Tag Archives: ransomware

Security Never Sleeps- HBO Social Hack, Security Spending

HBO social media hacked in latest cyber security breach

“Facebook and Twitter accounts breached”

HBO has had two of its social platforms hacked in the latest cyber attack against the entertainment firm. OurMine, a hacker group, seems to have taken control of the main account posting messages such as “OurMine are here. we are just testing your security”. This is just the latest in many attacks on HBO, with notable recent incidents resulting in the leak of popular show Game of Thrones scripts and other company data.

Gartner Predicts Information Security Spending To Reach $93 Billion In 2018

“Security concerns grow with malware rise”

It seems that anyone who has anything to do with tech has probably had an endless stream of malware scares hitting their news feed seemingly daily. Data breaches, ransomware, Trojan’s, and much more are on the rise, prompting a big increase in security spending. Gartner released a report this week that predicts over $86.4 billion in information security spending, a 7% increase over last year. Further, the following year it will likely grow to $93 billion by the next year given current trends.

70% of DevOps Pros Say They Didn’t Get Proper Security Training in College

“Mostly on the job security processes”

A new Veracode survey shows that most DevOps pros don’t get adequate security training in their academic institutions. The vast majority of the respondents, about 70% of the 400 total, feel that their college did not prepare them to be successful, and 65% learned most relevant skills while they were on the job.

The data breach blame game

“UK business cyber threat is growing steadily”

Ever since the National Cyber Security Centre opened in February the UK has been hit by 188 high level attacks, and there were many other low level attacks that are difficult to quantify. This was big enough to bring in the NCSC.

Public outcry searching for answers leads many to impromptu blame and quick answers, while the truth is often much too complicated for such solutions. Certainly security systems must improve for business, and regulation will accompany this.

‘Indefensible’ hack could leave modern cars vulnerable to critical cybersecurity attack

“Advances necessary for safe systems”

A connect car hack has recently revealed that the systems is currently “indefensible by modern car security technology.” These vulnerabilities can put large numbers of consumers at considerable risk. Traditionally these attacks focus on specific models or makes of cars, such as the Jeep hack in 2015, while this threat target the controller area network. Trend Micro’s Forward-looking Threat Research team discovered the hack, and first posted the information on Wednesday in their blog.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 197

Ransomware can cost firms over $700,000; cloud computing may provide the protection they need

“Cybercrime costs are increasing”

A single ransomware incident can, on average, run a tab of over $713,000. About 21% of 200 SME businesses in the U.S. said they are completely ready to manage IT security and protect against threats. This number is dangerously small, but cloud computing may provide the security against the threats that many firms need.

The GDPR Deadline is Fast Approaching; How Enterprises are Readying Themselves

“Compliance needed by May 25, 2018”

Many organizations have dedicated countless hours for preparation for the European Union General Data Protection Regulation, but too many have just started taking steps to ensure compliance. The new regulations will have international consequences that must be addressed by firms who deal across borders, as the legislation has dire consequences for those who don’t comply.

WannaCry ‘Kill Switch’ Creator Arrested in Vegas

“Marcus Hutchins indicted for Kronos malware”

Federal authorities have nabbed user MalwareTech, aka Marcus Hutchins, for the creation and distribution of the Kronos banking Trojan. In an unsuspected move, authorities arrested Hutchins after his role as the researcher who stopped the expansion of the WannaCry ransomware earlier this year. WannaCry was deemed an extremely high risk malware, spanning over 150 countries in just a matter of days.

How do you predict cyber attacks? Listen to your Cassandras

“Proprietary data collection and intellectual property need protection”

Bad actors targeting vital institutions that had previously been sacrosanct have become harder to detect. The damages inflicted in many cases have dealt virtually fatal blows to corporate finance and organizational operations.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 196

WILL THE REAL SECURITY COMMUNITY PLEASE STAND UP

“Black Hat 2017 a vocab lesson”

Black Hat 2017 emphasized the importance of vocabulary, and it turns out that yes, words matter. Words such as nihilism, empathy and inclusion have to matter, because current advances matter so much.

