Earlier this month, CES attendees got a taste of the future with dazzling displays of toy robots, smart assistants, and various AI/VR/8K gadgetry. But amid all the remarkable tech innovations on the horizon, one thing is left off the menu: user privacy. As we anticipate the rocky road ahead, there are three major pitfalls that have privacy experts concerned.
Biometric authentication—using traits like fingerprints, iris, and voice to unlock devices—will prove to be a significant threat to user privacy in 2018 and beyond. From a user’s perspective, this technology streamlines the authentication process. Convenience, after all, is the primary commodity exchanged for privacy.
Mainstream consumer adoption of biometric tech has grown leaps and bounds recently, with features such as fingerprint readers becoming a mainstay on modern smartphones. Last fall, Apple revealed its Face ID technology, causing some alarm among privacy experts. A key risk in biometric authentication lies in its potential as a single method for accessing multiple devices or facilities. You can’t change your fingerprints, after all. Biometric access is essentially akin to using the same password across multiple accounts.
“Imagine a scenario where an attacker gains access to a database containing biometric data,” said Webroot Sr. Advanced Threat Research Analyst Eric Klonowski. “That attacker can then potentially replay the attack against a variety of other authenticators.”
That’s not to say that biometrics are dead on arrival. Privacy enthusiasts can find solace in using biometrics in situations such as a two-factor authentication supplement. And forward-thinking efforts within the tech industry, such as partnerships forged by the FIDO Alliance, can help cement authentication standards that truly protect users. For the foreseeable future, however, this new tech has the potential to introduce privacy risks, particularly when it comes to safely storing biometric data.
Big data, big breaches
2017 was kind of a big year for data breaches. Equifax, of course, reined king by exposing the personal information (including Social Security Numbers) of some 140 million people in a spectacular display of shear incompetence. The Equifax breach was so massive that it overshadowed other big-data breaches from the likes of Whole Foods, Uber, and the Republican National Committee.
It seems no one—including the government agencies we trust to guard against the most dangerous online threats—was spared the wrath of serious data leaks. Unfortunately, there is no easy remedy in sight, and the ongoing global invasion of user privacy is forcing new regulatory oversight, such as the upcoming GDPR to protect EU citizens. The accelerated growth of technology, while connecting our world in ways never thought possible, has also completely upended traditional notions surrounding privacy.
The months ahead beg the question: What magnitude of breach will it take to trigger a sea change in our collective expectation of privacy?
The third big issue that will continue to impact privacy across the board is the current lack of young talent in the cybersecurity industry. This shortfall is a real and present danger. According to a report by Frost & Sullivan, the information security workforce will face a worldwide talent shortage of 1.5 million by 2020.
Some of this shortfall is partly to blame on HR teams that fail to fully understand what they need to look for when assessing job candidates. The reality is that the field as a whole is still relatively new and is constantly evolving. Cybersecurity leaders looking to build out diverse teams are wise to search beyond the traditional background in computer science. Webroot Vice President and CISO Gary Hayslip explained that a computer science degree is not something on his radar when recruiting top talent for his teams.
“In cyber today, it’s about having the drive to continually educate yourself on the field, technologies, threats and innovations,” said Hayslip. “It’s about being able to work in teams, manage the resources given to you, and think proactively to protect your organization and reduce the risk exposure to business operations.
Beyond shoring up recruiting practices for information security roles, organizations of all types should consider other tactics, such as providing continual education opportunities, advocating in local and online communities, and inevitably replacing some of that human talent with automation.
From Facebook to LinkedIn, social media is flat-out rife with phishing attacks. You’ve probably encountered one before… Do fake Oakley sunglasses sales ring a bell?
Phishing attacks attempt to steal your most private information, posing major risks to your online safety. It’s more pressing than ever to have a trained eye to spot and avoid even the most cunning phishing attacks on social media.
Spammers on social media are masters of their craft and their tactics are demonstrably more effective than their email-based counterparts. According to a report by ZeroFOX, up to 66 percent of spear phishing attacks on social media sites are opened by their targets. This compares to a roughly 30 percent success rate of spear phishing emails, based on findings by Verizon.
