There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
Compromised RDP Servers Offer Cheap Attack Platform
Recently, researchers discovered an online marketplace that allowed for the purchase of hacked remote desktop servers for a minimal fee. The Russian-based site, known as the xDedic Marketplace, has listings for over 70,000 servers located in 173 different countries, which range from government institutions to universities.
http://www.theregister.co.uk/2016/06/15/hacked_server_market/
Chat Support: The Latest Ransomware Feature
Ransomware has become an all-too-common occurrence in the cyber world, and a new variant named ‘Jigsaw’ has a curious surprise for its victims: live phone support. An option on the lock screen offers the victim a chance to speak with someone about paying the ransom by using ‘onWebChat’, a free-to-use chat program. This feature is just another step towards professionalizing the ransomware industry and instilling trust in their worldwide “customer” base that they will decrypt the user’s files once a payment has been made.
Lone Hacker Claims Responsibility for DNC Breach
Earlier this week, it was reported that the DNC’s (Democratic National Committee’s) official servers had been compromised and sensitive information regarding opponent Donald Trump had been stolen by the Russian Government. Shortly after Kremlin officials stated their innocence in the matter, a hacker going by Guccifer 2.0 posted a blog on WordPress where he took full credit for the hack and included several (supposedly) related documents. Security officials are working to determine the authenticity of the documents, while further research has turned up additional information about other intrusions into the DNC network.
http://www.reuters.com/article/us-usa-election-hack-idUSKCN0Z209Q
Japanese Travel Agency Hacked
In the past week, the Japanese travel agency JTB announced a data breach encompassing nearly 8 million customers. The leak is said to contain not only the names and addresses of users, but passport information as well. It is believed that the attack stemmed from a phishing email attachment, which was downloaded by an unsuspecting employee. Fortunately, after further investigation, it seems only 4,300 of the passport numbers are actually valid.
http://www.zdnet.com/article/japans-largest-travel-agency-fears-data-leak-impacting-8-million-users/
Android TV Ransomware Spotted
A variant of ransomware that’s been around since 2015, known as ‘Frantic Locker’, has started to appear on Android Smart TVs with a demand for ransom in the form of iTunes gift cards. The infection initiates via a downloaded file from an infected site, then determines its geolocation and, based on its region, either launches a lock screen or shuts down. While users in Eastern Europe seem unaffected by the infection, victims in other regions are already discovering various methods to simply remove the infection, rather than paying the ransom.
http://www.theregister.co.uk/2016/06/13/android_ransomware_infects_tvs/
