Reading Time: ~ 1 min.

Staying Cyber Resilient During a Pandemic

We’re all thinking about it, so let’s call it out by name right away. The novel coronavirus, COVID-19, is a big deal. For many of us, the structure of our lives is changing daily; and those of us who are capable of doing our work remotely are likely doing so more than...

World Backup Day: A Seriously Good Idea

"Cold Cuts Day," "National Anthem Day," "What if Cats and Dogs had Opposable Thumbs Day"... If you've never heard of World Backup Day, you'd be forgiven for thinking it's another of the gimmicky "holidays" that seem to be snatching up more and more space on the...

5 Security Tips for Setting Up a New Device

The last thing you want to do when you get a new computer, mobile device, or tablet is spend a lot of time setting it up. But like any major appliance, these devices are something you want to invest a little time setting up properly. Often, they’re not cheap. And you...

Cyber News Rundown: WHO Under Cyberattack

Reading Time: ~ 2 min.

World Health Organization Sees Rise in Cyberattacks

Officials for the World Health Organization (WHO) have announced that many of their sites and servers have been under attack by unsuccessful hackers trying to capitalize on the latest health scare. The attack stemmed from the use of several malicious domains that attempted to gain sensitive information and credentials from WHO employees. Thousands of other malicious domains have been created over the last few weeks to exploit the uninformed victims of the Coronavirus outbreak.

TrickBot Sidesteps 2FA on Mobile Banking Apps

The creators of TrickBot have developed a new mobile app called TrickMo, that can silently circumvent two-factor authentication that is used by various mobile banking apps. The malicious app is used mainly to intercept authentication tokens, once it is installed on the victim’s device. Currently, the TrickMo app is targeting German individuals and using the name “Security Control” to disguise any ulterior motives, and even sets itself as the default SMS app, in order to steal additional information.

Google Play Finds 56 New Malicious Apps

Over 56 new malicious apps have been spotted on the Google Play store, with a combined 1.7 million installations on devices across the globe. To make matters worse, a large portion of the apps were targeted specifically at children and used native Android functionality to imitate typical user actions to boost ad revenue. Many of the apps took extreme measures to avoid being uninstalled by the users, though Google itself has since removed all of the related apps from the Play Store.

Fake Coronavirus Vaccine Sites Shutdown

A website offering fake Coronavirus vaccine kits that were claiming to be approved by the WHO has been shutdown following a ruling by a federal court. The operator of the site has been accused of committing fraud and the hosting service has received a restraining order to stop public access to the site. The site in question, “coronavirusmedicalkit.com” offered the fake kits with users only paying for shipping and entering their payment card data.

Tupperware Website Breached

The main website for Tupperware was recently hacked and used to host Magecart code to steal payment card information. The malicious code was first discovered at the end of last week, but was still active nearly a week later, even after multiple attempts to contact the company. Magecart has been a wide-spread issue for online retailers over the last couple years, and still maintains a large presence due to their ease of use and continuing success.

Hackers: Fact vs. Fiction

Reading Time: ~ 3 min.

Have you ever watched a movie and seen a character doing something you know how to do, and thought to yourself, “jeez, that’s totally wrong. Couldn’t they have done a little research?”

That’s exactly what hackers think when they watch movies, too. For most of us, the image that comes to mind when we hear the word “hacker” is pretty stereotypical: probably a young guy wearing a hoodie and headphones, in a basement, surrounded by fancy displays full of unintelligible code that looks like it’s straight out of the 1999 movie the Matrix, with only nefarious intentions at heart. We have that image for a reason; that’s how many films have portrayed such characters.

But, just like those times when you see a movie or TV character totally screwing up the thing you know how to do, this stereotype just isn’t accurate. Not all hackers have the same motives. In fact, not all of them are even “bad guys.” Misunderstanding leads to fear, and acting out of fear is never a good thing. If you want to stay safe from cyber-related risks in the modern world, it’s important to understand the myth vs. the reality.

