September 2017

Ransomware Attackers Demanded $19K from California School District
David Bisson
https://www.tripwire.com/state-of-security/latest-security-news/ransomware-attackers-demanded-19k-california-school-district/
Excerpt:
“Ransomware attackers demanded $19,000 from a California school district for a decryption key that would unlock its encrypted data.”
Cybercriminals increasingly focusing on credential theft
https://www.helpnetsecurity.com/2017/09/29/credential-theft/
Excerpt:
“Criminal tactics used to access user credentials are growing in prevelance, and that a record 47 percent of all malware is new or zero day, and thus able to evade signature-based antivirus solutions, according to WatchGuard.”
Iranian APT33 Hackers Launch Phishing Attacks on Aviation, Energy Industries
Jeff Goldman
https://www.esecurityplanet.com/threats/iranian-apt33-hackers-launch-phishing-attacks-on-aviation-energy-industries.html
Excerpt:
“FireEye researchers recently determined that an Iranian government hacking group, which the researchers are calling APT33, uses phishing attacks to target companies in the U.S., Saudi Arabia and South Korea. The group has been in operation since at least 2013.”
Singapore banks closing accounts of cryptocurrency firms
https://www.out-law.com/en/articles/2017/september/singapore-banks-closing-accounts-of-cryptocurrency-firms/
Excerpt:
“Two Singapore trade bodies told the Business Times that their members have faced problems with banks closing accounts.”
Europol Warns Banks ATM Cyber Attacks on the Rise
http://www.securityweek.com/europol-warns-banks-atm-cyber-attacks-rise
Excerpt:
“Cyber criminals are increasingly accessing ATM machines through the banks' networks, with squads of money mules standing by ready to pick up the stolen cash, Europe's policing agency warned Tuesday.”
Skynet in China: Real-life 'Person of Interest' spying in real time
Ms. Smith,
https://www.csoonline.com/article/3228444/security/skynet-in-china-real-life-person-of-interest-spying-in-real-time.html
Excerpt:
“AI married to CCTV surveillance in China uses facial recognition and GPS tracking to overlay personal identifying information on people and cars in real time”
Shocker? Companies still unprepared to deal with ransomware
https://www.helpnetsecurity.com/2017/09/27/unprepared-ransomware/
Excerpt:
“Companies and government agencies are overwhelmed by frequent, severe ransomware attacks, which have now become the #1 cyber threat to organizations, according to Crowd Research Partners.”
ATM hackers switch to network-based attacks
Zeljka Zorz
https://www.helpnetsecurity.com/2017/09/27/atm-network-based-attacks/
Excerpt:
“More and more attacks against ATMs are network-based, Trend Micro researchers have found.”
After hack, security researchers probe Deloitte’s security posture
Zeljka Zorz
https://www.helpnetsecurity.com/2017/09/27/deloitte-security-posture/
Excerpt:
“It’s difficult – if not impossible – for any organization to keep their networks and systems completely safe from knowledgeable, well-resourced and determined attackers.”
A simple example of a complex cyberattack
Vasily Berdnikov, Dmitry Karasovsky, Alexey Shulmin
https://securelist.com/a-simple-example-of-a-complex-cyberattack/82636/
Excerpt:
“We’re already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious campaign that we detected a while ago – we named it ‘Microcin’ after microini, one of the malicious components used in it.”
This popular Android keyboard app has been secretly collecting data and could be spying on users
India Ashok
http://www.ibtimes.co.uk/this-popular-android-keyboard-app-has-been-secretly-collecting-data-could-be-spying-users-1640665
Excerpt:
“The popular Android custom keyboard app Go Keyboard was found secretly collecting user data and sending it to remote servers. The app, which is available via Google Play Store and third-party app stores and has been downloaded by over 400 million users, was also found downloading "dangerous" executable code from a third-party server.”
China blocks WhatsApp
Shannon Liao
https://www.theverge.com/2017/9/25/16362292/china-whatsapp-censorship-wechat-no-more-texts
Excerpt:
“China has blocked WhatsApp, security experts confirmed today to The New York Times. Over the past few months, WhatsApp has experienced brief disruptions to service, with users unable to send video chats or photos. Now, even text messages are completely blocked, according to Nadim Kobeissi, an applied cryptographer at Symbolic Software, a Paris-based research firm that also monitors digital censorship in China.”