Android users: beware ‘Invisible Man’ malware disguised as Flash

“Keylogging steals financial records”

Android users have yet another malware program to watch for. A keylogging malicious software that disguises itself as a Flash update and targets financial data. Needless to say, criminals in possession of your credentials will happily suck your bank accounts dry.

Be on the lookout for fileless malware, warns Trend Micro

“Infosec pros warn of illusive malware”

Security experts have been dealing with many new incoming malware programs, but cybercriminals continue to find new issues that pop up on networks every day in an effort to avoid better detection programs. Fileless malware is the latest in this campaign, which is designed to evade sandbox defenses looking for signatures. TendMicro has detected many examples of this.

Hackers have cashed out on $143,000 of bitcoin from the massive WannaCry ransomware attack

“Online wallets breached”

During the WannaCry ransomware attackshackers were able to withdraw about 52.2 bitcoins, or about $143,000, from online cryptowallets. The withdrawals were concerned by Elliptic, and highlights general security concerns over online currencies.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 195

New Bill Seeks Basic IoT Security Standards

“Baseline security standards for broad range of devices”

U.S. Senate legislators are working to create minimum regulations to ensure internet connected devices such as cameras,routers, and computers. The standards will also enforce holes in current cybercrime laws and was developed in direct response to the series of massive 2016 attacks using IoT devices, like the October and November Mirai attacks that put down many high profile websites for the better part of the day.

Study: Majority of retailers feel ‘vulnerable’ to a data breach

“Attacks decline, but business concern is up”

Security analyst firm 451 Research has recently released the “2017 Thales Data Threat Report, Retail Edition,” which has indicated a growing consensus among retailers that their payment systems are vulnerable to hackers. The study is based on survey answers from over 1100 senior executives globally. 52% of the companies have experienced a breach in the past, 88% fear they are vulnerable, and 19% feel ‘very’ or ‘extremely’ vulnerable.

One in three SMEs in Singapore hit by ransomware

“Nearly one fifth had to shut down businesses”

Over one third of SME’s in Singapore were attacked by ransomware attacks in 2016, and anout 20% of these had to close their doors as a result. 61% of the Singapore SME’s also had to shut down for over nine hours, about one business day, shutting down operations.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 193

Hackers are making their malware more powerful by copying WannaCry and Petya ransomware tricks

“Hackers learn from effective programs”

Cybercriminals have been taking note of the effectiveness recent ransomware outbreaks. Recent Trojan’s have equipped aspects of these malwares with a worm propogation model that helps it spread.

Plastic Surgery Associates Announces Data Breach

“Some patients open to hackers”

Plastic Surgery Associates of South Dakota has announced a data breach that has left patients in the Sioux Falls, Dakota Dunes, Yanktown, Mitchell, Watertown, and Spencer locations. In a recent statement, the firm revealed it learned of the attack in February and has hired third party experts to determine what data was specifically accessed.

Two Swedish officials resign over data breach fallout

“Transport agency incident cited”

Two senior officials from the Swedish government have resigned due to the embarrassing data breach incident last week that exposed citizens sensitive data. Home affairs minister Anders Ygeman and infrastructure minister Anna Johansson have resigned over the scandal.

10Fold- Security Never Sleeps- 190

Sweden Accidentally Leaks Personal Details of Nearly All Citizens

“Swedish Transport Agency breached”

Virtually all Swedish citizens personal vehicle details may have been leaked due to a mishandling of an outsourcing  deal with IBM. Swedish media reports that this breach extends to private vehicles and even police and military transportation as well.

Wells Fargo Gets Regulatory Questions After Data Breach

“Release of client details prompts questions”

Wells Fargo, despite already being a target of regulatory scrutiny from last years fake account scandal, has drawn even more attention to itself after a new leak. A lawyer working for the firm has released sensitive client data for tens of thousands of accounts, mostly of wealthy clients in the brokerage unit.

Second Major Ethereum Hack In a Week Leads to $34 Million Theft

“Popularity met with skepticism of security”

Cryptocurrencies like Ethereum and BitCoin have been rising fast in popular use, however many investors remain cautious due to concerns over vulnerabilities. Ethereum is not doing much to ease doubters, being majorly hacked for the second time in a single week.

