Tag Archives: WannaCry

10Fold- Security Never Sleeps- 197

Ransomware can cost firms over $700,000; cloud computing may provide the protection they need

“Cybercrime costs are increasing”

A single ransomware incident can, on average, run a tab of over $713,000. About 21% of 200 SME businesses in the U.S. said they are completely ready to manage IT security and protect against threats. This number is dangerously small, but cloud computing may provide the security against the threats that many firms need.

The GDPR Deadline is Fast Approaching; How Enterprises are Readying Themselves

“Compliance needed by May 25, 2018”

Many organizations have dedicated countless hours for preparation for the European Union General Data Protection Regulation, but too many have just started taking steps to ensure compliance. The new regulations will have international consequences that must be addressed by firms who deal across borders, as the legislation has dire consequences for those who don’t comply.

WannaCry ‘Kill Switch’ Creator Arrested in Vegas

“Marcus Hutchins indicted for Kronos malware”

Federal authorities have nabbed user MalwareTech, aka Marcus Hutchins, for the creation and distribution of the Kronos banking Trojan. In an unsuspected move, authorities arrested Hutchins after his role as the researcher who stopped the expansion of the WannaCry ransomware earlier this year. WannaCry was deemed an extremely high risk malware, spanning over 150 countries in just a matter of days.

How do you predict cyber attacks? Listen to your Cassandras

“Proprietary data collection and intellectual property need protection”

Bad actors targeting vital institutions that had previously been sacrosanct have become harder to detect. The damages inflicted in many cases have dealt virtually fatal blows to corporate finance and organizational operations.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 196

WILL THE REAL SECURITY COMMUNITY PLEASE STAND UP

“Black Hat 2017 a vocab lesson”

Black Hat 2017 emphasized the importance of vocabulary, and it turns out that yes, words matter. Words such as nihilism, empathy and inclusion have to matter, because current advances matter so much.

Android users: beware ‘Invisible Man’ malware disguised as Flash

“Keylogging steals financial records”

Android users have yet another malware program to watch for. A keylogging malicious software that disguises itself as a Flash update and targets financial data. Needless to say, criminals in possession of your credentials will happily suck your bank accounts dry.

Be on the lookout for fileless malware, warns Trend Micro

“Infosec pros warn of illusive malware”

Security experts have been dealing with many new incoming malware programs, but cybercriminals continue to find new issues that pop up on networks every day in an effort to avoid better detection programs. Fileless malware is the latest in this campaign, which is designed to evade sandbox defenses looking for signatures. TendMicro has detected many examples of this.

Hackers have cashed out on $143,000 of bitcoin from the massive WannaCry ransomware attack

“Online wallets breached”

During the WannaCry ransomware attackshackers were able to withdraw about 52.2 bitcoins, or about $143,000, from online cryptowallets. The withdrawals were concerned by Elliptic, and highlights general security concerns over online currencies.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 193

Hackers are making their malware more powerful by copying WannaCry and Petya ransomware tricks

“Hackers learn from effective programs”

Cybercriminals have been taking note of the effectiveness recent ransomware outbreaks. Recent Trojan’s have equipped aspects of these malwares with a worm propogation model that helps it spread.

Plastic Surgery Associates Announces Data Breach

“Some patients open to hackers”

Plastic Surgery Associates of South Dakota has announced a data breach that has left patients in the Sioux Falls, Dakota Dunes, Yanktown, Mitchell, Watertown, and Spencer locations. In a recent statement, the firm revealed it learned of the attack in February and has hired third party experts to determine what data was specifically accessed.

Two Swedish officials resign over data breach fallout

“Transport agency incident cited”

Two senior officials from the Swedish government have resigned due to the embarrassing data breach incident last week that exposed citizens sensitive data. Home affairs minister Anders Ygeman and infrastructure minister Anna Johansson have resigned over the scandal.

10Fold- Security Never Sleeps- 190

Sweden Accidentally Leaks Personal Details of Nearly All Citizens

“Swedish Transport Agency breached”

Virtually all Swedish citizens personal vehicle details may have been leaked due to a mishandling of an outsourcing  deal with IBM. Swedish media reports that this breach extends to private vehicles and even police and military transportation as well.

