Saturday, July 11

Malware Ransomware

Cyber Security, Malware Ransomware

When Security Takes a Backseat to Productivity

“We must care as much about securing our systems as we care about running them if we are to make the necessary revolutionary change.” -CIA’s Wikileaks Task Force. So ends a key section of a report the U.S. Central Intelligence Agency produced in the wake of a mammoth data breach in 2016 that led to Wikileaks publishing thousands of classified documents stolen from the agency’s offensive cyber operations division. The analysis highlights a shocking series of security failures at one of the world’s most secretive entities, but the underlying weaknesses that gave rise to the breach also unfortunately are all too common in many organizations today. The CIA produced the report in October 2017, roughly seven months after Wikileaks began publishing Vault 7 — reams of classified data...
Turn on MFA Before Crooks Do It For You
Children Teens, Cyber Security, Malware Ransomware, Parents Family

Turn on MFA Before Crooks Do It For You

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Here’s the story of one such incident. As a career chief privacy officer for different organizations, Dennis Dayman has tried to instill in his twin boys the importance of securing their online identities against account takeovers. Both are avid gamers on Microsoft’s Xbox platform, and for years their father managed their accounts via his own Microsoft ac...
Russian Cybercrime Boss Burkov Gets 9 Years
Cyber Security, Malware Ransomware

Russian Cybercrime Boss Burkov Gets 9 Years

A well-connected Russian hacker once described as “an asset of supreme importance” to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks. Alexei Burkov, seated second from right, attends a hearing in Jerusalem in 2015. Photo: Andrei Shirokov / Tass via Getty Images. Aleksei Burkov of St. Petersburg, Russia admitted to running CardPlanet, a site that sold more than 150,000 stolen credit card accounts, and to being a founder of DirectConnection — a closely guarded underground community that attracted some of the world’s most-wanted Russian hackers. As KrebsOnSecurity not...
COVID-19 ‘Breach Bubble’ Waiting to Pop?
Cyber Security, Free, How-to Tips, Malware Ransomware, Virus

COVID-19 ‘Breach Bubble’ Waiting to Pop?

The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse. The economic laws of supply and demand hold just as true in the business world as they do in the cybercrime space. Global lockdowns from COVID-19 have resulted in far fewer fraudsters willing or able to visit retail stores to use their counterfeit cards, and the decreased demand has severely depressed prices in the underground for purloined card data. An ad for a site sell...
Ransomware Gangs Don’t Need PR Help
Cyber Security, Malware Ransomware

Ransomware Gangs Don’t Need PR Help

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime. Often the rationale behind couching these events as newsworthy is that the attacks involve publicly traded companies or recognizable brands, and that investors and the public have a right to know. But absent any additional information from the victim company or their partners who may be affected by the attack, these kinds of stories and blog posts look a great deal like ambulance chasing and sensationalism. Currently, more than a dozen ransomware crime ga...
Microsoft issues critical fixes for booby-trapped images – update now!
Cyber Security, Malware Ransomware

Microsoft issues critical fixes for booby-trapped images – update now!

Microsoft has just released emergency patches for two critical security holes in the Windows Codecs Library. We all know what Windows means. But what is a Codecs Library, and why are bugs in it such as a big deal that they need to be updated without waiting for the next Patch Tuesday to come round? Well, codec is short for encoder-decoder, and it’s the jargon term for the sort of software that takes data of some sort – notably the raw data that represents the pixels in a video or the sound in an audio file – and reworks it so it can be sent and received easily. The co- part of a codec takes something like a raw image, consisting of rows and rows of colour pixels, and wraps it up in a format such as JPG or PNG so it can saved into a file for downloading or streaming. The -dec part doe...
Facebook hoaxes back in the spotlight – what to tell your friends
Cyber Security, Free, How-to Tips, Malware Ransomware

Facebook hoaxes back in the spotlight – what to tell your friends

At the risk of giving you a feeling of déjà vu all over again… …it’s time to talk about Facebook hoaxes once more. Looking at the Naked Security articles that people have not only searched for but also read in large numbers over the past few days tells us that we’re in what you might call a “market uptick” for hoaxes at the moment. The top two resurgent hoaxes in the past week have been the Instant bank fraud “warning” and the How to post to more than 25 friends “advice”. Loosely speaking, most Facebook hoaxes – by which we really mean “posts that get shared virally despite being useless and inaccurate, yet that aren’t actually scams or phishing tricks” – take one of three forms: Warnings to watch out for something supposedly dangerous that isn’t going to happen, and wouldn’t be part...
The inside story of the Maersk NotPetya ransomware attack, from someone who was there
Cyber Security, Malware Ransomware

The inside story of the Maersk NotPetya ransomware attack, from someone who was there

The shipping conglomerate Maersk, hit by the NotPetya ransomware in June 2017, estimated that it cost them as much as $300 million in lost revenue.Gavin Ashton was an IT security guy working at Maersk at the time of the attack. He’s now written an in-depth article about what happened.I want to help protect other folks from making these same mistakes, because there’s a lot of what seems to be defeatist wisdom out there; Yes, it is inevitable that you will be attacked. It is inevitable that one day, one will get through. And obviously, you should have a solid contingency plan in place in case of the worst. But that’s not to say you don’t attempt to put up a damn good fight to stop these attacks in the first case. Just because you know the bad actors are coming, doesn’t mean you leave your...
Try2Cry ransomware implements wormable capability to infect other Windows systems
Cyber Security, Free, Malware Ransomware, Virus

Try2Cry ransomware implements wormable capability to infect other Windows systems

A new piece of ransomware dubbed Try2Cry leverages infected USB flash drives and Windows shortcuts (LNK files) to infect other Windows systems. A new ransomware dubbed Try2Cry implements wormable capabilities to infect other Windows systems by using USB flash drives or Windows shortcuts (LNK files). The Try2Cry ransomware was discovered by the malware researcher Karsten Hahn while analyzing an unidentified malware sample. The expert was testing detection signatures of the company product, when one of them written to check for a USB worm component implemented in some variants of .NET based RATs triggered an alert. The expert discovered an unidentified .NET ransomware that seemed familiar to hit. Hann wrote Yara rules to find other samples uploaded t...
Snake Ransomware isolates infected Systems before encrypting files
Cyber Security, Free, Health, Malware Ransomware, Sex Education, STD HIV, Virus

Snake Ransomware isolates infected Systems before encrypting files

Experts spotted recent samples of the Snake ransomware that were isolating the infected systems while encrypting files to avoid interference. Experts from cybersecurity firm Deep Instinct recently spotted some sample of the Snake ransomware (also known as EKANS) were observed isolating the infected systems to encrypt files without interference In January experts observed a new wave of attacks that targeted organizations worldwide, experts from SentinelOne also discovered Snake Ransomware that was targeting processes and files associated with industrial control systems (ICS). The activity of the gang was relatively quiet during the COVID-19 outbreak since May 4, when the ransomware operators launched a massive campaign that targeted organizations worldw...