Facebook has warned of cybercriminals targeting personal accounts in order to steal information that can be used to launch more effective spear phishing attacks. The social network is taking steps to protect users’ accounts from hostile data collection, including more customizable security and privacy features such as two-factor authentication. Facebook has also been more active in encouraging users to adopt these enhanced security features, as seen in the in-app message below.
Types of social phishing attacks
Fake customer support accounts
The rise of social media has changed the way customers seek support from brands, with many people turning to Twitter or Facebook over traditional customer support channels. Scammers are taking advantage of this by impersonating the support accounts of major brands such as Amazon, PayPal, and Samsung. This tactic, dubbed ‘angler phishing’ for its deepened deception, is rather prevalent. A 2016 study by Proofpoint found that 19% of social media accounts appearing to represent top brands were fake.
To avoid angler phishing, watch out for slight misspellings or variations in account handles. For example, the Twitter handle @Amazon_Help might be used to impersonate the real support account @AmazonHelp. Also, the blue checkmark badges next to account names on Twitter, Facebook, and Instagram let you know those accounts are verified as being authentic.
Trending content such as Facebook Live streams are often plagued with spammy comments from accounts that are typically part of an intricate botnet. These spam comments contain URLs that link to phishing sites that try to trick you into entering your personal information, such as a username and password to an online account.
It is best to avoid clicking any links on social media from accounts you are unfamiliar with or otherwise can’t trust. You can also take advantage of security software features such as real-time anti-phishing to automatically block fake sites if you accidently visit them.
Yes, phishing happens within Direct Messages, too. This is often seen from the accounts of friends or family that might be compromised. Hacked social media accounts can be used to send phishing links through direct messages, gaming trust and familiarity to fool you. These phishing attacks trick you into visiting malicious websites or downloading file attachments.
For example, a friend’s Twitter account that has been compromised might send you a direct message with a fake link to connect with them on LinkedIn. This link could direct to a phishing site like the one below in order to trick you into giving up your LinkedIn login.
While this site may appear to look like the real LinkedIn sign-on page, the site URL in the browser address bar reveals it is indeed a fake phishing site.
Phony promotions & contests
Fraudsters are also known to impersonate brands on social media in order to advertise nonexistent promotions. Oftentimes, these phishing attacks will coerce victims into giving up their private information in order to redeem some type of discount or enter a contest. Know the common signs of these scams such as low follower counts, poor grammar and spelling, or a form asking you to give up personal information or make a purchase.
The best way to make sure you are interacting with a brand’s official page on social media is to navigate to their social pages directly from the company’s website. This way you can verify the account is legitimate and you can follow the page from there.
The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any questions? Just ask.
Hospital Pays Ransom to Restore Systems, Despite Having Backups
In the first cyberattack of 2018 to hit a healthcare organization, an Indiana hospital’s entire network was taken offline. Despite having full backups on-hand, the hospital paid the $55,000 Bitcoin ransom right away. Officials stated they paid the ransom to get the systems back to normal as quickly as possible, since restoring everything from their backups could have taken weeks. Fortunately for patients, no data was stolen, and the staff could continue assisting new arrivals the old-fashioned way (that’s right: pen and paper) until system functionality was restored.
Audio Attacks Used for Damaging Hard Drives
A recent collaborative study performed by two universities proved that, within a reasonable proximity, an attacker could use acoustic signals to target a hard disk drive, leading to data corruption on the device. While many people could explain why this type of attack is possible, the study determined that the attacks required not only a specific frequency based on the hard drive in question, but also a precise distance from the drive and angle of sound projection to execute a successful attack.
New Android Platform Takes Spying to New Heights
A new Android spying platform has been discovered that puts all its predecessors to shame. By implementing several new features, such as location-based audio recording, compromising WhatsApp messages, and even allowing attackers to connect the device to malicious WiFi networks, this software platform gives attackers an all-new range of methods to target victims. The platform is based around five known exploits in the Android OS, and it uses them to gain administrative access to the device.
Latest Netflix Phish Asks for User Selfie
Within the last week, a new email phishing campaign has been spotted targeting Netflix users. The email informs users that a “hold” has been placed on their account pending further information. It requests users upload a photo of themselves with an ID card and prompts them to update their billing information, before redirecting them to the real Netflix login page.
