Estée Lauder Leaves Massive Database Unprotected
Earlier this week researchers discovered an unsecured database containing over 440 million records belonging to Estee Lauder, a major make-up manufacturer. Though the company has confirmed that no customer data was stored in that database, they are still unsure on how long it was left exposed for and it did contain sensitive company information. Estée Lauder was able to properly secure the database on the same day the initial researcher contacted them.
SoundCloud Account Vulnerabilities Fixed
Researchers have contacted SoundCloud about vulnerabilities in their platform API that could allow attackers to illicitly access user accounts. While officials quickly resolved the security flaws, two additional API flaws had the potential to initiate DDoS attacks or create fraudulent song statistics by exploiting a specific set of track IDs. Attackers would have been able to exploit the user ID authentication to test previously leaked username/password combinations in hopes some victims were using the same credentials on multiple sites.
Danish Data Leak Exposes 1.3 Million Citizens
Over a period of five years from 2015 to 2020, a bug in the country’s tax systems has leaked sensitive ID numbers for nearly 1.3 million Danish citizens. The bug itself displayed the user’s ID number in the URL after the user made changes in their tax portal, which were then analyzed by both Google and Adobe. Fortunately, no additional tax or other personal information was divulged in the leak, which the government was quick to resolve.
Study Reveals Top Brands Used in Phishing Campaigns
After gathering data from nearly 600 million email boxes over the last year, researchers once again determined that PayPal was the most impersonated company for phishing attacks in 2019. The data also revealed that phishing campaigns disguised as PayPal were using an average of 124 unique URLs daily to propagate the malicious content. Many other top companies used in phishing campaigns in 2019 were financial institutions, as they are easy troves of consumer information.
Australia Debates Retention Period for Consumer Data
The Australian government has just begun debating changes to their current data retention period, which is currently two years (or significantly longer than any comparable nation’s policy). Storing data for that length of time can be extremely dangerous, especially given the rise in data breaches in recent years. While Australia believes it’s two-year limit to be a good balance, there is currently no management of who actually has access to the data and several amendments are introduced to improve the privacy of Australian citizens.
Tax Season Brings Emotet to the Front
As Americans prepare for tax season, Emotet authors have started a new campaign that imitates a W-9 tax form requested by the target. As with most malicious phishing, an attached document asks users to enable macros when viewing the files. This campaign can be particularly dangerous, because many people don’t spend much time looking at W-9s since they are only sent to contractors and clients who often quickly sign and return them. Emotet infections can further harm companies by downloading additional info-stealing malware and using infected machines to distribute spam campaigns.
Australian Logistics Company Faces Delays After Ransomware Attack
Toll Group, a major transportation company in Australia, fell victim to a ransomware attack this week that forced them to take several vital systems offline. Due to company cybersecurity policies, no customer data was accessed and the damage was minimized by a quick response from their team. While many customers have been able to conduct business as normal, some are still experiencing issues as they wait for all of Toll Group’s systems to return to normal operation.
Cryptomining Botnet Found on DoD Systems
A bug bounty hunter recently found an active cryptocurrency mining botnet hidden within systems belonging to the U.S. Department of Defense (DoD). The bug was also being used as a silent backdoor for additional malware execution. Unfortunately, the misconfigured server had already been illicitly accessed and the attackers had installed a cryptominer to obtain Monero coins, but officials for the DoD worked quickly to secure the system before further damage could be inflicted.
Maze Ransomware Targets Multiple French Industries
At least five French law firms and a construction corporation have fallen victim to the Maze ransomware variant, which is known for quickly exfiltrating sensitive information. Maze authors also made an announcement that they will begin releasing the stolen data if the victims refuse to pay the ransom. Though only two of the law firms have had their data posted so far, the remaining firms are expected to be exposed if the ransom is not paid.
British Charity Falls for Impersonation Scam
The British housing charity Red Kite recently fell victim of an impersonation scam in which nearly $1 million was redirected to a scammer’s account. By disguising their domain and illicitly accessing previous Red Kite email threads, the attackers were able to impersonate a contracting company without payment system safeguards stopping the payment or notifying victims that anything was abnormal until it was too late.
