A lot happens in the security world, some big and some small, and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot ThreatBrief, highlighting 5 major security news stories of the week.

Kiev Airport Cyber Attack

In recent weeks, Ukraine’s infrastructure has been under attack by Russian hacktivists, with Kiev’s main airport as the primary focus of the latest attack. It would seem that the BlackEnergy malware platform was in use, once again, to gain access to several computers on the airport’s network, including access to air traffic control systems. Ukrainian authorities are still unsure if the Russian government is involved, as this string of attacks comes at a volatile time for both countries.

Read More: http://www.reuters.com/article/us-ukraine-cybersecurity-malware-idUSKCN0UW0R0

British Banks Fighting Malware Improvements

With over a dozen British banks being targetted by the persistent banking trojan, known as Dridex, it’s latest update is capable of altering crucial DNS settings. By changing these settings, it directs the unknowing user to a fake banking website, which allows sensitive information to be gathered and sent off to a command-and-control server for verification. Dridex is most commonly transmitted using macro-enabled MS Office documents sent as attachments via email.

Read More: http://www.csoonline.com/article/3024323/security/dridex-banking-malware-adds-a-new-trick.html#tk.rss_news

Top US Cities Hit With Malware in 2015

In the past week, a study revealed the cities in the US that were the most common targets for malware attacks in 2015; the highest being Little Rock, Tampa, St. Louis, Orlando, and Denver. Each of the top five cities had rates over 650% of the national average, with Little Rock reaching 1,412% above. While it is unclear whether geographical location has any effect, the New England region was not present in the top 20 regions listed.

Read More: http://www.networkworld.com/article/3023432/malware-cybercrime/little-rock-tampa-and-st-louis-hardest-hit-by-malware-among-us-cities-study-finds.html

Encryption Still Major Issue for Companies

Encryption issues have plagued companies and customers alike for many years, and there are no signs of it slowing, as many companies still refuse to implement it on a widescale. This comes as no surprise as nearly two-thirds of companies only use encryption for “proprietary company data”, while most companies cite “employee data” as their reason for implementing encryption at all, it seems to be often pushed aside or forgotten.

Read More: https://nakedsecurity.sophos.com/2016/01/19/survey-shows-many-businesses-arent-encrypting-private-employee-data/

Apple Corrects Cookie Theft Bug

It was noted recently that a bug found in Apple’s iOS that allowed for unauthorized access to unencrypted website cookies has been resolved with the release of iOS 9.2.1. The bug itself could allow attackers to impersonate unsuspecting users on their commonly browsed sites, and allow for a malicious javascript payload to execute on subsequent site visits.

Read More: http://arstechnica.com/security/2016/01/ios-cookie-theft-bug-allowed-hackers-to-impersonate-users/

Connor Madsen

About the Author

Connor Madsen

Threat Research Analyst

As a Threat Research Analyst, Connor is tasked with discovering and identifying new malware variants, as well as testing current samples to ensure efficacy. Don’t miss the latest security news from around the world in his weekly Cyber News Rundown blog.

Share This