Lawyer: Hacker in Spanish custody sought by US, Russia
http://www.bostonherald.com/news/international/2017/09/lawyer_hacker_in_spanish_custody_sought_by_us_russia
Excerpt:
“Russian authorities are fighting the extradition of an alleged Russian hacker from Spain to the United States, the suspect's lawyer said Friday, in the latest move by Moscow to block U.S. prosecution of suspected Russian cybercriminals.”
Criminal hacking: Top technology risk to health, safety and prosperity
https://www.helpnetsecurity.com/2017/09/25/criminal-hacking/
Excerpt:
“Americans believe criminal hacking into computer systems is now a top risk to their health, safety and prosperity. Criminal hacking, a new ESET survey finds, outranks other significant hazards, including climate change, nuclear power, hazardous waste, and government surveillance.”
Android unlock patterns are a boon for shoulder surfing attackers
Zeljka Zorz
https://www.helpnetsecurity.com/2017/09/25/android-unlock-patterns/
Excerpt:
“The “swiping” unlock patterns typical for Android devices are considerably easier for attackers to discern than PIN combinations.”
Industry reactions to the Deloitte cyber attack
https://www.helpnetsecurity.com/2017/09/25/industry-reactions-deloitte-cyber-attack/
Excerpt:
“Deloitte has been targeted in an attack that compromised the emails and plans of some of its clients. Here are some of the industry comments Help Net Security received regarding this incident.”
CCleaner hackers targeted tech giants with a second-stage malware
Pierluigi Paganini
http://securityaffairs.co/wordpress/63282/apt/ccleaner-hack-tech-giants.html
Excerpt:
“The threat actor that recently compromised the supply chain of the CCleaner software to distribute a tainted version of the popular software targeted at least 20 major international technology firms with a second-stage malware.”
Passwords to Over a Half Million Car Tracking Devices Leaked Online
Dell Cameron
https://gizmodo.com/passwords-to-access-over-a-half-million-car-tracking-de-1818624272
Excerpt:
“We’ve seen a lot of data breaches this year: some big, some small, some that are dangerous, and some that are just embarrassing. But if we were to name one as the creepiest data breach of 2017, this leak of logins for car tracking devices might take the cake.”
When Responding to a Data Breach, Cooperation Is Nine-Tenths of the Law
George Moraetes
https://securityintelligence.com/when-responding-to-a-data-breach-cooperation-is-nine-tenths-of-the-law/
Excerpt:
” In recent years, several high-profile breaches involving customer data have led to long and costly litigations. These events demonstrated that data protection is more than just a cybersecurity concern.”
ISPs in at least two countries were involved in delivering surveillance FinFisher Spyware
Pierluigi Paganini
http://securityaffairs.co/wordpress/63258/malware/finfisher-spyware-isps.html
Excerpt:
“Finfisher infected victims in seven countries and experts believe that in two of them the major internet providers have been involved.”
Researchers Link CCleaner Hack to Cyberespionage Group
Lucian Constantin
https://motherboard.vice.com/en_us/article/7xkxba/researchers-link-ccleaner-hack-to-cyberespionage-group
Excerpt:
“The recent attack that resulted in 2.2 million users installing infected versions of a popular Windows system optimization tool might have been the work of a sophisticated cyberespionage group with a history of software supply chain compromises.”
Hackers behind CCleaner compromise were after Intel, Microsoft, Cisco
Zeljka Zorz
https://www.helpnetsecurity.com/2017/09/21/ccleaner-compromise-targets/
Excerpt:
“There is a new twist in the CCleaner hack saga: the attackers apparently didn’t set out to compromise as many machines as possible, but were after some very specific targets.”
46,000 new phishing sites are created every day
https://www.helpnetsecurity.com/2017/09/22/46000-new-phishing-sites/
Excerpt:
“An average of 1.385 million new, unique phishing sites are created each month, with a high of 2.3 million sites created in May. The data collected by Webroot shows today’s phishing attacks are highly targeted, sophisticated, hard to detect, and difficult for users to avoid. The latest phishing sites employ realistic web pages that are hard to find using web crawlers, and they trick victims into providing personal and business information.”