RubyMiner Found on Older Linux and Windows Servers
A new cryptocurrency miner variant has been targeting outdated system servers that run both Linux and Windows. The variant, known as RubyMiner, identifies the unsecured servers using a web server tool, then gains access via a variety of exploits to install a modified Monero miner. RubyMiner deviates from similar miners in that it focuses on machines that have likely been forgotten about, and so remain on without being regularly patched.
“How to buy Bitcoin” dominated Google how-to searches in 2017, ranking third overall. With the hype surrounding cryptocurrency at an all-time high, now is a better time than ever to cover the essentials of keeping cryptocurrencies safe.
If you are just getting into the crypto space or you’ve known what ‘HODL’ means for a while now, there are some basics everyone should know about protecting their holdings.
Need-to-know: private keys
Let’s start with the basics. First and foremost, you should know the difference between your public and private wallet addresses (aka keys). A convenient analogy here is that most cryptocurrency wallets essentially operate like a postal box.
Each wallet has a unique public address that can be given out freely to anyone, much like you would give out your P.O. box address at a post office. This public address will only allow people to send coins to the wallet.
You also have a private address that unlocks your wallet and allows you to send coins out of it, similar to how your mail key allows you to unlock your P.O. box and withdraw your mail. This key is yours and yours only. Never share your private address with anyone.
Keeping up with your wallets’ private addresses is an exercise in personal responsibility. You don’t have a physical key to save you, and instead need to carefully store your private address (which is simply a long string of characters). Above all, storing private keys insecurely on your computer is an easy target for cybercriminals who use malware capable of sniffing out and copying your private keys.
If you choose to store private wallet addresses on your devices, never keep them in plain text format, and instead store them on a password-protected, encrypted drive. For maximum security, only print paper versions of your wallet and store multiple copies in secure places, such as a home safe or a bank safety deposit box. This technique is referred to as cold-storage, as your wallet is not stored on an internet-connected device. Hardware wallets, such as those made by Trezor or Ledger, are other options for secure storage of your crypto assets.
Buying and storing coins on an exchange such as Coinbase is inherently risky, especially the storage part as you don’t have access to your wallets’ private addresses on an exchange. The convenience factor may be great—user-friendly apps, pretty charts, and a multitude of coins to explore—but on an exchange, you do not have access to your private wallet addresses.
To be fair, that’s part of the ease-of-use exchanges provide since you don’t have to worry about copy and pasting a private address every time you want to unlock a wallet to send from. But this also means that you are not in full control of your coins and if you were to violate any terms of the exchange (knowingly or unknowingly), they could ban your account and you would lose access to your coins. The same is true if the exchange was hacked. If they were improperly storing private keys, you could lose your coins forever.
Staying in full control of your wallet also has additional perks. In the case of a ‘hard fork’ or ‘airdrop’ to holders of a certain coin, you would be able to claim those. As it currently stands, most exchanges do not give you hard fork coins or airdrops, and instead keep those assets for themselves to increase profitability.
‘All your Bitcoin are belong to us’
Perhaps only one thing is certain in the crypto-world: hackers can and WILL try to steal your cryptocurrency.
While blockchain technology is considered an incredibly reliable, real-time database that’s proven resistant to attack and manipulation, wallet- and exchange-side security have shown numerous vulnerabilities over the years. Perhaps you’ve heard of the infamous Parity wallet hack in which an attacker exploited a wallet vulnerability to steal over 150,000 ETH (today that’s $165 million USD).
Just last week, a Google researcher discovered a bug in the popular Electrum wallet that would allow websites to steal the wallet’s contents, causing the Electrum team to quickly release a patch to fix the bug. Case in point—do your homework on any desktop, browser, or mobile wallets you plan to use. Don’t trust blindly.
Beware of tried-and-true phishing attacks. Phishing attempts to steal private keys are abundant and targeted specifically toward unwitting investors chasing the crypto rush. Below is a phishing site that visually copies a legitimate site belonging to the wallet app Bread. Notice that the malicious URL (hxxp://breadtokenapp.com/sign.php) is just barely different than the legitimate URL (hxxps://token.breadapp.com/en/).