Common Myths

  1. Every hacker is a criminal with evil intentions, who wants to break systems, steal information, steal money, cause destruction, commit cyber-espionage, or engage in other illegal activity online
  2. All hackers are male
  3. Hackers work alone, exclusively
  4. Hackers have to work really fast, or else they’ll get caught by the authorities
  5. There isn’t much money to be made, so hackers have to send lots of attacks to make their efforts worthwhile
  6. Hackers only go after large corporations and government systems.

The Truth about Hackers

  1. The word “hacker” really just refers to an individual who uses computers, networking, or other technology and related skills to accomplish a particular goal. That goal may not have anything to do with criminal activity, even if it involves gaining access to computer systems. In fact, some hackers use their skills for good, helping businesses and individuals become better able to prevent attacks by malicious hackers
  2. Just like their varied motivations, hackers come in all shapes and sizes. While the average self-proclaimed “hacker” is likely to be male and under 35, they can be of any gender, age, ethnicity, etc.
  3. As with most pursuits in life, hacking tends to be most productive when conducted by a team. It’s actually pretty common for hackers to be involved in larger groups or organizations. Some of them even have salaries and set holidays, just like the rest of us in the non-hacking working world, and may have customers and sales arrangements that include things like reseller portals and component rental
  4. A rushed job is a bad job, plain and simple. Hackers have the time to take a slow and methodical approach to accomplish their aims. They know they’re more likely to be successful if they research targets, do recon, and take the time to work out the best angles of approach. In contrast, victims of attacks typically have a very short amount time in which to react or recover, especially in the case of ransomware.
  5. There’s a lot of money to be made in hacking. As of the most recent Cost of a Data Breach Report, the average cost of a data breach is $3.92 million, and nearly 3 in 4 (71%) of breaches are financially motivated. In fact, the average hacker can earn up to 40 times the median wage of a software engineer.
  6. Although large corporations can be desirable targets, they often have larger security budgets and teams of security professionals dedicated to protecting the business. You might think hackers have bigger fish to fry, but small and medium-sized businesses (SMBs) are prime targets. More than 70% of cyberattacks target small businesses. In particular, more attacks are focusing on MSPs specifically because of their SMB clients. Breaching a single MSP could open up data access to their entire client base.

So what do you do?

You’re already on your way. By better understanding the true methods and motivations behind the myths, you can begin to lock down your business and protect your customers against today’s biggest threats. If you haven’t already, check out our Lockdown Lessons, which include a variety of guides, podcasts, and webinars designed to help MSPs and businesses stay safe from cybercrime.

The next step is to ensure your security stack includes a robust endpoint protection solution that uses real-time threat intelligence and machine learning to prevent emerging attacks. Learn more about Webroot® Business Endpoint Protection or take a free trial here.

Cyber News Rundown: DDoS Strikes U.S. Health Department

Reading Time: ~ 2 min.

DDoS Attack Strikes U.S. Health Department

Amidst the panic caused by the novel coronavirus, millions of people began navigating to the U.S. Department of Health’s website to find more information on the illness, but instead found the site to be offline after a DDoS attack overwhelmed its servers. This comes as only one of many unfortunate attacks that are being used to spread disinformation and panic, as well as delay healthcare workers from assisting patients or working towards slowing the overall spread of the illness.

Netfilim Ransomware Uses Old Code but New Tactics

Researchers have been tracking the spread of a new ransomware variant known as ‘Netfilim,’ which has been on a steady rise since February. By utilizing a large portion of code from another ransomware variant, Nemty, it has a quick distribution rate and keeps with the promised threat of releasing all stolen data within a week of encryption. It does differ from Nemty in its payment process, however, relying solely on email communication rather than directing the victim to a payment site that is only accessible through a Tor browser, leaving .NETFILIM as the appended extension for all encrypted files.

US Loan Database Exposed

A database containing millions of financial documents and other highly sensitive information was found freely accessible through an unsecured Amazon web service bucket. Contained within the 425GB of data were credit reports, Social Security numbers, and personally identifiable information for thousands of individuals and small businesses. The database itself is connected with a loan app that was developed by two major New York funding firms, Advantage Capital and Argus Capital.  