Setting the standard for a blockchain protocol for IoT
https://www.helpnetsecurity.com/2017/09/20/blockchain-iot/
Excerpt:
“A wide range of blockchain technology companies and enterprises like Cisco, Gemalto and Bosch have launched the Trusted IoT Alliance, an initiative that aims to bring companies together to develop and set the standard for an open source blockchain protocol to support IoT technology in major industries worldwide.”
Using security cameras and infrared light to extract data from air-gapped networks
Zeljka Zorz
https://www.helpnetsecurity.com/2017/09/20/extract-data-from-air-gapped-networks/
Excerpt:
Researchers have demonstrated that it’s possible for attackers to covertly exfiltrate data from and send data into an air-gapped network by using the infrared light capabilities of (indoor and outdoor) security cameras connected to it.”
Worldwide security appliance revenue increased to $3 billion
https://www.helpnetsecurity.com/2017/09/19/worldwide-security-appliance-revenue/
Excerpt:
“According to IDC, the total security appliance market saw positive growth in both vendor revenue and unit shipments for the second quarter of 2017 (2Q17). Worldwide vendor revenues in the second quarter increased 9.2% year over year to $3 billion and shipments grew 7.0% year over year to 706,186 units.”
Number of lost, stolen or compromised records increased by 164%
https://www.helpnetsecurity.com/2017/09/20/lost-stolen-compromised-records/
Excerpt:
“According to Gemalto’s Breach Level Index, 918 data breaches led to 1.9 billion data records being compromised worldwide in the first half of 2017.”
Here’s How Hackers Can Hijack Your Online Bitcoin Wallets
Mohit Kumar
http://thehackernews.com/2017/09/hacking-bitcoin-wallets.html#
Excerpt:
“Researchers have been warning for years about critical issues with the Signaling System 7 (SS7) that could allow hackers to listen in private phone calls and read text messages on a potentially vast scale, despite the most advanced encryption used by cellular networks.”
Retailers Experience Two Cyber Attacks Every Week
Zynstra
https://www.informationsecuritybuzz.com/study-research/retailers-experience-two-cyber-attacks-every-week-2/
Excerpt:
“Retailers are responding to cyber attacks on average twice a week — this is according to the latest research from Zynstra, an enterprise-grade IT software provider. 16% of retailers said they experienced an attack or attempted attack every day, 11% said they responded 2-3 times per week, and 64% said once a month.”
Apple’s Face ID can be quickly disabled in an emergency
Zeljka Zorz
https://www.helpnetsecurity.com/2017/09/18/disable-face-id/
Excerpt:
“A week ago, Apple debuted iPhone X and Face ID, a new biometric security mechanism that replaces Touch ID.”
Hackers backdoored CCleaner, likely affecting millions of users
Zeljka Zorz
https://www.helpnetsecurity.com/2017/09/18/hackers-backdoored-ccleaner/
Excerpt:
“Legitimately signed but backdoored versions of the popular CCleaner utility were available for download from the developer’s Web site and servers for nearly a month, Cisco Talos researchers have discovered.”
Cybercriminals deploying assortment of banking Trojans and ransomware
https://www.helpnetsecurity.com/2017/09/18/banking-trojans-ransomware-august-2017/
Excerpt:
“Check Point revealed that banking trojans were extensively used by cybercriminals during August, with three variants appearing in the company’s latest Global Threat Impact Index.”
Federal agents can search your phone at the US border — here’s how to protect your personal information
Rebecca Harrington
http://www.businessinsider.my/can-us-border-agents-search-your-phone-at-the-airport-2017-2/?r=US&IR=T
Excerpt:
“When you’re entering the United States, federal agents have broad authority to search citizens and visitors alike – but a new lawsuit filed Wednesday is trying to change that.”
3 Countries with 3 Different Legal Approaches to the Cloud
Sean Westbrook
https://themerkle.com/3-countries-with-3-different-legal-approaches-to-the-cloud/
Excerpt:
“One of the most fascinating things to watch is how different governments and organizations deal with the advent of cutting-edge tech. It’s particularly interesting to watch the legislative process to see how each individual country decides to regulate these new platforms, gadgets and tools.