Dead giveaway. No website should ever ask for your private address. The same is true for exchanges as they manage wallets on their side and would never need your private keys either. The only circumstance where your private address needs to be inputted is to access a wallet. It’s a good idea to bookmark wallet sites such as the popular myetherwallet.com to make sure that you are always using the correct URL and not a phishing site.
It might seem obvious, but making sure your computer is free from malware is mission critical when dealing with cryptocurrencies. A trusted antivirus solution, secure password manager, and browser security can help protect you from would-be crypto thieves.
Have questions or concerns specific to cryptocurrency wallet security? Drop me a line in the comments below.
Reports have surfaced recently that Ledger Nano S hardware wallets are susceptible to potential man-in-the-middle attacks.
Man in the Middle Attack – Am I at risk? Our answers and actions to address the threat https://t.co/ms5LAnAR2O
— Ledger (@LedgerHQ) February 5, 2018
The Ledger, while safe in offline storage, must still be connected to the internet to make transactions. Ledger has confirmed that their device is vulnerable to man-in-the-middle attacks (using malware that scans for the recipient’s address and changes it to the hacker’s own address). This reiterates the importance of always double-checking the wallet address that you intend to send to, as well as ensuring your computer is free from malware.
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst with a passion for all things security. Any questions? Just ask.
Exploitable Backdoor Found in Western Digital NAS Drives
Western Digital has recently released numerous patches for the vulnerabilities that were found and reported to the vendor nearly six months ago. The prominent issue revolved around a hard-coded administrative backdoor that could allow attackers to remotely execute files on the drives. Unfortunately for Western Digital, this series of vulnerabilities comes not long after the same generation of drives were found with 85 different exploits (and the company waited to push out patches until after the exploits had come to public attention.)
Welsh Restaurant Closes After Cyberattack
In the past month, the owner of a Welsh restaurant has been struggling to keep the doors open on the Seafood Shack following a cyberattack that completely cleared out the restaurant’s reservation system in the weeks before to Christmas. The restaurant is currently closed after nearly a month without patronage. The systems weren’t being monitored manually, so every diner’s booked tables were left empty. In addition to the cyberattack, the restaurant also faced licensing issues after a supervisor left their employ.
Winter Olympics Organizers Targeted by Phishing Attacks
Officials working on the Pyeongchang Winter Olympics have been under a constant stream of phishing attacks disguised as Microsoft® Word documents from a South Korean intelligence agency. The documents work like normal ones, but request that the user enable macros to launch a PowerShell script. Another version of the malware even bypassed the need for user permission, and instead waited for the user to click the .docx icon to change the language to Korean before launching the same PowerShell script.
Older Zero-Day Exploit Released on New Year’s Eve
In an unusual finish for 2017, one researcher chose to release a 15-year-old macOS® exploit into the wild. The exploit requires local access to the device, but, once active, would give any attacker full root access to the machine after the user logged out of their session. Even though all Mac® operating systems are susceptible to this vulnerability, it’s only a matter of time until Apple steps in and corrects the issue and give their massive client-base some piece of mind.
Opera Browser Implements Anti-Cryptojacking Functions
With the recent emergence of cryptojacking (i.e., exploiting an unwitting user’s CPU to mine cryptocurrency while they visit a hijacked website), Opera has taken a stand and implemented crypto-mining protection called “NoCoin” in their current ad blocking filter. NoCoin works by detecting any mining activity on a visited website and stops the mining, freeing up the system’s processor for actual user-initiated applications.
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst with a passion for all things security. Any questions? Just ask.
Researchers Find Major Security Flaws in Modern Processors
Newly discovered bugs, Meltdown and Spectre, exploit critical flaws in the architecture of many modern processors to leak system memory and view information that should remain hidden at the application level. This vulnerability would allow hackers to steal secret information, such as stored passwords, although there are no known exploits currently in use. Operating system makers such as Microsoft, Apple, and Linux scrambled on Wednesday to release security updates to protect users. Experts speculate these flaws will impact the security industry for many years to come.
‘Trackmageddon’ Bugs Leave GPS Data Open to Hackers
Two security researches have uncovered several vulnerabilities that affect GPS tracking services, including those used in child and pet trackers. These vulnerabilities range from weak passwords and unsecured folders to unprotected API endpoints, according a report issued by the research team. Hackers could potentially exploit these flaws to collect private data from these location-tracking services.