Indonesian Magecart Hackers Arrested
At least three individuals were arrested in connection to the infamous Magecart information stealing malware. Thanks to the combined efforts of several international law enforcement agencies, numerous servers issuing commands to awaiting Magecart scripts have been taken down in both Indonesia and Singapore. While these are not the only individuals who have profited from the Magecart code, they are the first to be identified and brought to justice.
German City Suffers Cyberattack
The City of Potsdam, Germany, is recovering from a cyberattack that took down parts of its administration systems. Fortunately, the systems were being actively monitored and were quickly taken offline to prevent data from being removed. It seems, after further investigation, that the servers were not fully patched with the latest updates. This could have allowed the attackers to move and execute malware freely.
Job Listings Used to Commit Fraud
A new wave of data theft has hit the job hunting crowd, making life harder for people looking to be hired. Cybercriminals have been creating phony sites with job listings for the purpose of absconding with the information one would normally provide an employer after accepting an offer. Though these types of scams have been executed in the past, they tend to reappear occasionally due to their continued success.
UK Court Freezes Bitcoin Wallet
After falling victim to a ransomware attack that shut down more than 1,000 computers, a Canadian insurance company took advantage of their cybersecurity policy to pay out a nearly $1 million ransom. By working with a cyber analysis firm, the company was able to track their ransom payment through the blockchain to a final wallet, which was then frozen by the currency exchange to stop further transactions and to identify the owners of the wallet. Though this may sound positive for the victims, they may be the target of additional negative repercussions like having their stolen data published or being attacked again.
South Carolina Water Company Shutdown
The Greenville Water service in South Carolina was hit with a cyberattack that took down all their systems for around the last week. As they continue to restore systems to proper function, officials have stated that no customer data was accessed, nor is any payment card data actually stored there. Fortunately, Greenville Water was able to return to normal functions within a week and informed customers that late fees would not be issued for payments made during the outage.
Point-of-Sale Breach Targets U.S. Cannabis Industry
Late last month, researchers discovered a database owned by the company THSuite that appeared to contain information belonging to roughly 30,000 cannabis customers in the U.S. With no authentication, the researchers were able to find contact information as well as cannabis purchase receipts, including price and quantity, and even scanned copies of employee and government IDs. Though many of the records were for recreational users, medical patients were also involved in the breach, which could prompt additional investigations regarding HIPAA violations.
Ransomware Attack Shuts Down Florida Libraries
At least 600 computers belonging to the library system of Volusia County, Florida were taken offline after falling victim to an unconfirmed ransomware attack. While the libraries were able to get 50 computers back up and running, many of their core functionalities are still offline for the time being. Though officials still have not confirmed that ransomware was the cause of the shutdown, the attack is similar to ones targeting multiple California libraries less than a week earlier.
UK Government Allows Gambling Firms Access to Children’s Data
The Information Commissioner’s Office (ICO) was recently informed of a data breach that could affect nearly 28 million students in the UK. A gambling firm was apparently given access to a Department for Education database by a third-party vendor to complete age and ID verification, though it is unclear just how much information they were gathering. Both firms and the Department for Education have begun examining this breach to determine if this requires a full GDPR investigation.
International Law Enforcement Efforts Take Down Breach Dealer Site
In a combined effort from multiple law enforcement agencies in the U.S. and Europe, two individuals who operated a site that sold login credentials from thousands of data breaches were arrested. Immediately following the arrests, the domain for WeLeakInfo was taken down and all related computers were seized by police, who then promptly put up an official press release and request for any additional info on the site or owners. WeLeakInfo, which boasted access to over 12 billion records, was originally hosted by a Canadian company, but was quick to employ Cloudflare to continue their nefarious dealings privately.
UPS Store Exposes Customer Data
Roughly 100 UPS Stores across the U.S. fell victim to a phishing attack that compromised sensitive customer information over the last four months. This incident stems from a malicious phishing attack that allowed some individuals to compromise store email accounts, which then allowed access to any documents that had been exchanged between the accounts and customers, from passports and IDs to financial info. Fortunately, UPS has already begun contacting affected customers and is offering two years of credit and identity monitoring.
Ryuk Adds New Features to Increase Devastation
The latest variant of the devastating Ryuk ransomware has been spotted with a new feature that allows it to turn on devices connected to the infected network. By taking advantage of Wake-on-Lan functionality, Ryuk can is able to mount additional remote devices to further its encryption protocols. While it’s possible to only allow such commands from an administrator’s machine, those are also the most likely to be compromised since they have the largest access base.