Malicious Coronavirus Mapping Apps Spreading More than Misinformation

Many malware authors have been capitalizing on the recent coronavirus (COVID-19) epidemic by way of phishing campaigns and newly renamed ransomware variants. Their latest endeavor is an app used to reportedly “track” the spread of coronavirus across the globe, but has instead been dropping malicious payloads on unsuspecting victims’ devices. Some of these apps can lock devices and demand a ransom to unlock it, while others deliver full ransomware payloads that can encrypt and upload any files to another remote server. Fortunately, researchers worked quickly to engineer up a decryption key for victims.

Magecart Group Targets NutriBullet Website

Following a network breach in late February, Magecart scripts were found to be actively stealing payment card information from NutriBullet websites up to present. The specific organization, known as Group 8, has been using similar Magecart scripts for over two years and have claimed over 200 unique victim domains. Despite several contact attempts from the researchers who found the skimmers, no changes have been made to the affected sites, leaving current and new customers vulnerable.

Staying Cyber Resilient During a Pandemic

Reading Time: ~ 3 min.

We’re all thinking about it, so let’s call it out by name right away. The novel coronavirus, COVID-19, is a big deal. For many of us, the structure of our lives is changing daily; and those of us who are capable of doing our work remotely are likely doing so more than we ever have before.

It’s not likely that cybercriminals will cut us a break during this difficult time of quarantine and pandemic outbreak. If anything, we will only see an increase of attacks and ransom amounts since this is when infrastructures of modern civilization are needed most but have the least amount of time to react and debate on paying or negotiating the price. Also, many of the cybercriminals who breach and ransom as a side job are now forced to either work from home or their shifts are completely canceled, leaving them with more time and motivation to make up their income elsewhere. This is a prime circumstance for increased cyberattacks, and individuals and businesses should be hyper aware of their behavior both online and offline.

Not only are phishing and ransomware attacks, which tend to capitalize on current headlines, on the rise, but business email compromise (BEC) is also up. BEC is when a cybercriminal breaks into a legitimate corporate email account and impersonates the real owner to defraud the business or its partners, customers, or employees into sending money or sensitive data to the attacker. With so many more people working remotely and less able to verify emailed requests from coworkers as legitimate, you can imagine how this threat could run rampant.

What follows are some tips for staying safe, both for individuals in their personal lives and for businesses with remote workers.

Cyber Resilience Tips for Individuals

What to do:

What NOT to do:

  • Do not open emails regarding COVID-19 from unknown senders. These could be phishing scams.
  • Do not click on links in emails regarding COVID-19. Email links can be used to spread computer viruses and other malware.
  • Do not download or open email attachments from unknown senders. These could contain viruses and other malware.
  • Do not click on links in social media messages, even if they are from someone you know. Your contacts’ accounts may have compromised.
  • Do not click on ads or social media posts regarding COVID-19. They may be fake and contain malicious content.

Cyber Resilience Tips for Businesses

The best defense is prevention. To prevent, you have to plan ahead.

Be prepared for remote work conditions.

Life gets in the way. Between severe weather, personal emergencies, illness, and worker wellbeing, employees need to be able to work from home for a variety of reasons.

  • Enable everyone to work from off-site locations.
  • Ensure all employees feel welcome to work from home when needed.
  • Install robust endpoint security on all devices so employees and data stay safe.
  • Give all employees access to a VPN to help protect corporate data, wherever they connect.
  • Implement measures to back up data saved on local devices while workers are remote.
  • Add collaboration tools so teams can continue to work together while physically separated.
  • Warn employees about phishing and BEC. Share the Cyber Resilience Tips for Individuals we included above, and encourage employees to be extra vigilant about unexpected invoices or other financial requests. Even when we’re all remote, it only takes a quick phone call to verify the legitimacy of an unusual request.

Be prepared for threats to your data.

From modern cyberattacks to natural disasters and physical damage, there are a lot of threats to your critical business data.

  • Protect all endpoint devices, including computers and servers, with next-generation cybersecurity solutions.
  • Create a data backup process for data availability at alternate business locations when the main office is closed.
  • Implement high-availability data replication and migration safeguards ensure data is available, no matter what happens.
  • Add protection for Microsoft Office 365 and other collaboration platforms so content stored and shared in the cloud stays safe.
  • Use a solution that includes device monitoring, tracking, and remote erase functionality so lost or stolen devices can be located or wiped.
  • Empower employees to become a strong line of defense by educating them about cybersecurity and data safety risks.
  • Make sure to use RDP solutions that encrypt the data and use 2FA authentication when remoting into other machines as the presence of an open port with RDP was associated with 37% greater likelihood of a ransomware attack.