Wells Fargo Gets Regulatory Questions After Data Breach

“Release of client details prompts questions”

Wells Fargo, despite already being a target of regulatory scrutiny from last years fake account scandal, has drawn even more attention to itself after a new leak. A lawyer working for the firm has released sensitive client data for tens of thousands of accounts, mostly of wealthy clients in the brokerage unit.

Second Major Ethereum Hack In a Week Leads to $34 Million Theft

“Popularity met with skepticism of security”

Cryptocurrencies like Ethereum and BitCoin have been rising fast in popular use, however many investors remain cautious due to concerns over vulnerabilities. Ethereum is not doing much to ease doubters, being majorly hacked for the second time in a single week.

Cybercriminals Kept Botnet That Infected 500,000 Computers Hidden For Five Years

“Stantinko is new creeping botnet”

The Mirai botnet and ransomware programs like WannaCry and Petya have often caught our attention, but have you heard of Stantinko? It’s been able to stealthily execute its criminal mission for over five years without attracting much, or perhaps any, media attention.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 187

Undetected For Years, Stantinko Malware Infected Half a Million Systems

“Massive botnet remained under the radar for five years”

Half a millions devices have been infected by a rogue botnet, dubbed Stantinko. ESET researchers warn that affected systems can “execute anything on the infected host.” The malware has powered a huge adware campaign since at least 2012, largely targeting Russia and Ukraine, but remained hidden via code encryption until now.

Network Spreading Capabilities Added to Emotet Trojan

“Emotet Trojan spreads malware on internal networks”

Fidelis Cybersecurity researchers have identified a new variant of the Emotet Trojan that can distribute malicious programs on internal systems. Recent WannaCry and NotPetya incidents have shown us just how efficient and costly these attacks can be if they spread, increasing concerns among security researchers on greater prevalence in the future.

US Banks Targeted with Trickbot Trojan

“Necurs spreads to financial institutions”

New Emotet banking Trojan signals increasingly complex attacks on the finance industry. An official blog post had subsequently confirmed that a ‘security alert is ongoing related to the discovery, the effects of which are continuing.

Healthcare Industry Lacks Awareness of IoT Threat, Survey Says

“Three quarters of IT decision makers report that they are ‘confident’ they’re secure”

Healthcare networks are filled with IoT devices, but a study has found that the majority of IT experts claim that security systems for many of these are not adequately protected despite many believing that they are.

Kansas data breach compromised millions of Social Security numbers In 10 States

“Over 5.5 million potentially compromised”

A breach of the Kansas Department of Commerce may have given hackers access to millions of social security numbers, putting the department on the hook for credit monitoring services for all victims. The SSN’s had not been previously reported. The Kansas News Services obtained the information through an open records request.

Enjoy your read? Check out our other content here.

My First Trendjack Experience at 10Fold

As a new addition to the 10Fold team, as well as being new to the cybersecurity practice in general, it has been important for me to monitor the news on a daily basis in order to get familiar with trending topics and identify what it is my clients can speak to with authority. Although many stories have caught my eye in the last two months since I started these daily news sweeps, the NotPetya cyber attack stood out to me above all others.  

Peyta/NotPetya/ExPetr/GoldenEye is an ongoing cyberattack that started Tuesday, June 26. It began with a cyberattack in Kiev, Ukraine, where this malware went on to hit around 2,000 computer systems, specifically targeting computers running the Microsoft Windows Operating system. While many people originally believed it to be a form of ransomware similar to the recent ‘Petya’ attacks, this malicious software has been categorized as a  “wiper.” It’s designed to cause mayhem and wipe computers – and is not actually ransomware – which is why this ongoing attack has adopted so many names. It’s similar, but also different in a lot of ways.

Although there were corporations and public sector agencies affected in more than 65 countries all over the world, Ukraine and Russia were hit the hardest, including Ukraine government ministries, banks, utilities, telecom operators, an airport and other major companies. Also attacked were Russian oil giant Rosneft and Russian web security firm group-IB. Computers at the Chernobyl nuclear plant were compromised as well, forcing workers to manually monitor radiation levels, which have their own inherent security and safety challenges. Others hit include companies in the UK, Germany, China and U.S., British advertising giant WWp, French Industrial group Saint-Gobain, Shipping giant A.P. Moller-Maersk, Cadbury, pharmaceutical companies, hospitals and many more.