Bank Hackers Arrested Outside London
Over the course of six years, two individuals were able to successfully hack into many hundreds of bank and phone accounts with the intent to commit fraud. With the information they gathered, the two were also able to open new credit accounts and take out significant loans to purchase extra tech hardware. Officials for the London Metropolitan Police have made it known that cybercrime is taken just as seriously as any other crime.
Cryptominer Found After Multiple BSODs
Following a series of “blue screens of death” (BSoDs) on a medical company’s network, researchers identified a cryptominer that spread to more than 800 machines in just a couple months. The payload, a Monero miner, was hidden within a WAV file that was able to migrate undetected to various systems before executing the payload itself. To spread efficiently, the infection used the long-patched EternalBlue exploit that had not yet been updated on the network in question, thus leaving them fully susceptible to attack.
Consulting Firm Exposes Professional Data
Thousands of business professionals from the UK have potentially fallen victim to a data leak by the major consulting firm CHS. A server belonging to the company was found to contain passports, tax info, and other sensitive information that could have been archived from background checks within an unsecured Amazon Web Services bucket. While it is still unclear how long the data was available, researchers who discovered the leak quickly contacted both CERT-UK and Amazon directly, which promptly secured the server.
Western Australian Bank Breached
Over the last week officials for P&N Bank in Australia have been contacting their customers concerning a data breach that occurred during a server upgrade in early December. Though personally identifiable information has been exposed, it doesn’t appear that any accounts have been illicitly accessed and relates more to a customer’s contact information. A total number of affected customers has yet to be confirmed.
Snake Ransomware Slithers Through Networks
A new ransomware variant, dubbed “Snake,” has been found using more sophisticated obfuscation while targeting entire networks, rather than only one machine. In addition, Snake will append any encrypted file extensions with five random characters following the filetype itself. Finally, the infection also modifies a specific file marker and replaces it with “EKANS,” or SNAKE spelled backwards. A free decryptor hasn’t been released yet, and the malware authors have specified that that encryption will be for entire networks only.
Minnesota Hospital Data Breach
Sensitive information belonging to nearly 50,000 patients of a Minnesota hospital has been illicitly accessed after multiple employee email addresses were compromised. While in most cases the information accessed was medical data and basic contact info, some patients may have also had their Social Security and driver’s license numbers compromised. Alomere Health has already contacted affected patients and begun providing credit and identity monitoring services.
Cyberattack Finally Cracks Las Vegas Security
For a city that is the target of roughly 280,000 cyber attacks every month, one attack was finally able to make it through Las Vegas security protocols. The attack appears to have stemmed from a malicious email but was quickly quarantined by city IT officials before it could do any critical damage. Earlier in 2019, Las Vegas officials proposed a measure to refuse payments to any cybersecurity threat actors.
Travelex Falls Victim to Sodinokibi Ransomware
On the first day of 2020, foreign travel service provider Travelex experienced a ransomware attack that used unsecured VPNs to infiltrate their systems. To make matters worse, a demand of $6 million has been placed on the company for the return of their data, or else the ransom will be doubled. Since this attack, a scoreboard has been created to track the six additional victims of the Sodinokibi/REvil ransomware campaign.
ATM Skimmer Arrested in New York
At least one individual has been arrested in connection to an ATM skimming ring that has taken over $400,000 from banks in New York and surrounding states. From 2014 to 2016, this group installed card skimmers in an unidentified number of ATMs in order to steal card credentials and build up fraudulent charges. Eleven other people are connected with this incident and will also likely be charged.
US Coast Guard Facility Hit with Ransomware
During the last week of December a US Coast Guard facility was the target of a Ryuk ransomware attack that shut down operations for over 30 hours. Though the Coast Guard has implemented multiple cybersecurity regulations in just the last six months or so, this attack broke through the weakest link in the security chain: human users. Ryuk typically spreads through an email phishing campaign that relies on the target clicking on a malicious link before spreading through a network.
Crypto-trading Platform Forces Password Reset After Possible Leak
Officials for Poloniex, a cryptocurrency trading platform, began pushing out forced password resets after a list of email addresses and passwords claiming to be from Poloniex accounts was discovered on Twitter. While the company was able to verify that many of the addresses found on the list weren’t linked to their site at all, they still opted to issue passwords reset for all clients. It’s still unclear where the initial list actually originated, but it was likely generated from a previous data leak and was being used on a new set of websites.