Our Commitment to Resilience

Rest assured, we’re practicing what we preach. All of our global employees are able to work from home securely. In these crazy times, it’s more important than ever to redouble our focus on helping each other. At Webroot, we feel it’s our social responsibility to do what we can to keep one another safe, both online and offline. We hope you’ll join us in our commitment to resilience. Stay safe and healthy, everyone.

World Backup Day: A Seriously Good Idea

Reading Time: ~ 3 min.

“Cold Cuts Day,” “National Anthem Day,” “What if Cats and Dogs had Opposable Thumbs Day”…

If you’ve never heard of World Backup Day, you’d be forgiven for thinking it’s another of the gimmicky “holidays” that seem to be snatching up more and more space on the calendar.

(Did you know that single quirky duo, Ruth and Tom Roy, are responsible for copyrighting more than 80 of these holidays, including Bathtub Party Day, held annually on December 5?)

Not so, though, for World Backup Day. While, according to WorldBackUpDay.com, it was founded by a few “concerned users” on the social media site reddit, the day’s dedication is a decidedly serious one.

March 31 was established as “a day for people to learn about the increasing role of data in our lives and the importance of regular backups.”

Each April Fool’s-eve, the site invites humans all over the planet to not be fools and to back up their data. In celebration of World Backup Day, we sat down with Webroot Product Marketing Director George Anderson to see how users can ensure they stay cyber resilient by adhering to good data backup practices.

For World Backup Day, what’s the one piece of advice you’d give to a small or medium-sized business? An everyday computer user, like a parent?

Losing data used to be something that happened because a hard disk failed, a device was lost or stolen, or some other unforeseen accident made a device unusable. These remain risks. But these days, it’s just as likely your data is being held for a ransom or some nasty infection has destroyed it for good.

Up-to-date backups are essential. Remember: it’s not if something will happen to your data, but when. So, prepare for the unexpected. Easily restored data backups let you be more resilient against cyber-attacks and better able to recover customer data, financial information, business-critical files, and precious memories. Anything irreplaceable should be regularly backed up without a second thought, or worse, a passive “it won’t happen to me.”

Thankfully, many of today’s backup solutions are easy-to-use and affordable. My advice is to not become the next data loss or ransomware victim. Simply invest a little into backup software and rest easy knowing you’re covered.

Why is it important that World Backup Day be celebrated year-round? How can we keep the spotlight on backup and cyber resilience?

For those with backup technology in place, World Backup Day should be a reminder of the importance digital information plays in our daily lives, and to check up on existing backups to make sure they are being properly made and that they can be easily restored.

Unfortunately, “set-and-forget” technologies like automated backup and recovery solutions are rarely revisited – until we need them to be 100 percent. So, checking regularly that they’re correctly configured and working properly is important.

For those not currently backing up their data regularly, the day should bring into focus a glaring hole in your home or business data security. Perhaps take the time to consider the impact losing your data forever would have? Then take action.

Back up is no longer a “nice-to-have” capability. In a world where our lives are increasingly digital and our data is threated at lots of different angles, backup is crucial aspect of data security.

What’s the difference between backup and cyber resilience? Should companies be putting more of an emphasis on cyber resilience?

Backup is a key component of cyber resilience, though it’s not the only one. But it does make what could be an existential event, like a total loss of business or personal data, a setback that can be recovered from.

Cyber resilience is first and foremost about detecting, protecting and preventing attacks on your data in the first place. But then, even if your attack detection, protection and prevention defenses fail, your backup and recovery solutions ensure your data isn’t lost for good.

Cyber resilience is not a choice between security and backing up your data. It’s about covering both bases, so if a serious data compromise does occur, recovery is quick and painless to the business

This World Backup Day, take the pledge:

“I solemnly swear to back up my important data and precious memories on March 31st.”

And don’t forget to make sure that both cybersecurity and backup and recovery solutions are in place for your business or home office.