Clothing Retailer Finds Malware on PoS Devices
The LA-based fashion retailer Forever 21 revealed that a recent data breach resulted in the theft of customer credit card information. Following an investigation, Forever 21 disclosed that point-of-sale devices were infected with malware following a lapse in data encryption. While it’s still unclear how many stores and customers have been affected, the retailer advises all customers to keep a close eye on their financial statements and credit reports for suspicious activity.
Cancer Care Provider Reaches Settlement over HIPAA Violations
21st Century Oncology has reached a $2.3 million settlement agreement with the US Department of Health and Human Services following a data breach that leaked patient records and Social Security numbers of some 2 million patients. According to a press release from HHS, the breach was uncovered after an FBI informant was able to illegally obtain the company’s private patient files from a third party.
Android Malware Variant Steals Uber Data
Fakeapp malware found on Android devices spoofs Uber app to appear legitimate to users. This new malware tricks users into entering their account credentials by imitating the Uber app’s user interface. This attack underscores the need for caution when downloading apps, even from the Google Play store, as well as using a trusted a mobile security solution.
It can be daunting to step into the often unfamiliar world of security, where you can at times be inundated with technical jargon (and where you face real consequences for making the wrong decision). Employing an MSP or MSSP is oftentimes in best interest of small and medium businesses (SMBs).
In a study performed by Ponemon Institute, 34% of respondents reported using a managed service provider (MSP) or managed security service provider (MSSP) to handle their cybersecurity, citing their lack of personnel, budget, and confidence with security technologies as driving factors. But how do you find a trustworthy partner to manage your IT matters?
Here are the top 3 questions any business should ask a potential security provider before signing a contract:
Okay, this one that you’ll probably research before reaching out. Look at how long the company has been in business and who their current clients are. Are you confident they can anticipate the unique technology needs of your business?
You’ll want to work with MSPs who understand your business and are able to make technology decisions based on your unique needs. Make sure they have a solid track record with other businesses your size. If your industry has particular compliance concerns or makes heavy use of specialized programs, make sure they have experience with other customers in your industry.
Make sure they round out these services with key security offerings. To make sure they have basic IT security controls in place, ask them about industry buzzwords like asset inventory, patch management, access management, continuous monitoring, vulnerability scanning, antivirus, and firewall management. The specifics of their answers aren’t as important as a confident, well-considered plan.
Security-minded MSPs will make sure your software and your web surfing habits don’t provide cybercriminals with backdoor access to your systems. They will make sure your network is secure, and they will install antivirus on all of your computers. Bonus points if they are forward-thinking enough to include Security Awareness Training. Make sure you understand the services they offer, and ask if these services have extra costs.
While these are not all of the questions you should consider asking a potential service provider, they can help get the conversation started and ensure you only work with service providers who meet your unique needsservice providers who meet your unique nee.
- Ponemon Institute. (2016, June). Retrieved from Ponemon Research: https://signup.keepersecurity.com/state-of-smb-cybersecurity-report/
- Ponemon Institute Cost of Data Breach Study: (2017 June) https://www.ibm.com/security/data-breach
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any questions? Just ask.
WordPress Backdoor Found on Over 300,000 Machines
Recently, researchers found a WordPress plugin containing a backdoor that could allow criminals to easily access any device on which the plugin is installed (at least 300,000 machines, in this case). Even more worrisome: the backdoor wasn’t discovered until the plugin’s author was cited in a copyright claim over the use of the “WordPress” brand. The WordPress security team quickly updated the plugin and began force-installing it on all compromised sites.
Billions of Credentials Found on Dark Web
In a recent data dump on the Dark Web, researchers have discovered a trove of credentials for at least 1.4 billion users, all of which was stored in plain text and was easily searchable. While some of the data had already been released in a previous data dump, it appears most of the credentials were new and verified as authentic. Unsurprisingly, the dump has also revealed that the majority of users still have incredibly weak passwords. The most common is still “123456”.
Data on Millions of Americans Left Unattended Online
Earlier this year, researchers discovered yet another AWS S3 database left misconfigured and freely available to anyone with AWS credentials. The database belongs to Alteryx, a marketing analytics company, and revealed financial information for at least 123 million Americans. Although, fortunately, the database didn’t contain full names or social security numbers, the 248 available data fields could easily be used to identify specific individuals.