850 Wawa Stores Affected by Card-skimming
Nearly every one of Wawa’s 850 stores in the U.S. were found to be infected with a payment card-skimming malware for roughly eight months before the company discovered it. It appears Wawa only found out about the problem after Visa issued a warning about card fraud at gas pumps using less-secure magnetic strips. WaWa has since begun offering credit monitoring to anyone affected. In a statement, they mention skimming occurring from in-store transactions as well, so card chips would only be effective if the malware had been at the device level, rather than the transaction point.
Microsoft Takes Domains from North Korean Hackers
Microsoft recently retook control of 50 domains that were being used by North Korean hackers to launch cyberattacks. Following a successful lawsuit, Microsoft was able to use its extensive tracking data to shut down phishing sites that mainly targeted the U.S., Japan, and South Korea. The tech company is well-known for this tactic, having taken down 84 domains belonging to the Russian hacking group Fancy Bear and seizing almost 100 domains linked to Iranian spies.
Landry’s Suffers Payment Card Breach
One of the largest restaurant chain and property owners, Landry’s, recently disclosed that many of their locations were potentially affected by a payment card leak through their point-of-sale systems. The company discovered that from January through October of 2019, any number of their 600 locations had been exposed to a card-skimming malware if not processed through a main payment terminal that supported end-to-end encryption.
Honda Customer Database Exposed
Officials have been working over the past work to secure a database containing highly sensitive information belonging to more than 26,000 North American customers of the Honda motor company. The database in question was originally created in October and was only discovered on December 11. While no financial information was included in the leak, the records did contain names, VIN numbers, and service details for thousands of customers.
Boeing Contractor Data Leak
Nearly 6,000 defense contractors working for Boeing have had personal information leaked after a user error left an Amazon web service bucket publicly exposed. The 6,000 Boeing staff are only a small portion of the 50,000 individual records found on the leaked server, many of whom were involved in confidential projects for the Department of Defense. These types of data leaks are increasingly common as more users are not properly securing their servers or using any form of authentication.
Sextortion Email Campaign Shutdown
After months spent chasing them across Europe, authorities have arrested the authors responsible for the Nuclear Bot sextortion campaign. With their Nuclear Bot banking trojan, the team was able to compromise roughly 2,000 unique systems and use them to help distribute malicious emails. Though it’s been verified that the original authors are in custody, the source code for Nuclear Bot was made public in the hope no money would be made from its sale.
Emotet Sent from Phony German Authorities
A new email campaign has been disguising itself as several German government agencies and spreading the Emotet trojan, infecting multiple agency systems. This campaign differs from previous Emotet attacks by appearing as a reply from a prior email to appear more legitimate. To best defend against these attacks, users are strongly encouraged to check both the sender’s name and address as well as ensuring that macros aren’t enabled in their Office apps.
LifeLabs Pays Ransom After Cyber-Attack
Canadian testing company LifeLabs decided to pay a ransom after attackers illicitly accessed the sensitive information for all 15 million of its customers. Oddly, many of the records being found date back to 2016 or earlier and have yet to be identified on any illicit selling sites. LifeLabs has since contacted all affected customers and has begun offering identity monitoring services.
As the year draws to a close, the cybersecurity analysts at Webroot and Carbonite pull out their crystal balls to make their predictions for the year ahead.
Our experts predict many of the trends they’ve been tracking throughout the year—well-researched attacks, RDP compromise, and the importance of user education—will continue into the New Year. But they’ll be affected by new industry developments such as impending privacy regulations, AI-enabled attacks, and attacks targeting developing nations.
Highly Targeted Ransomware Will Continue to Devastate Businesses
Unsurprisingly, our experts predict the strong trend toward highly targeted ransomware will bleed into 2020.
“Highly targeted ransomware will likely continue,” predicts Webroot Software Management Manager Eric Klonowski. “Next year, we predict ransom-motivated attackers will more pointedly observe automatic backup solutions and make attempts to remove and alter the backup data or the task itself.” Klonowski said.
High-effort, low-volume surveillance techniques are now favored by ransomware operators like the Bitpaymer Group, which has been known to customize ransomware only hours before deploying an attack, first tailoring it to observations gathered on their targets.