Cyber News Rundown: Paradise Ransomware

Reading Time: ~ 2 min.

Paradise Ransomware Spreading Through Unusual Attachments

While Paradise ransomware isn’t new to the scene, the latest methods it’s using to spread are a bit surprising. Though it sticks to using email for transmission, it now offers up an IQY attachment instead of a typical word document or excel spreadsheet. These can make a quick connection to a malicious URL prompting the download of the actual ransomware payload. What makes these especially dangerous is that they appear to be simple text files with no internal malicious code, just commands for retrieving it, so it isn’t typically picked up by most security services.

Entercom Data Breach

One of the world’s largest radio broadcasters, Entercom, recently revealed it had fallen victim to a data breach. It was initiated through a third-party service that stored login credentials for Radio.com users and could affect up to 170 million customers. This breach would be the third security incident targeting Entercom in just the last six months. The company has already fallen victim to two separate cyberattacks that caused their systems to be disrupted. Entercom has since implemented several additional security measures and prompted all users to change their passwords, especially if reused on other sites.

Western Union Begins Fraud Payback

Western Union has started paying back roughly $153 million to victims of fraudulent transactions processed by the firm’s payment systems. According to the U.S. Department of Justice, several employees and owners of Western Union locations were involved with allowing these fraudulent payments to be made and failing to properly discipline those individuals. The payback terms have started with 109,000 victims worldwide and will eventually total $586 million in reimbursements.

Whisper App Exposes User Data and Messages

The anonymous messaging app Whisper was recently revealed to own an unsecured database containing a large amount of personal customer records. Two independent researchers first discovered the database, containing over 900 million records and reaching back nearly eight years, and quickly contacted Whisper. The company then locked down the unrestricted access. Though financial or personally identifiable information were not included in the database, the app does track location data that could be used to narrow down a specific user’s location to a home or place of work.

Online Shopper Records Leaked

Up to 8 million sales records were discovered in an unsecured MongoDB database that has been misconfigured for an undetermined amount of time. The researcher who found the database quickly contacted the third-party servicing company that managed the database and it was secured five days later. The database contained roughly four million records pertaining to Amazon UK and eBay alone, comprised mainly of payment and contact information for online shoppers.

5 Security Tips for Setting Up a New Device

Reading Time: ~ 3 min.

The last thing you want to do when you get a new computer, mobile device, or tablet is spend a lot of time setting it up. But like any major appliance, these devices are something you want to invest a little time setting up properly. Often, they’re not cheap. And you want them to last. So, before you jump online and start shopping, gaming, or browsing, take some time to ensure your device is ready for anything the internet can and will throw at it.

There’s a caveat, though, of which Webroot security analysts are quick to remind users. “Even if you’ve taken every precaution when it comes to configuring your new device,” says Webroot Threat Research Analyst Connor Madsen, “it’s important to remember that proper online etiquette is essential to your security.”

“Clicking on links that don’t seem quite right, opening attachments from unknown senders, or otherwise ignoring your best security instincts is a good way to undermine any effective online security protection.”

Connor Madsen, Threat Research Analyst

For best results, in addition to the warning issued above, here are five tips for making sure your device, and the important files stored within it, are safe from common risks.

#1 – Update software

The first thing you’ll want to do is make sure the operating system on all your devices is up to date. One of the most common methods hackers use to launch attacks is exploiting out-of-date software. Failing to install periodic patches and software updates leaves your new device vulnerable to the numerous threats lurking on the web. Depending on how old and out-of-date your device is, it may take a while for applications to update. However long it takes, it’s preferable to the hassle and expense of having to undo an infection after it’s bypassed your security perimeter.

#2 – Enable firewall

Speaking of your security perimeter, the first line of defense along that perimeter is your firewall or router, if you’re using one. A router works as a firewall for the devices connected to it. But, if you’re not using a router, make sure your firewall is enabled to protect you from malicious traffic entering your network. This is different from an antivirus, which protects you from malicious files.

#3 – Install antivirus

Malicious files can be disguised as attachments in an email or links on the web, even the apps you download. So, it’s important to have an antivirus solution to protect your new computer. Malware attacks like ransomware make constant news these days. And everyone’s a target, from individual users to local businesses, hospitals, or municipalities. The cybercriminals launching these attacks are constantly changing, evolving threats to be more sophisticated and harder to detect. That’s why it’s important to keep your antivirus as up-to-date as your operating system and other applications.