Cybercriminals Kept Botnet That Infected 500,000 Computers Hidden For Five Years

“Stantinko is new creeping botnet”

The Mirai botnet and ransomware programs like WannaCry and Petya have often caught our attention, but have you heard of Stantinko? It’s been able to stealthily execute its criminal mission for over five years without attracting much, or perhaps any, media attention.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 186

SambaCry Vulnerability Used to Deploy Backdoors on NAS Devices

“Running on older versions of the Samba file-sharing server”

An unknown entity is using the SambaCry security vulnerability to install a backdoor Trojan on Linux devices. According to TrendMicro, most of the attacks are tied to NAS devices which ship with the Samba server that provides file-sharing interoperability between different operating systems.

Millions of IoT Devices Possibly Affected by ‘Devil’s Ivy’ Flaw

“Could affect millions of IoT devices”

Researchers have dubbed a new security flaw that could affect many devices as “Devils Ivy.” The stack-based overflow was discovered by IoT security startup Senrio in a camera from Axis Communications.

These 10 US states have the highest rate of malware infections in the country

“Does location have a correlation to malware attacks?”

A new look at over 1 million malware infections from Enigma Software Group has found significant across all states in the U.S. New Hampshire seems to be the most at risk, with infection rates around 200% higher than than the national average.

Enjoy your read? Check out our other content here.

My First Trendjack Experience at 10Fold

As a new addition to the 10Fold team, as well as being new to the cybersecurity practice in general, it has been important for me to monitor the news on a daily basis in order to get familiar with trending topics and identify what it is my clients can speak to with authority. Although many stories have caught my eye in the last two months since I started these daily news sweeps, the NotPetya cyber attack stood out to me above all others.  

Peyta/NotPetya/ExPetr/GoldenEye is an ongoing cyberattack that started Tuesday, June 26. It began with a cyberattack in Kiev, Ukraine, where this malware went on to hit around 2,000 computer systems, specifically targeting computers running the Microsoft Windows Operating system. While many people originally believed it to be a form of ransomware similar to the recent ‘Petya’ attacks, this malicious software has been categorized as a  “wiper.” It’s designed to cause mayhem and wipe computers – and is not actually ransomware – which is why this ongoing attack has adopted so many names. It’s similar, but also different in a lot of ways.

Although there were corporations and public sector agencies affected in more than 65 countries all over the world, Ukraine and Russia were hit the hardest, including Ukraine government ministries, banks, utilities, telecom operators, an airport and other major companies. Also attacked were Russian oil giant Rosneft and Russian web security firm group-IB. Computers at the Chernobyl nuclear plant were compromised as well, forcing workers to manually monitor radiation levels, which have their own inherent security and safety challenges. Others hit include companies in the UK, Germany, China and U.S., British advertising giant WWp, French Industrial group Saint-Gobain, Shipping giant A.P. Moller-Maersk, Cadbury, pharmaceutical companies, hospitals and many more.

What was interesting about Petya was that after encrypting files on the PC, it demanded $300 worth of Bitcoin Cryptocurrency in order to supposedly unlock them. It turned out that as the story evolved, the ransomware was later categorized as a wiper, as previously stated, and the computer’s’ files were completely destroyed. Some security experts claim that this attack is more harmful than WannaCry, because rather than spreading only via a weakness in Windows’ SMB, the NotPetya malware can also spread by finding passwords on the infected computer to move from system to system. It extracts passwords from memory and local filesystem. Once inside a corporate network, it works its way from computer to computer, destroying the infected machines’ filesystems.

There has yet to be a solid explanation on the attackers’ motive and what they were after. Researching the attack, NATO said it was likely launched by a state actor or by a non-state actor with support and approval from a nation state since the operation was extremely complex and likely very expensive. The Russian government has been suspected as a possible origin for NotPetya. The latest rumors suggested that it spread by accident by a Ukrainian tax software company, named MeDoc.

NotPetya is continually evolving and more information is exposed every day. As one of the more significant organized attacks in 2017, it should bring awareness to the fact that many are unprotected. Even though large-scale attacks like this are not new, they are important to watch because each time around they are getting stronger and more sophisticated.   