We should expect actors like these to continue to gain access to networks from where they can observe financial transactions and valuable information before determining the most profitable way to strike at their intended targets.
Phishing will likely also become more targeted as data collected from breaches is incorporated into phishing emails. Things like passwords and recent transactions can go a long way in convincing people an email is legit.—Grayson Milbourne, Security Intelligence Director, Webroot
Long-Awaited Privacy Legislation Will Finally Arrive in the U.S.
We expect that privacy and security will continue to jockey for primacy of concern in the minds of U.S. citizens. California, which has long led the fight for more stringent data privacy for consumers, is set to enact a law in early 2020 that has often drawn comparisons to Europe’s GDPR.
As noted by Tech Crunch, California’s new data privacy act, like GDPR, will extend to all organizations that do business with Californians, effectively making it the law of the land nationwide. But Webroot Product Marketing Director George Anderson predicts a groundswell of support among U.S. citizens for stricter data privacy regulations.
“U.S. citizens will step up their demands for privacy in 2020,” he says. “Privacy legislation in the U.S., which has lagged behind other nations, will be a central issue.”
But rather than settling for a new set of standards, Anderson wouldn’t be surprised if entirely new revenue models are explored. Models that rely less on selling personal data than, say, subscription fees or some other alternative.
“I would expect an alternative paid for services that don’t abuse data will emerge, Anderson says. “The existing, untrusted purveyors of convenience will try to pivot, but ultimately lose out heavily. Legislation and technology are starting to converge due to so many abuses of privacy.”
“Adversarial attacks against AI-based security products will likely grow in scope and complexity, which would highlight the fact that there are fundamentally two types of AI in cybersecurity: AI which acts like a smarter conventional signature and AI which is built into every facet of an intelligent, cloud-based platform capable of cross-referencing and defending itself against adversarial attacks.” —Joe Jaroch, Senior Director of Cybersecurity Strategy, Webroot
Small and Medium-Sized Businesses will Bear the Brunt of Cyberattacks
Findings regarding cybersecurity readiness among small and medium-sized businesses (SMBs) continue to be grim. Despite commonly falling victim to data breaches and other attacks, an attitude still pervades that they are either too small to catch the eye of cybercriminals or that their data isn’t valuable enough to warrant an attack.
In a study conducted by Webroot and 451 Research, 71 percent of SMBs admitted to experiencing a breach or attack within the previous 24 months that resulted in “operational disruption, reputational damage, significant financial losses or regulatory penalties.”
According to Webroot Security Analyst Tyler Moffitt, that trend is unlikely to abate.
“We expect that SMBs will continue to be targets for cybercriminals because, just like the public, education, and healthcare sectors, they maintain the same vulnerable environment. They’re low budget, understaffed, and often under-educated on matters of cybersecurity.”
Findings from the 451 Research report confirm Moffitt’s suspicions. A full 36 percent of SMBs surveyed in that study reported that they had no full-time staff on hand dedicated to cybersecurity.
“The SMBs typically targeted have under 50 employees, and it often falls to a lone IT admin or someone in finance or sales to shore up cybersecurity at the company,” Moffitt says. “Almost always it’s a person who wears many hats and doesn’t have much of a budget or expertise.”
It’s the easily overlooked yet easily exploited security gaps like an unsecured RDP that most worry Moffitt. Without dedicated cybersecurity consulting, these can easily be exploited, yet they are easy to fix.
“Expect to see more attacks against less developed nations. Attacks like this don’t generate revenue, rather they are meant to disrupt and destroy” —Grayson Milbourne, Security Intelligence Director, Webroot
We Want to Hear Your 2020 Predictions
Are these the developments you expect to see to kick off the new decade? Have some other ideas? We want to hear what hacks, news stories, or trends in cybersecurity you anticipate in the New Year. You can read additional predictions from our staff for the year ahead, plus submit your own, on the Webroot Community. Click here to visit the Community and share your 2020 predictions.
The holiday shopping season is prime time for digital purchases and cybercriminals are cashing in on the merriment. With online shopping officially becoming more popular than traditional in-store visits this year, all signs point to an increase in cyberattacks. It’s more important than ever to be mindful of potential dangers so you can avoid getting Scrooged when buying online. Follow these top tips for secure online shopping.