Thousands of Lexmark Printers Left Unsecured
Over 1,000 internet-connected Lexmark printers have been found to have zero security measures; most lacked even a simple password. Additionally, many of these printers have been traced back to prominent companies and even government organizations. And while sensitive information isn’t directly available, hackers could cause major disruptions to the devices’ functions, and could even install malware to remotely capture any print jobs that might contain valuable data.
Android Mobile Game Silently Leaking Data
A relatively new mobile game on the Google Play Store appears to leak sensitive data from both the device’s user and the device itself almost constantly. Dune!, the app, has been downloaded at least 5 million times, and has been known to connect to up to 32 different servers to silently transmit stolen data and access a device’s geolocation data. Along with its true functionality, Dune! carries at least 11 known vulnerabilities that make it prone to additional attacks and further data leakage.
Once your home WiFi network is up and running and your family’s devices are connected, it’s normal to turn a blind eye to your router. After all, it’s mostly out of sight and out of mind. Unfortunately, that small, seemingly harmless box isn’t as secure as you may think.
Your router is your gateway to the internet. Once it’s compromised, cybercriminals may be able to view your browser history, gain access to your login information, redirect your searches to malicious pages, and potentially even take over your computer to make it part of a botnet.
Attacks like these are becoming all too common. Last year, we saw a prime example when hackers gained access to routers from various manufacturers and infected consumers’ devices with malicious advertising (also known as malvertising).
In a more recent attack, hackers entered WordPress sites through their owners’ unsecured home routers. After hacking the router, the attackers successfully guessed the password for the WordPress accounts and took complete control of the sites. As security experts noted, this particular hack was made even worse by the fact that most users have little to no understanding of how to secure their home router.
Beef up your home Wifi network security
Here are a few precautionary steps you can take to help deter cybercriminals from infiltrating your home WiFi network:
- Change the default username and password on your route. (Remember to update your WiFi password frequently!)
- Configure your router’s settings to use strong network encryption (WPA2 is preferred).
- Disable your router’s SSID broadcast so it isn’t visible to others.
Additionally, Webroot Chief Information Security Officer (CISO) Gary Hayslip recommends enabling a personal firewall.
“Hackers search the internet by using certain tools to send out pings (calls) to random computers and wait for responses,” he said. “Your firewall, if configured correctly, would prevent your computer from answering these calls. Use your personal firewall. The main point to remember is that firewalls act as protective barriers between computers and the internet, it is recommended you install them on your computers, laptops, tablets, and smart devices if available.”
Learn more about how to keep your WiFi connection secure with our Tips for Improving Router Security.
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any questions? Just ask.
NC County Crippled by Ransomware Attack
Recently, a county in North Carolina was the target of a substantial ransomware attack that took many of their official systems offline, and may have affected over a million residents. Nearly 10% of the county’s servers were forced offline with a ransom demand of $23,000. County officials have stated they will not be paying, as there are no guarantees with ransomware, and will work to recover systems as quickly as possible.
Starbucks In-Store Wi-Fi Used to Mine Cryptocurrency
In the past week, a researcher discovered that the Argentinian rewards site for Starbucks was silently running a coin-mining script to generate Monero coins. Even more worrisome: more than 5,000 unique sites have been identified which are also be running some form of CoinHive code to mine cryptocurrency by sapping unsuspecting visitor’s CPU power. Fortunately for fans of free WiFi, Starbucks was quick to contact their internet service provider and resolve the issue.
Brand New HP Laptops Come with a Nasty Surprise
Keylogging software was recently discovered on over 400 models of HP laptops—preinstalled in their keyboard drivers. Even though the keylogger is disabled by default, it wouldn’t be difficult for anyone with access to the device to compromise its security by enabling it to record users’ keystrokes. Luckily for HP users, the company promptly issued a patch that removed the keylogging software from affected devices.
Spider Ransomware Focused on Balkans
Over the last few days, researchers have been monitoring a new ransomware variant called “Spider” as it works its way across the Balkan region of Europe. Surprisingly, this variant gives victims a mere 96 hours to pay the ransom. In addition to the tight deadline, the ransomware makes several attempts to ease the payment process for victims by providing an “educational” video tutorial and giving the user steady reassurance on how simple it is. As with many other ransomware variants, Spider spreads through malicious Microsoft® Office documents that request users to enable macros.