What was interesting about Petya was that after encrypting files on the PC, it demanded $300 worth of Bitcoin Cryptocurrency in order to supposedly unlock them. It turned out that as the story evolved, the ransomware was later categorized as a wiper, as previously stated, and the computer’s’ files were completely destroyed. Some security experts claim that this attack is more harmful than WannaCry, because rather than spreading only via a weakness in Windows’ SMB, the NotPetya malware can also spread by finding passwords on the infected computer to move from system to system. It extracts passwords from memory and local filesystem. Once inside a corporate network, it works its way from computer to computer, destroying the infected machines’ filesystems.

There has yet to be a solid explanation on the attackers’ motive and what they were after. Researching the attack, NATO said it was likely launched by a state actor or by a non-state actor with support and approval from a nation state since the operation was extremely complex and likely very expensive. The Russian government has been suspected as a possible origin for NotPetya. The latest rumors suggested that it spread by accident by a Ukrainian tax software company, named MeDoc.

NotPetya is continually evolving and more information is exposed every day. As one of the more significant organized attacks in 2017, it should bring awareness to the fact that many are unprotected. Even though large-scale attacks like this are not new, they are important to watch because each time around they are getting stronger and more sophisticated.   

It will be fun keeping an eye on more of these trends as they pop up. The next one I’ll dive into is the recent disclosures of public cloud leaks from organizations using the popular AWS services!

By Kory Buckley

Enjoy your read? Read our other blog content here.

 

Sources:

http://spectrum.ieee.org/tech-talk/computing/it/notpetya-latest-ransomware-is-a-warning-note-from-the-future

https://www.reuters.com/article/us-cyber-attack-ukraine-backdoor-idUSKBN19Q14P

http://www.darkreading.com/attacks-breaches/petya-or-not-global-ransomware-outbreak-hits-europes-industrial-sector-thousands-more/d/d-id/1329231

https://www.theverge.com/2017/7/2/15910826/nato-response-petya-attack-state-actor-russia-ukraine

http://www.csoonline.com/article/3204547/security/petya-wannacry-and-mirai-is-this-the-new-normal.html

https://www.forbes.com/sites/thomasbrewster/2017/07/05/notpetya-hackers-demand-256000-in-bitcoin-to-cure-ransomware-victims/#5f709ac86cf9

10Fold- Security Never Sleeps- 182

The 15 biggest data breaches of the 21st century

“Highlights need for infosec upgrades”

Data breaches are, unfortunately, daily occurrences that end up exposing millions to undue risk. CSO have compiled a list of the 15 biggest breaches of this century, with criteria that includes damage to companies, insurers, and customer account holders. In many cases, passwords and other information were protected via encryption so a password reset eliminated.

New Malware Threatens to Send Users’ Pictures, Internet History and Messages to Friends

“LeakerLocker threatens privacy”

A new type of malware that can access and distribute pictures, browsing history and messages in a users device. The program, LeakerLocker, can be downloaded inadvertently through applications on Google Play, and will lock your phones screen and then claims your sensitive information has been stored.

Hospitals to receive £21m to increase cybersecurity at major trauma centres

“Huge beefing up of infosec”

Hospitals that treat patients for major incidents will receive over £21m for cybersecurity upgrades in the wake of the WannaCry ransomware attacks on NHS IT systems. Helath Secretary Jeremy Hunt pledged the funds in an attempt to shield the healthcare sector from the disruptions of malware events in the future.

Cyber security industry believes GDPR is stifling innovation

“Looked skeptically upon by the community”

A recent poll of Infosecurity Europe 2017 attendees showed that almost half think that the EU General Data Protection Regulation is stifling innovation by making companies nervous about cloud services. There are several concerns respondents named as issues with the regulations, including the perceived inability to find and/or report a data breach within 72 hours.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 179

‘NotPetya’ Hackers Demand $256,000 In Bitcoin To Cure Ransomware Victims

“One of biggest attacks leaves many with a big bill”

Some of the largest industrial firms were infected by the ‘NotPetya’ ransomware and those responsible are demanding 100 Bitcoin, or about $256,000, to decrypt the victims files. A post on Pastebin by an anonymous user said: “Send me 100 Bitcoins and you will get my private key to decrypt any harddisk (except boot disks).”