British computer hacker, 25, stole data from US military communications systems including 30,000 satellite phones in £450,000 attack
Rory Tingle
http://www.dailymail.co.uk/news/article-4884920/British-computer-hacker-25-stole-data-military.html
Excerpt:
“A British computer hacker who gained unauthorised access to data from US military communication systems has been handed a suspended prison sentence.”
Zerodium is offers $1 Million for Tor Browser Exploits
Pierluigi Paganini
http://securityaffairs.co/wordpress/63006/hacking/zerodium-tor-browser-exploit.html
Excerpt:
“The company ZERODIUM announced it will pay up to $1 million for fully working zero day exploits for Tor Browser on Tails Linux and Windows OSs.”
Why end-to-end encryption is about more than just privacy
Zeljka Zorz
https://www.helpnetsecurity.com/2017/09/13/end-to-end-encryption/
Excerpt:
“The question of whether regular people need end-to-end encryption will surely be debated for quite some time. But for Alan Duric, CEO and co-founder of Wire, the question can only have a positive answer.”
Billions of mobile, desktop and IoT devices potentially exposed to BlueBorne Attack
Pierluigi Paganini
http://securityaffairs.co/wordpress/62968/hacking/blueborne-attack.html
Excerpt:
“Billions of mobile, desktop and IoT devices that use Bluetooth may be exposed to a new stealthy remote attack dubbed BlueBorne attack.”
European banks at mercy of US regulators
https://www.helpnetsecurity.com/2017/09/12/european-banks-us-regulators/
Excerpt:
“European banks are under disproportional enforcement pressure from US regulators. Since 2012, of the $38.4bn levied in economic crime fines worldwide, 97 percent of all fines have come from US regulators. With the average fine for European banks being ten times the amount US banks have been served.”
Billions of Bluetooth-enabled devices vulnerable to new airborne attacks
Zeljka Zorz
https://www.helpnetsecurity.com/2017/09/13/blueborne/
Excerpt:
“Eight zero-day vulnerabilities affecting the Android, Windows, Linux and iOS implementations of Bluetooth can be exploited by attackers to extract information from, execute malicious code on, or perform a MitM attack against vulnerable devices.”
South Korea Prepares to Introduce New Cryptocurrency Regulations
JP Buntinx
https://themerkle.com/south-korean-officials-prepare-to-introduce-new-cryptocurrency-regulations/
Excerpt:
“Every time a country tries to introduce new cryptocurrency regulation, there is a valid reason for concern. South Korea is the next country on the list to do exactly that, which is a potential problem. Considering how South Korean cryptocurrency exchanges are driving much of the trading volume right now, additional regulation could upset the balance. As of right now, local financial regulators wish to tighten the existing regulation across the country.”
Dragonfly hackers gained operational access to European, US power companies
Zeljka Zorz
https://www.helpnetsecurity.com/2017/09/07/operational-access-european-us-power-companies/
Excerpt:
“The Dragonfly hacking group is back – or should we say it probably never went away – and is still interested in penetrating the networks of European and US companies in the energy sector.”
Insider threats and ransomware are most feared, followed by DDoS attacks
https://www.helpnetsecurity.com/2017/09/08/insider-threat-ransomware-ddos-fear/
Excerpt:
“A new SANS survey found that ransomware, insider threats and denial of service are considered the top three threats organizations face when it comes to securing sensitive data.”
13% of SMBs have experienced an IoT-based attack
https://www.helpnetsecurity.com/2017/09/08/smb-iot-based-attack/
Excerpt:
“One in four companies have already experienced a ransomware attack and one in eight have dealt with an IoT-based attack, according to Arctic Wolf Networks.”
SynAck Ransomware Sees Huge Spike in Activity
Catalin Cimpanu
https://www.bleepingcomputer.com/news/security/synack-ransomware-sees-huge-spike-in-activity/
Excerpt:
“Over the past two days, there was an increase in activity from a relatively unknown ransomware strain named SynAck, according to victims who sought assistance in the Bleeping Computer ransomware support forums and from submissions to the ID-Ransomware service.”
