Security Briefing 12.20.2016
No More Ransom project, an alliance of law enforcement and heavy hitters from Kaspersky and Intel that can help users decrypt ransomware without paying criminals for it, expands to include additional law enforcement agencies from 13 countries and new partners: Bitdefender, Trend Micro, Emsisoft, and check Point, bringing the full suite of decryption tools to 40.
A brief power outage in Ukraine’s capitol city of Kiev on Saturday may have been caused by ‘external interference through the data network’ – aka hackers. Not the first time Ukraine has experienced power outages from malware, either.
Yahoo! revealed last week that a full suite of 500 million accounts were compromised of information including, but not limited to, hashed MD5 passwords, names, email addresses, dates of birth, and in some cases encrypted and decrypted security questions and answers.
Germany is taking fake news into its own hands; lawmakers in Berlin are mulling a policy over to hold Facebook accountable for ‘fake news’ posts – up to a €500,000 per post fine.
Payouts from ransomware are looking to hit the $1,000,000,000 mark by years’ end. Paying off criminals is slowly being associated with ‘the cost of doing business’ in the modern era; a dangerous precedent. This article includes interesting percentages, such as ‘overall, 25% of business executives said, depending upon the type of data, they would be willing to pay between $20,000 and $50,000 to get access back.’
A recent U.S. indictment of three Romanian hackers has gained some attention; the hackers infected 60,000 computers, at least, in the U.S. via 11,000,000 malicious emails. This netted the Romanian trio nearly $4,000,000.
A Turkish crime group has set up a league that awards points to other groups willing to use its tool to carry out DDoS attacks on websites it doesn’t like. Think of it as a game and using their tools allows you to accumulate points. An interesting take on denial of service attacks.
The latest iOS 10.2 update for devices does more than add 100 emoji’s to the United States users (cool!), it also patches a hole in the ‘Find My IPhone’ feature of 10.1 that renders it useless as well as 5 more lock screen security flaws. Related, soon after the iOS 10.2 update was released, macOS update 10.12.2 was released, updating several critical flaws in the operating system that allowed for drive-by malware to function. Please update your iOS devices and MAC computers to the latest version as soon as you can and always stay on top of updates on operating system software.
A story that dates back to February has gained some more traction recently due to leaked documents: in February, a Bangladesh bank experienced a staggering $81,000,000 cyberhiest and, reports indicate, the same network has been compromised again to steal more money. Cyberattacks against banks are a more common and persistent threat than originally identified- especially outside of the United States.
Interesting new ransomware GoldenEye is a two-prong attack, attachments of course, that are disguised as a resume and aptitude test. Once opened, not only does it encrypt files via regular old Cryptolocker standards, it also schedules the next reboot to show a fake “checkdisk” screen. While the ‘checkdisk’ screen is running, Petya is actually encrypting and scrambling the master file table (MFT), effectively rendering your computer useless. And, if you do want to pay, you have to do it twice. Once to get back into Windows (the MFT part) and again to decrypt the encrypted files.
The owner of Ashley Madison, the site for ‘inquisitive adults,’ has agreed to pay $1.6 million to settle the case brought on by the Federal Trade Commission. The remainder of a $17.5 million settlement was suspended. This story will continue to get better over time.