Only use credit cards. If your debit card gets compromised, it has the
potential to cascade in catastrophic ways; automatic bill payments may bounce
or overdraft protections may drain secondary accounts. Some banks also have
strict rules about when you need to notify them of suspected fraud, or else you
could be liable for the costs.
On the other hand, the Fair Credit Billing Act provides some protections for consumers from unauthorized charges on credit cards. Additionally, it’s much easier to have your credit card replaced with new, uncompromised numbers and details than it is with bank account info.
cautious of deal and discount emails. During the holidays, there’s always a spike in
physical and electronic mailers about special deals. At this point, we’re all
used to that. We might even wait to buy something we want, knowing that it’ll
probably go on sale during holiday clearance. Unfortunately, criminals use this
expectation against us by sending cleverly crafted phishing emails to trick us
into compromising our data.
Always be cautious about emails from unknown senders or even trusted third-party vendors, especially around the holidays. Always navigate to the deal website separately from the email — don’t just click the link. If the deal link can only be accessed through the email, it’s best to pass up on those supposed savings. It is also prime time for emails offering “free giftcards” avoid those like the plague.
Never make purchases without HTTPS. Check the URL—if it doesn’t start with HTTPS,
it doesn’t have SSL encryption. SSL (secure sockets layer) encryption is a
security standard for sharing information between web servers and a browser.
Without it, your private information, including your credit card number, can be
more easily intercepted by cybercriminals.
Keep in mind: HTTPS only ensures that the data you send will be encrypted on the way, not that the destination is legit. Cybercriminals have started to use HTTPS to trick website users into a false sense of security. That means, while you should never send private or financial data through a site that doesn’t have HTTPS, you shouldn’t rely on the presence of HTTPS alone to guarantee the security of the page.
Don’t make purchases on devices you don’t personally own. If you’re using a borrowed or shared device, such as a computer at a library or a friend’s phone, don’t make any purchases. Even if it’s a seemingly safe device that belongs to a person you know and trust, you have no way of knowing how secure it really is. It’s pretty unlikely that you’ll encounter a lightning deal that’s worth the hassle of financial fraud or identity theft. So just wait on that purchase until you can make it on your own device.
Never use unsecured public WiFi for online purchases.
Many public WiFi networks, like the ones at
your local café, the gym, a hotel, etc., are completely unsecured and unencrypted. That means anyone with the know-how
can easily track all of your online activities while you’re using that network,
including any login or banking information. Even worse, hackers are capable of
dropping viral payloads onto your device through public networks, which can
then spread to your other devices at home.
Always use a VPN when you’re on public WiFi, if you have to use it at all. Otherwise, we suggest using a private mobile hotspot from your phone instead. (See our section on VPNs below.)
Use a password manager to create strong passwords. You can often stop a security breach from spreading out past the initial impact point just by using a trusted password manager, such as LastPass, which will help you create strong passwords. A password manager will create and store them for you, conveniently and securely, so you don’t have to remember them or write them down somewhere. Taking this step will help protect you from potential third-party breaches as well, like the one Amazon announced just before Black Friday in 2018.
Encrypt your traffic with a virtual private network (VPN). A VPN allows you browse privately and securely by shielding your data and location in a tunnel of encryption. So even if you are unwittingly using a compromised network, such as the unsecured public WiFi at your favorite morning coffee stop, your VPN will prevent your private data from being scooped up by cybercriminals. But be sure you’re using a trusted VPN—many free options secretly collect and sell your data to turn a profit.
Install antivirus software and keep it up to date. A VPN will protect your data from being tracked and stolen, but it can’t protect you if you click on a malicious link or download a virus. Make sure your antivirus software is from a reliable provider and that it’s not only installed, but up to date. Most antivirus products today will even update themselves automatically (as long as you don’t turn that feature off), so make sure you have such settings enabled. It may make all the difference when it comes to preventing a security breach.
Keep a close eye your bank and credit accounts for suspicious activity. The fact of the matter is that the holiday season causes a peak in malicious online activity. Be proactive and check all of your financial records regularly for suspicious charges. The faster you can alert your bank or credit provider to these transactions, the faster you can get a replacement card and be back on your merry way.
Don’t fall victim to cybercrime this holiday season. Be mindful of all the links you click and online purchases you make, and be sure to protect your devices (and your data and identity) with a VPN and strong antivirus software!
