Over the last few days, Honda officials have discovered a recurrence of WannaCry across multiple machines around the globe. This reinfection was enough to force the temporary closure of their Sayama plant in Japan. While Honda did implement several patches to ward off the initial attack in May, their efforts may not have been thorough enough, leading to their current predicament. Fortunately, the plant was able to reopen a day later, after the systems had been fully updated and cleaned.
Web Host Pays Out $1 Million Ransom
A South Korea-based web hosting service was recently hit with a Linux variant of Erebus ransomware, which affected over 150 unique servers for thousands of different business clients. While Linux systems haven’t traditionally been desirable targets for ransomware, attacks like this one are steadily increasing as more Linux exploits are discovered. Faced with the prospect of overwhelming fallout, the owner of the hosting company chose to pay the ransom, after negotiating with the attackers for a smaller sum.
NSA Malware Installing Cryptocurrency Miners
As further effects of the NSA leak continue to surface, one NSA hacking tool in particular is being used again as a backdoor to allow remote file execution on infected machines and install a cryptocurrency miner. In addition to using DOUBLEPULSAR—a backdoor that was also used in WannaCry attacks in May—to infect the machine, the Trojan also does a check for CPU usage to determine if the computer is suitable for mining Monero, a newer cryptocurrency that has been gaining market strength.
Mac® Computers Becoming Focal Point for Attackers
As more high-level employees use Macs for their daily operations, cybercriminals have more reasons to focus on Apple products when looking for valuable data to steal. By using service-based malware campaigns, criminals can now target entire networks of systems, rather than individual computers, giving them greater reward for less effort. Fortunately for Mac users, the same security rules for PC still apply: run the latest security updates, always back up your important files, and use some form of third-party security software to cover the remaining attack vectors.
WannaCry Found on Australian Traffic Cameras
In the past week, officials have discovered at least 55 traffic cameras in Victoria, Australia were compromised with WannaCry ransomware after being connected to an infected USB drive. While the cameras have continued to function normally, traffic officials are still monitoring the system to ensure no incorrect traffic citations are issued due to the camera tampering.
by Ashley Stewart | Jun 20, 2017 | #LifeAtWebroot
These days, it seems like you can’t turn on the TV or open a news site without reading some terrifying headline related to cybersecurity. And the numbers keep escalating. Yahoo’s breaches impacted 1 billion user accounts. Chipotle’s security incident affected more than 2,500 stores in 48 states. We know what cybercriminals are doing; they’re stealing credentials and laughing all the way to the bitcoin bank. So what are we, the good guys, doing to get ahead of criminals?
That’s where today’s interviewee, Eric Klonowski, comes into play. Eric is a senior advanced threat research analyst, meaning he reverse-engineers malware, at Webroot. He has to think like a hacker to figure out how the bad guys manipulate benign software by literally taking apart, or “unpacking” malware.
Webroot: Let’s start with the basics, Eric. Tell me a bit about yourself?
Eric Klonowski: Growing up, I was a nerd. I liked to take things apart and figure out how they work. At six or seven, I would take apart landline phones just to see what was inside.
This was my start as a reverse engineer. Even now, I like to disassemble random software to see what makes it tick.
On any given day, 90 percent of what I think about is related to security, malware, computer science, and engineering. It’s my passion. Perhaps I need to get outside more, but generally, security is what I think about.
I’m not surprised by your “focus” on the industry. I think your field requires that level of passion and commitment. Besides, nerds are cool nowadays, thanks to the Mark Zuckerbergs of the world. How did you make the leap from deconstructing phones to reverse engineering?
Probably not a shocker to anyone who has read this far, but I was a mischievous child. I remember going on a family trip when as a kid, and I spent the entire time on my laptop following Russian tutorials on how to crack software. I loved that complex software protections could be reduced to a simple byte.
I kept teaching myself from there, and that naturally evolved to looking at more in-depth, sophisticated software. Malware is particularly interesting to me because it is level 10 difficult as far as puzzles go. A malware author’s entire goal is to fool reverse engineers like me.
The problems I face are not traditional computer science problems that are covered in textbooks. They tend to be non-traditional, and without getting too far into the weeds, they are unique problems you won’t find at other organizations.
So how did you hear about Webroot?
I was perusing an online job search site and got an ad. Being a malware-oriented techie, I was aware of Webroot.
At the time, I was working as a government contractor, and I was interested in getting into the commercial world—something that doesn’t require clearance.
I don’t know, that sounds pretty cool!
It was an awesome opportunity. I started as an intern, which is key for getting your foot in the door anywhere, and it soon turned into a full-time job. But I wanted to be able to discuss my work and be more involved in the threat community.
That makes sense. What does a day in the life look like for you?
The majority of the time, I’m really excited to come into work. I know there are interesting problems waiting for me to dissect. The problems I face are not traditional computer science problems that are covered in textbooks. They tend to be non-traditional, and without getting too far into the weeds, they are unique problems you won’t find at other organizations. They aren’t algorithm or mathematically driven, but related to questions like, “how can I manipulate the nature of the software already running on the system?”
I also interface with almost every engineering team and multiple departments. It gets me out of my shell.
What lessons have you learned from working for a few years?
Absolutely everyone has something to offer. In school, we tend to segregate into specific engineering groups and form bias. Even working with people like you (public relations career shout out!), there tends to be a distancing at first because you don’t understand each other’s roles.
But we all have something to offer, and we are all good at what we do. I have something to learn from everyone at this organization.