It will be fun keeping an eye on more of these trends as they pop up. The next one I’ll dive into is the recent disclosures of public cloud leaks from organizations using the popular AWS services!

By Kory Buckley

Enjoy your read? Read our other blog content here.

 

 

Sources:

http://spectrum.ieee.org/tech-talk/computing/it/notpetya-latest-ransomware-is-a-warning-note-from-the-future

https://www.reuters.com/article/us-cyber-attack-ukraine-backdoor-idUSKBN19Q14P

http://www.darkreading.com/attacks-breaches/petya-or-not-global-ransomware-outbreak-hits-europes-industrial-sector-thousands-more/d/d-id/1329231

https://www.theverge.com/2017/7/2/15910826/nato-response-petya-attack-state-actor-russia-ukraine

http://www.csoonline.com/article/3204547/security/petya-wannacry-and-mirai-is-this-the-new-normal.html

https://www.forbes.com/sites/thomasbrewster/2017/07/05/notpetya-hackers-demand-256000-in-bitcoin-to-cure-ransomware-victims/#5f709ac86cf9

10Fold-Security Never Sleeps- 185

Dow Jones is the latest company to expose customer records on a cloud server

“2.2 million records left unsecured”

DowJones & Co. are the latest in a sequence of large firms to leave massive amounts of private customer data on unsecured cloud servers. Similar to the Verizon error recently, Dow Jones consumer data was found publicly in an Amazon Web Service S3 bucket discovered by Chris Guard of UpGuard Inc.

GhostCtrl malware silently haunts Android users, hijacking functionality

“Versatile remote access Trojan growing in infection”

Researchers have found GhostCtrl, a highly adaptable trojan malware that steals sensitive information and is capable of performing ransomware attacks. The backdoor is part of a massive campaign that involves RETADUP.A, according to Trend Micro.

A Single Extreme Cyberattack Could Cost the U.S. More than Hurricane Katrina

“U.S. Economy incredibly vulnerable”

An increase in global ransomware attacks has prompted Lloyds of London to publish a report on the state of danger that the U.S. faces in regards to cybersecurity. Published with Cyence, the report speculates that the U.S. stands to lose as much as $121.4 billion.

The best of Black Hat: The consequential, the controversial, the canceled

“Review of the acclaimed conference”

Black Hat has gained a reputation over two decades as a conference that demonstrates much of the cutting-edge research in information security and industry trends that began in Las Vegas and has extended to annual events globally. This year, the event also had its share of controversy stemming from last minute cancellations.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 182

The 15 biggest data breaches of the 21st century

“Highlights need for infosec upgrades”

Data breaches are, unfortunately, daily occurrences that end up exposing millions to undue risk. CSO have compiled a list of the 15 biggest breaches of this century, with criteria that includes damage to companies, insurers, and customer account holders. In many cases, passwords and other information were protected via encryption so a password reset eliminated.

New Malware Threatens to Send Users’ Pictures, Internet History and Messages to Friends

“LeakerLocker threatens privacy”

A new type of malware that can access and distribute pictures, browsing history and messages in a users device. The program, LeakerLocker, can be downloaded inadvertently through applications on Google Play, and will lock your phones screen and then claims your sensitive information has been stored.

Hospitals to receive £21m to increase cybersecurity at major trauma centres

“Huge beefing up of infosec”

Hospitals that treat patients for major incidents will receive over £21m for cybersecurity upgrades in the wake of the WannaCry ransomware attacks on NHS IT systems. Helath Secretary Jeremy Hunt pledged the funds in an attempt to shield the healthcare sector from the disruptions of malware events in the future.

Cyber security industry believes GDPR is stifling innovation

“Looked skeptically upon by the community”

A recent poll of Infosecurity Europe 2017 attendees showed that almost half think that the EU General Data Protection Regulation is stifling innovation by making companies nervous about cloud services. There are several concerns respondents named as issues with the regulations, including the perceived inability to find and/or report a data breach within 72 hours.

Enjoy your read? Check out our other content here.