#4 – Back up

Once you have your operating system and applications updated, your firewall enabled and an effective anti-virus application, you can begin using your computer safely. But there’s one more thing you need to consider if you’re going to be creating and storing important documents and work material on your new machine. Any new files on your computer will need to be backed up. That’s when you make a copy of the contents on your machine and store it in a safe place just in case you lose the original or it becomes infected by a virus. Since no single security solution can be 100 percent effective, it’s best to have a backup copy of important files. The thing is, you don’t want to have to decide what’s worth backing up and what’s not. That’s far too labor-intensive and it introduces the possibility of human error. Your best bet is to use a solution that’s designed for this purpose. A true backup solution protects files automatically so you don’t have to remember what you copied and what you didn’t. It also greatly simplifies file recovery, since it’s designed for this purpose.

#5 – Wipe your old device

Just because you have a shiny new toy doesn’t mean you can forget about your old machine. Before you relegate it to the scrap heap, make sure there’s nothing important or confidential on it you wouldn’t want someone to have access to. You could have old passwords saved, tax records, or sensitive work documents that you wouldn’t want shared. The best way to do this is to wipe the contents of your old device and reinstall the operating system from its original state.

Seem overwhelming? If so, it’s best to remember that one of your strongest cybersecurity tools is common sense. While things like an antivirus and backup strategy are essential for maintaining good cyber hygiene, remember Madsen’s advice.

“If it seems like an offer that’s too good to be true, or something about a link or file just doesn’t seem right, don’t click or download it. Trust your instincts.”

Cyber News Rundown: Estée Lauder Data Exposed

Reading Time: ~ 2 min.

Estée Lauder Leaves Massive Database Unprotected

Earlier this week researchers discovered an unsecured database containing over 440 million records belonging to Estee Lauder, a major make-up manufacturer. Though the company has confirmed that no customer data was stored in that database, they are still unsure on how long it was left exposed for and it did contain sensitive company information. Estée Lauder was able to properly secure the database on the same day the initial researcher contacted them.

SoundCloud Account Vulnerabilities Fixed

Researchers have contacted SoundCloud about vulnerabilities in their platform API that could allow attackers to illicitly access user accounts. While officials quickly resolved the security flaws, two additional API flaws had the potential to initiate DDoS attacks or create fraudulent song statistics by exploiting a specific set of track IDs. Attackers would have been able to exploit the user ID authentication to test previously leaked username/password combinations in hopes some victims were using the same credentials on multiple sites.

Danish Data Leak Exposes 1.3 Million Citizens

Over a period of five years from 2015 to 2020, a bug in the country’s tax systems has leaked sensitive ID numbers for nearly 1.3 million Danish citizens. The bug itself displayed the user’s ID number in the URL after the user made changes in their tax portal, which were then analyzed by both Google and Adobe. Fortunately, no additional tax or other personal information was divulged in the leak, which the government was quick to resolve.

Study Reveals Top Brands Used in Phishing Campaigns

After gathering data from nearly 600 million email boxes over the last year, researchers once again determined that PayPal was the most impersonated company for phishing attacks in 2019. The data also revealed that phishing campaigns disguised as PayPal were using an average of 124 unique URLs daily to propagate the malicious content. Many other top companies used in phishing campaigns in 2019 were financial institutions, as they are easy troves of consumer information.

Australia Debates Retention Period for Consumer Data

The Australian government has just begun debating changes to their current data retention period, which is currently two years (or significantly longer than any comparable nation’s policy). Storing data for that length of time can be extremely dangerous, especially given the rise in data breaches in recent years. While Australia believes it’s two-year limit to be a good balance, there is currently no management of who actually has access to the data and several amendments are introduced to improve the privacy of Australian citizens.

Cyber News Rundown: Emotet Targets Tax Season

Reading Time: ~ 2 min.