Mirai Botnet Creators Federally Charged in US
The creators of the original Mirai botnet have been federally charged for its initial creation and use as a DDoS-for-hire service. At its peak, Mirai affected over 300,000 individual IoT devices. Apparently, after the major DDoS attack earlier this year against DNS provider Dyn, one of the creators released the source code in the hope that others might use it, thereby obscuring the trail leading back to him.
It has been a turbulent year of devastating ransomware attacks (e.g. NotPetya) and gut-wrenching breaches (e.g. Equifax). Undoubtedly, the question on everyone’s mind is, “what’s in store for us in the New Year?” Webroot’s top 10 cybersecurity predictions for 2018 covers everything from ransomware and breaches to mobile, cryptocurrency, and government.We’ve grouped our predictions to help you navigate this glimpse into one possible cybersecurity future.
Malware will get smarter and threats more serious.
Malware campaigns will use AI to make secondary infection decisions based on what they’ve learned from previous campaigns. – Gary Hayslip, chief information security officer
We will see the first health-related ransomware targeting devices like pacemakers. – Eric Klonowski, sr. advanced threat research analyst
We haven’t seen the last of breaches.
I predict a minimum of 3 separate breaches of at least 100 million accounts each. I’d be willing to bet the data has already been compromised, but the affected organizations won’t learn of the breach until next year. – Tyler Moffitt, sr. advanced threat research analyst
Not even biometric security will be safe from malicious actors.
We will see the first biometric-access-based exploits using facial recognition or fingerprint access. – Eric Klonowski, sr. advanced threat research analyst
Consumers will want more from governments to keep them safe.
Consumers fighting back: 2018 will see major a major backlash from consumers (perhaps in the form of class action lawsuits), necessitating more regulations around data protection, particularly in the U.S. – David Kennerley, director of threat research
Infosec will become a C-level priority.
The CISO role will be mandatory for all organizations who do business with the Federal Government. – Gary Hayslip, CISO
Being a mobile-first society will come with greater costs.
We will see the first widespread worming mobile phone ransomware, perhaps spread by SMS or MMS. – Eric Klonowski, sr. advanced threat research analyst
Cryptocurrency will continue to rise and impending legislature is inevitable.
Malware distribution will rise and fall in conjunction with Bitcoin value. – Christopher Cain, associate malware removal engineer
GDPR will set a tone, for better or worse, and businesses should prepare on all sides.
Companies who trade with the European Union will suddenly panic over GDPR requirements and just encrypt everything in a knee-jerk response. – Jonathan Giffard, sr. product manager
The boom in the IoT space will bring stricter oversight to device manufacturers.
Data collected from IoT devices will be aggregated and used to develop an even larger, more involved picture of customers’ habits, constituting a major breach of privacy without consent. – Gary Hayslip, CISO
Do you have any cybersecurity predictions for 2018? Share your thoughts with us on Twitter with the tag #CyberIn2018.
As 2017 comes to a close, we’re looking back at the 10 most significant (or simply the most devastating) cybersecurity stories of the year. Read through the list below to see which attacks, data breaches, and other events left a lasting impact on both the security industry and the global online community overall.
Which story meant the most to you or your business? Let us know in the comments below!
In January of this year, MongoDB suffered a severe hack that left thousands of installations at the mercy of a ransomware attack that transformed into a destructive force, by deleting thousands of data entries while still leaving a ransom note behind to taunt the victims. At its peak, this specific attack was being played out by up to 12 unique attackers, all leaving their own ransomware variant and encryption information on the systems, making it exceedingly difficult for remediation.
WikiLeaks Release CIA Vault 7
By March, an enormous national security hole was revealed thanks to a release on WikiLeaks dubbed “Vault 7”, which exposed information on CIA hacking, zero-day exploits that they had used, and finally that the lead security organization in the country is not invulnerable to security flaws. While consumer data has become less and less secure due to retail data breaches, it’s shocking that such a trove of information could be heisted from right under the noses of those whose job it is to protect some of the nation’s greatest secrets.