European court says workplace surveillance must not violate workers’ privacy
Zeljka Zorz
https://www.helpnetsecurity.com/2017/09/06/workplace-surveillance-privacy/
Excerpt:
“European companies must strike a fair balance between workplace surveillance and their employees’ right to privacy, the European Court of Human Rights (ECHR) has ruled.”
Skilled security staff are hard to find, security teams need to be creative
https://www.helpnetsecurity.com/2017/09/07/skilled-security-staff/
Excerpt:
“A study conducted in July by Dimensional Research examined how organizations are addressing the cybersecurity skills gap. Study respondents included 315 IT security professionals at U.S.-based companies with more than 100 employees.”
VPN Reseller in China Sentenced to 9 Months in Jail
JP Buntinx
https://themerkle.com/vpn-reseller-in-china-sentenced-to-9-months-in-jail/
Excerpt:
“Most people are well aware that the Chinese government does not like freedom of speech all that much. The government has no intention of providing access to most online sources of information either. The Great Firewall of China has been subject to plenty of scrutiny over the years. One way to bypass this problem is using a VPN. However, one person selling VPNs to evade the country’s blockade recently got jailed for his actions.”
Taringa Data Breach, over 28 Million users affected
Pierluigi Paganini
http://securityaffairs.co/wordpress/62704/data-breach/taringa-data-breach.html
Excerpt:
“Taringa, also known as ‘The Latin American Reddit’, is a popular social network used by netizens in Latin America to create and share thousands of posts every day on general interest topics.”
Chinese cryptocurrency crackdown
Shane Curtis
https://www.welivesecurity.com/2017/09/05/chinese-cryptocurrency-crackdown/
Excerpt:
“China banned the raising of funds using token-based digital currencies and deemed the practice illegal on Monday, in a move seen as an attempt to impose more regulations on the virtual market.”
Hackers stole contact info of 6 million Instagram users and are selling it online
Zeljka Zorz
https://www.helpnetsecurity.com/2017/09/05/instagram-users-contact-info-stolen/
Excerpt:
“Last week, Instagram pushed out a patch for a bug in the service’s API that allowed attackers to discover users’ email address and/or phone number.”
US Government Site Was Hosting Ransomware
Michael Mimoso
https://threatpost.com/us-government-site-removes-link-to-cerber-ransomware-downloader/127767/
Excerpt:
“As recently as Wednesday afternoon, a U.S. government website was hosting a malicious JavaScript downloader that led victims to installations of Cerber ransomware.”
Cancer Treatment Center Notifies 19K Patients of Ransomware Attack
David Bisson
https://www.tripwire.com/state-of-security/latest-security-news/cancer-treatment-center-notifies-19k-patients-ransomware-attack/
Excerpt:
“A cancer treatment center has notified more than 19,000 patients of a ransomware attack that might have affected their personal and medical information.”
Locky ransomware returns with new tricks up its sleeve
Zeljka Zorz
https://www.helpnetsecurity.com/2017/09/01/locky-returns-new-tricks/
Excerpt:
“Locky ransomware is back, again, delivered with the help of new tricks to fool users and anti-malware defenses.”
Canadian university scammed out of $11.8 million
Zeljka Zorz
https://www.helpnetsecurity.com/2017/09/01/university-scam/
Excerpt:
“MacEwan University in Edmonton, Alberta, is the latest confirmed victim of scammers.”
WikiLeaks hack reveals effectiveness of crude attacks
https://www.v3.co.uk/v3-uk/news/3016484/wikileaks-hack-reveals-effectiveness-of-crude
Excerpt:
“WikiLeaks suffered a cyber-attack this morning from white hat collective OurMine, which posted a message on the site's homepage saying, "It's OurMine (security group). Don't worry we are just testing your... blablalblab oh wait, this is not a security test! WikiLeaks remember when you challenged us to hack you?”
Stealthy backdoor used to spy on diplomats across Europe
Zeljka Zorz
https://www.helpnetsecurity.com/2017/08/31/backdoor-spy-diplomats-europe/
Excerpt:
“A new, sophisticated backdoor Trojan has been used to spy on targets in embassies and consulates across Southeastern Europe and former Soviet Union republics.”
 
Read full article