Tax Season Brings Emotet to the Front

As Americans prepare for tax season, Emotet authors have started a new campaign that imitates a W-9 tax form requested by the target. As with most malicious phishing, an attached document asks users to enable macros when viewing the files. This campaign can be particularly dangerous, because many people don’t spend much time looking at W-9s since they are only sent to contractors and clients who often quickly sign and return them. Emotet infections can further harm companies by downloading additional info-stealing malware and using infected machines to distribute spam campaigns.

Australian Logistics Company Faces Delays After Ransomware Attack

Toll Group, a major transportation company in Australia, fell victim to a ransomware attack this week that forced them to take several vital systems offline. Due to company cybersecurity policies, no customer data was accessed and the damage was minimized by a quick response from their team. While many customers have been able to conduct business as normal, some are still experiencing issues as they wait for all of Toll Group’s systems to return to normal operation.

Cryptomining Botnet Found on DoD Systems

A bug bounty hunter recently found an active cryptocurrency mining botnet hidden within systems belonging to the U.S. Department of Defense (DoD). The bug was also being used as a silent backdoor for additional malware execution. Unfortunately, the misconfigured server had already been illicitly accessed and the attackers had installed a cryptominer to obtain Monero coins, but officials for the DoD worked quickly to secure the system before further damage could be inflicted.

Maze Ransomware Targets Multiple French Industries

At least five French law firms and a construction corporation have fallen victim to the Maze ransomware variant, which is known for quickly exfiltrating sensitive information. Maze authors also made an announcement that they will begin releasing the stolen data if the victims refuse to pay the ransom. Though only two of the law firms have had their data posted so far, the remaining firms are expected to be exposed if the ransom is not paid.

British Charity Falls for Impersonation Scam

The British housing charity Red Kite recently fell victim of an impersonation scam in which nearly $1 million was redirected to a scammer’s account. By disguising their domain and illicitly accessing previous Red Kite email threads, the attackers were able to impersonate a contracting company without payment system safeguards stopping the payment or notifying victims that anything was abnormal until it was too late.

Cyber News Rundown: Magecart Hackers Arrested

Reading Time: ~ 2 min.

Indonesian Magecart Hackers Arrested

At least three individuals were arrested in connection to the infamous Magecart information stealing malware. Thanks to the combined efforts of several international law enforcement agencies, numerous servers issuing commands to awaiting Magecart scripts have been taken down in both Indonesia and Singapore. While these are not the only individuals who have profited from the Magecart code, they are the first to be identified and brought to justice.

German City Suffers Cyberattack

The City of Potsdam, Germany, is recovering from a cyberattack that took down parts of its administration systems. Fortunately, the systems were being actively monitored and were quickly taken offline to prevent data from being removed. It seems, after further investigation, that the servers were not fully patched with the latest updates. This could have allowed the attackers to move and execute malware freely.

Job Listings Used to Commit Fraud

A new wave of data theft has hit the job hunting crowd, making life harder for people looking to be hired. Cybercriminals have been creating phony sites with job listings for the purpose of absconding with the information one would normally provide an employer after accepting an offer. Though these types of scams have been executed in the past, they tend to reappear occasionally due to their continued success.

UK Court Freezes Bitcoin Wallet

After falling victim to a ransomware attack that shut down more than 1,000 computers, a Canadian insurance company took advantage of their cybersecurity policy to pay out a nearly $1 million ransom. By working with a cyber analysis firm, the company was able to track their ransom payment through the blockchain to a final wallet, which was then frozen by the currency exchange to stop further transactions and to identify the owners of the wallet. Though this may sound positive for the victims, they may be the target of additional negative repercussions like having their stolen data published or being attacked again.

South Carolina Water Company Shutdown

The Greenville Water service in South Carolina was hit with a cyberattack that took down all their systems for around the last week. As they continue to restore systems to proper function, officials have stated that no customer data was accessed, nor is any payment card data actually stored there. Fortunately, Greenville Water was able to return to normal functions within a week and informed customers that late fees would not be issued for payments made during the outage.

Cyber News Rundown: Cannabis User Data Breach

Reading Time: ~ 2 min.