Zeppelin Ransomware Spreading
Over the last month, researchers have been monitoring the spread of a new ransomware variant, Zeppelin. This is the latest version of the ransomware-as-a-service that started life as VegaLocker/Buran and has differentiated itself by focusing on healthcare and IT organizations in both the U.S. and Europe. This variant is unique in that extensions are not appended, but rather a file marker called Zeppelin can be found when viewing encrypted files in a hex editor.
German ISP Faces Major GDPR Fine
The German internet service provider (ISP) 1&1 was recently fined for failing to protect the identity of customers who were reaching out to their call centers for support. While the incident took place in 2018, GDPR is clear about imposing fines for organizations that haven’t met security standards, even if retroactive changes were made. 1&1 is attempting to appeal the fines and has begun implementing a new authentication process for confirming customers’ identities over the phone.
Turkish Credit Card Dump
Nearly half a million payment cards belonging to Turkish residents were found in a data dump on a known illicit card selling site. The cards in question are both credit and debit cards and were issued by a variety of banking institutions across Turkey. This likely means that a mediating payment handler was the source of the leak, rather than a specific bank. Even more worrisome, the card dump contained full details on the cardholders, including expiration dates, CVVs, and names; everything a hacker would need to make fraudulent purchases or commit identify theft.
Pensacola Ransomware Attack
The city of Pensacola, Florida was a recent victim of a ransomware attack that stole, then encrypted their entire network before demanding $1 million ransom. In an unusual message, the authors of the Maze ransomware used explicitly stated that they had no connection to the recent shootings at the Pensacola Naval Base, nor were they targeting emergency services with their cyberattack.
Birth Certificate Data Leak
An unnamed organization that provides birth certificate services to U.S. citizens was contacted earlier this week in regard to a data leak of nearly 750,000 birth certificate applications. Within the applications was sensitive information for both the child applicant and their family members, which is highly sought after by scammers because it is relatively easy to open credit accounts for children with no prior credit history. Researchers are still waiting to hear back from the organization after finding this data dump in an unsecured Amazon Web Services bin.
ZeroCleare Malware Wiping Systems
IBM researchers have been tracking the steady rise in ZeroCleare deployments throughout the last year, culminating in a significant rise in 2019. This malware is deployed on both 32 and 64-bit systems in highly targeted attacks, with the capability to completely wipe the system by exploiting the EldoS RawDisk driver (which was also used in prior targeted attacks). The malware itself appears to be spreading through TeamViewer sessions and, though the 32-bit variant seems to crash before wiping can begin, the 64-bit variant has the potential to cause devastating damage to the multi-national corporations being targeted.
FTC Scam Threatens Victims with Terrorism Charges
FTC officials recently made an announcement regarding scam letters purporting to be from the commission and the numerous complaints the letters have sparked from the public. Victims of the scam are told that, due to some suspicious activity, they will be personally and financially monitored as well as face possible charges for terrorism. These types of scams are fairly common and have been in use for many years, often targeting the elderly with greater success.
Misreported Data Breach Costs Hospital Millions
Following an April 2017 complaint, the Office of Civil Rights has issued a fine of $2.175 million after discovering that Sentara Hospitals had distributed the private health information for 577 patients, but only reported eight affected. Moreover, it took over a year for the healthcare provider to take full responsibility for the breach and begin correcting their security policies for handling sensitive information. HIPAA violations are extremely time-sensitive and the slow response from Sentara staff could act as a lesson for other organizations to ensure similar events don’t reoccur.
Android Vulnerability Allows Hackers Easy Access
Researchers have identified a new Android exploit that allows hackers access to banking applications by quickly stealing login credentials after showing the victim a legitimate app icon, requesting additional permissions, and then sending the user to their expected app. Even more worrisome, this vulnerability exists within all current versions of AndroidOS and, while not found on the Google Play Store, some illicit downloaders were distributing it.
Smith & Wesson Hit by Magecart
In the days leading up to Black Friday, one of the largest retail shopping days of the year, malicious skimming code was placed onto the computer systems and, subsequently, the website of Smith & Wesson. In a slight break from the normal Magecart tactics, they attackers were masquerading as a security vendor to make their campaign less visible. The card-skimming code was initially placed onto the website on November 27 and was still active through December 2.