That’s a great life lesson, Eric. Switching the focus to students, any advice for hopefuls in your field?
This is the kind of job where you need to be passionate about figuring out how things work. You may want to do something good for the world, and this is one way to do that. But if you’re the kind of person who walks by the puzzle store at the mall and thinks, “those look cool, I wonder how they work,” this is the kind of job you would find interesting.
Full disclosure: this is not just a 9-to-5 job. I find myself thinking about these problems all the time.
What about professionals looking to get into reverse engineering? There have been a lot of conversations around re-training traditional IT staff to fill the many cyber roles available.
I think people who have a solid network or security background could make the transition, if they are passionate enough about the field to teach themselves. This isn’t something you will pick up by shadowing a co-worker for a few days or reading a single book. You need to roll up your sleeves and dig into online forums, webinars, courses, and you need the drive to keep learning.
That’s the truth! It reminds me of my favorite quote from Mahatma Gandhi, “Live as if you were to die tomorrow. Learn as if you were to live forever.” Thanks for taking the time to chat, Eric.
If you’re interested in a job at Webroot, check out our careers page, www.webroot.com/careers.
by Gary Hayslip | Jun 19, 2017 | Industry Intel
Popular third-party chat platforms like Slack, Discord, and Telegram are just a few of the many new productivity applications that are being hijacked by cybercriminals to create command-and-control (C&C) communications infrastructures for their malware campaigns. As corporate security teams become more aware of traditional malware threats and deploy new security solutions to defend against them, cybercriminals continue to innovate. Now they’ve turned to well-known chat and social media applications as platforms to communicate with their deployed malware.
Hiding in Plain Sight
The appeal of these chat programs for cybercriminals is born from the fact that many of them are free, easy to use, and incorporate application programming interface (API) components that simplify connections between the programs and custom-built applications. It’s this use of APIs that allows hackers to operate undetected on corporate networks. This clever technique enables hackers to entrench their access by camouflaging themselves with normal data flows. Plus, because this malware leverages software platforms and services that are readily available (and free), all hackers need to do in order to stay connected to their growing malware bot farm is set up an account on their chat platform of choice.
Granted, not all software using APIs is susceptible to this type of attack. However, these attacks are a clear demonstration that tools used by project management and software development teams can be compromised in ways that expose their organizations to significant risk. I predict that similar vulnerabilities in productivity services and applications used by corporate technology teams will continue to be exploited—at an even greater rate. In many ways, these attacks mirror what we’ve seen recently targeting core protocols that operate on the Internet.
Know Your Enemy
Luckily, knowing the enemy is half the battle. With this in mind, we can manage these types of threats, and some of the steps I recommend come down to basic cyber hygiene. I highly recommend security professionals deploy an antivirus solution that incorporates anti-malware and firewall services to all endpoints. A solid threat-intelligence service is also vital to educate security staff and business stakeholders on the current threats and threat actors targeting their business.
One final point: it’s a good idea to screen all outbound network traffic in order to verify that it’s going to legitimate destinations. Hopefully, you’ve already deployed these recommended security controls. If you are missing one or more of these elements, it’s time to shore up your cybersecurity efforts to protect yourself and your organization.
by Connor Madsen | Jun 16, 2017 | Industry Intel
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
New Mobile Phishing Attacks are Using URL Padding
In an attempt to trick mobile browsing users into accessing malicious sites, attackers have begun adding multiple hyphens to URLs that keep the false address out of the mobile browser’s small address bar. This “URL padding” has even been spotted targeting high-traffic sites such as Facebook and Craigslist, to increase criminals’ chances of stealing user login credentials. We strongly recommend that users enter the desired URL manually, rather than clicking links, while also trying to maintain the same security standards for their mobile devices as for PCs.
Airline Traveler Data Remains Unsecured
While physical security around air travel has greatly increased over the last decade and a half, the data security of the nearly 8 million travelers is still at risk. The trouble stems largely from antiquated airline systems in general, which are currently exempt from the current Payment Card Industry Data Security Standards that are compulsory for all other online-sales industries. For the sake of airline travelers everywhere, we hope these systems will soon receive the updates they so desperately need to keep passenger and employee data safe.
Mazda Cars’ Infotainment Systems are Totally Hackable via USB
Over the past several years, many Mazda owners have been modifying their car’s entertainment systems using USBs that are pre-loaded with a specific code that allows high-level access to the system. While your imagination could run wild with the cybercriminal possibilities, for the time being, the code only operates when the car is running. This minor defense mechanism stops attackers from accessing the car remotely. The initial USB vulnerability has been well documented since the 2014 model year, so it’s somewhat surprising that it hasn’t been exploited further.
London University Hit with Ransomware
Within the last week, officials at University College London have been attempting to discover the origin of an attack that left large portions of their networks encrypted. It’s likely it began with a phishing email which then propagated throughout the university’s shared networks over the next couple of days. Fortunately for students and staff, it appears the encrypted data was securely backed up and will be used to restore the file structures once the infection is fully removed.
Dark Web Service Offers SS7 Access for Cheap
Recently, a service has popped up on the Dark Web that would give several functionalities to anyone interested in tracking or monitoring any smart device. The service offers several different levels of monitoring, ranging from a basic report on a specific device to full tracking and message interception (for a larger fee, of course). While the exact method used to access these networks is still unknown, the manager of the service claims that it is surprisingly easy, even with all of the security and prevention techniques today’s telecom providers use.