Shadow Brokers Divulge NSA Exploits
Just a short month after the WikiLeaks dump came the sudden flood of software exploits, all from the National Security Agency’s systems. Most of these were initially labeled as zero-day exploits that focused on older Windows operating systems that hadn’t received security updates, something which many large organizations had yet to implement. While Microsoft was quick to push out patches for these vulnerabilities, some of which were available for nearly a month prior to the actual Shadow Broker’s reveal, these exploits were later used for some of the largest ransomware attacks to date.
WannaCry Ransomware Tackles Globe
Within weeks of the last Shadow Brokers dump, organizations in over 150 different countries were dealing with the WannaCry ransomware that spread like wildfire across at least 150,000 individual endpoint devices. By propagating like a worm, the infection was able to spread quickly, exploiting several largely unpatched vulnerabilities in several Windows operating systems. While a patch for un-updated systems has been publicly available since March, many organizations struggled to roll it out to their endpoints, or couldn’t do so without rendering their proprietary software unusable. Months after the initial WannaCry campaign was launched, systems across the globe were still getting infected, including a Honda production plant in Japan, and an entire network of traffic cameras in Australia.
NotPetya Causes Global Chaos
Following closely behind the WannaCry campaign was a new variant of an older ransomware, dubbed NotPetya. The variant used similar tactics to the original Petya ransomware, though it had an entirely different agenda. By using the EternalBlue exploit made available by the Shadow Brokers back in March to attack unprotected Windows systems, NotPetya encrypted thousands of systems by booting to a fake ChkDsk to cover its actions, and then leaving the victims without a method to pay the ransom or make any attempts to retrieve their destroyed data.
NHS Database Exposes Over 1 Million Patient Records
By August, a breach had been discovered in a patient booking system known as SwiftQueue, which is widely used by several National Health Service facilities across the UK. The database in question contained patient information for nearly 1.2 million citizens, and to makes matters even worse, the attackers also claimed to have found additional vulnerabilities within SwiftQueue’s software and possessed of all 11 million records stored by the company. The breach comes just 2 months after the NHS fell victim to the WannaCry attacks that affected hundreds of industries around the world.
Equifax Sees Largest Data Breach to Date
In early September, Equifax announced that it had been compromised, leaving over 145 million Americans social security numbers and other highly sensitive information both vulnerable and likely for sale. The original point of access would seem to be their main Argentinian employee portal page which, through simple HTML viewing, could show both the username and password for nearly 14,000 customers who had filed a complaint, along with their social security number-equivalent, all stored in plain text.
Big Four Accounting Firm Breached
Using an administrative account without 2-factor authentication to gain access to their email system is the likely entry point for the September breach involving Deloitte, one of the world’s largest accounting firms. The attack appears to have only affected a limited number of the firm’s clients, though actual figures have remained quiet. In addition to the improperly managed client data, it was also revealed that the company’s entire email database, including administrative accounts, had been accessed by the attackers for an unknown amount of time. While the scale of this attack appears relatively small in comparison to Equifax, it should be known that Deloitte works with some of the largest organizations currently in operation and the sensitive nature of their information could be catastrophic if placed in the wrong hands.
Yahoo Breach Expands to All 3 Billion Users
In a mid-September statement, Yahoo announced that the initial breach that occurred in 2013 and took nearly 4 years of investigation, has impacted all the company’s 3 billion unique users. Along with this recent update, the company is still reeling from yet another data breach that happened in 2014, but pushes Yahoo into the podium as the largest data breach in current history. This update to the total affected users comes as little surprise, as the original breach left questions as to why some accounts were compromised quickly, while others remained untouched and showed no signs of malicious activity for several years.
IoT Takes Major Hit with Krack Attacks
To round off a high-profile year, a vulnerability was found within the Wi-Fi encryption currently in use by hundreds of millions of IoT devices around the world. The vulnerability has fortunately been patched by dozens of vendors for quite some time now. However, there are still some devices that won’t likely receive an update in the near future: security cameras, routers, and other household wirelessly connected ‘things’ due to the complexity and sheer quantity of devices that even one vendor can bring to market, let alone the dozens of vendors who are currently working with their partners to decide on the best methods for tackling this enormous vulnerability.