Fake WannaCry Ransomware Uses NotPetya’s Distribution System

“Distributed through the same channel”

The NotPetya malware was not the only bug to make its way through the M.E.Doc last week. A WannaCry variant that ended up being a fake, FakeCry, was delivered with the same mechanism. Kaspersky found that FakeCry was delivered to the M.E.Doc users on June 27th, the same day as the NotPetya spread. The security firm says that it was run as ed.exe by the parent process ezvit.exe, which led Kaspersky to believe that it utilizes the same delivery system as NotPetya.

Android Ransomware Mimics WannaCry

“WannaCry interface similarities in SLocker”

Windows systems were hit by a ransomware that had an interface mimicking the WannaCry malware last month. TrendMicro security researchers found that one of the first Android ransomware families to encrypt files in exchange for payment, Slocker, has had a major upgrade. SLocker has been seen before, but was offline for a while after the creator had been arrested just days after its initial release.

CopyCat malware infected 14 million outdated Android devices

“Fradulent ad revenue collected”

A new Android malware strain dubbed, CopyCat, has injected itself into over 14 million outdated devices globally. The malware hijacks applications to display fradulent ads, according to CheckPoint researchers. On Thursday, the security firm claimed that most victims were in Asia, but over 280,000 U.S. devices were also affected. Google was tracking the malicious software for the better part of two years, but third party app downloads, phishing attacks, and other avenues make the infection difficult to contain.

Enjoy your read? Check out our other blogs and content here.

10Fold- Security Never Sleeps- 167

New Jaff Ransomware Variant Emerges

“Another active threat detected”

As WannaCry headlines begin to die down, another variant of a detrimental ransomware has begun to make the rounds. Jaff, a necurs distributed botnet, uses a similar deliery system as Locky and WannaCry. This gives security researchers an insight into the threat actors who designed Locky and Dridex, who also launched the Bart ransomware that grew concerns last year.

Survey Shows Disparity in GDPR Preparedness and Concerns

“New regulation affects any firm that does business in EU”

The GDPR will take affect one year from toay, but there seems to be little readiness for firms to take on the necessities outlined in the legislation. Specifically, geographic differences are highlighted in a recent study that shows just how ill-prepared disparate nations are.

Newly discovered vulnerability raises fears of another WannaCry

“Tens of thousands of devices potentially open to attacks”

A recently found flaw in widely used networking programs have a new flaw that could leave users open to ransomware like WannaCry. The U.S. Department of Homeland Security announced the potential for harm on Wednesday, which is claimed to be able to take control of the compromised device entirely without a patch applied by the user and admisistrator.

 

10Fold- Security Never Sleeps- 166

Qatar Begins Probe After State News Agency Hacked

“Unprecedented security breach”

 On wednesday the government of Qatar began an investigation into a recent breach in which hackers posted fake news stories on controversial political issues in the country. The government sponsored news agency and official Twitter account in which the posts were published caused backlash throughout the Middle East.

Another Ransomware Nightmare Could Be Brewing in Ukraine

“New strains could hurt more than WannaCry”

XData, a new ransomware developing in the Ukraine, has renewed concerns of cyberattacks as the WannaCry outbreak has died down. The fact that the malware has attacked the Ukraine singularly has fostered questions oover motive, but the fears that spillover globally could develop frightens security researchers everywhere.

Hackers can use malicious subtitles to remotely take control of your device

“Take care in using subtitles on specific programs”

Use Kodi, Popcorn Time, VLC or Stremio? If you activate subtitles on these programs make sure to update the softare. Check Point researchers have shown that hackers can remotely activate certain sysytems on vulnerable devices, using this vector to gain access to about 200 million video players.

Microsoft to buy cyber security firm Hexadite for $100 million: report

“Firms provides automated responses to attacks”

Microsoft is set to acquire security firm Hexadite for a cool $100 million Calcalist reported on Wednesday. Headquartered in Boston, Massachusettes, Hexadite conducts its research and development operations in Israel.