Point-of-Sale Breach Targets U.S. Cannabis Industry

Late last month, researchers discovered a database owned by the company THSuite that appeared to contain information belonging to roughly 30,000 cannabis customers in the U.S. With no authentication, the researchers were able to find contact information as well as cannabis purchase receipts, including price and quantity, and even scanned copies of employee and government IDs. Though many of the records were for recreational users, medical patients were also involved in the breach, which could prompt additional investigations regarding HIPAA violations.

Ransomware Attack Shuts Down Florida Libraries

At least 600 computers belonging to the library system of Volusia County, Florida were taken offline after falling victim to an unconfirmed ransomware attack. While the libraries were able to get 50 computers back up and running, many of their core functionalities are still offline for the time being. Though officials still have not confirmed that ransomware was the cause of the shutdown, the attack is similar to ones targeting multiple California libraries less than a week earlier.

UK Government Allows Gambling Firms Access to Children’s Data

The Information Commissioner’s Office (ICO) was recently informed of a data breach that could affect nearly 28 million students in the UK. A gambling firm was apparently given access to a Department for Education database by a third-party vendor to complete age and ID verification, though it is unclear just how much information they were gathering. Both firms and the Department for Education have begun examining this breach to determine if this requires a full GDPR investigation.

International Law Enforcement Efforts Take Down Breach Dealer Site

In a combined effort from multiple law enforcement agencies in the U.S. and Europe, two individuals who operated a site that sold login credentials from thousands of data breaches were arrested. Immediately following the arrests, the domain for WeLeakInfo was taken down and all related computers were seized by police, who then promptly put up an official press release and request for any additional info on the site or owners. WeLeakInfo, which boasted access to over 12 billion records, was originally hosted by a Canadian company, but was quick to employ Cloudflare to continue their nefarious dealings privately.

UPS Store Exposes Customer Data

Roughly 100 UPS Stores across the U.S. fell victim to a phishing attack that compromised sensitive customer information over the last four months. This incident stems from a malicious phishing attack that allowed some individuals to compromise store email accounts, which then allowed access to any documents that had been exchanged between the accounts and customers, from passports and IDs to financial info. Fortunately, UPS has already begun contacting affected customers and is offering two years of credit and identity monitoring.

Cyber News Rundown: Ryuk Uses Wake-on-Lan

Reading Time: ~ 2 min.

Ryuk Adds New Features to Increase Devastation

The latest variant of the devastating Ryuk ransomware has been spotted with a new feature that allows it to turn on devices connected to the infected network. By taking advantage of Wake-on-Lan functionality, Ryuk can is able to mount additional remote devices to further its encryption protocols. While it’s possible to only allow such commands from an administrator’s machine, those are also the most likely to be compromised since they have the largest access base.

Learn more about ransomware infections and how to protect your data from cybercrime.

Bank Hackers Arrested Outside London

Over the course of six years, two individuals were able to successfully hack into many hundreds of bank and phone accounts with the intent to commit fraud. With the information they gathered, the two were also able to open new credit accounts and take out significant loans to purchase extra tech hardware. Officials for the London Metropolitan Police have made it known that cybercrime is taken just as seriously as any other crime.

Cryptominer Found After Multiple BSODs

Following a series of “blue screens of death” (BSoDs) on a medical company’s network, researchers identified a cryptominer that spread to more than 800 machines in just a couple months. The payload, a Monero miner, was hidden within a WAV file that was able to migrate undetected to various systems before executing the payload itself. To spread efficiently, the infection used the long-patched EternalBlue exploit that had not yet been updated on the network in question, thus leaving them fully susceptible to attack.

Consulting Firm Exposes Professional Data

Thousands of business professionals from the UK have potentially fallen victim to a data leak by the major consulting firm CHS. A server belonging to the company was found to contain passports, tax info, and other sensitive information that could have been archived from background checks within an unsecured Amazon Web Services bucket. While it is still unclear how long the data was available, researchers who discovered the leak quickly contacted both CERT-UK and Amazon directly, which promptly secured the server.

Western Australian Bank Breached

Over the last week officials for P&N Bank in Australia have been contacting their customers concerning a data breach that occurred during a server upgrade in early December. Though personally identifiable information has been exposed, it doesn’t appear that any accounts have been illicitly accessed and relates more to a customer’s contact information. A total number of affected customers has yet to be confirmed.