US Mayors Resolve Not To Pay Hackers Over Ransomware Attacks

More than 225 U.S. mayors have signed on to a resolution not to pay ransoms to hackers. It’s a collective stand against the ransomware attacks that have crippled city government computer systems in recent years. CNET reports: The resolution was adopted at the U.S. Conference of Mayors annual meeting, which took place late June and early July in Honolulu. “The United States Conference of Mayors stands united against paying ransoms in the event of an IT security breach,” the resolution reads. This could give city leaders across the US some leverage against hackers. The 227 mayors who attended the meeting agreed to adopt the resolution, but the US Conference of Mayors represents more than 1,400 cities with populations over 30,000.

Read more of this story at Slashdot.

Hackers Steal and Ransom Financial Data Related To Some of the World’s Largest Companies

Hackers have broken into an internet infrastructure firm that provides services to dozens of the world’s largest and most valuable companies, including Oracle, Volkswagen, Airbus, and many more as part of an extortion attempt, Motherboard reported Tuesday. From the report: The attackers have also threatened to release data from all of those companies, according to a website seemingly set up by the hackers to distribute the stolen material. Citycomp, the impacted Germany-based firm, provides servers, storage, and other computer equipment to large companies, according to the company’s website. Michael Bartsch, executive director of Deutor Cyber Security Solutions, a firm Citycomp said was authorized to speak about the case, confirmed the breach to Motherboard in an email Tuesday. “Citycomp has been hacked and blackmailed and the attack is ongoing,” Bartsch wrote. “We have to be careful as the whole case is under police investigation and the attacker is trying all tricks.”

Read more of this story at Slashdot.

BBC Visits ‘Hated and Hunted’ Ransomware Expert

In “Hated and hunted,” a BBC reporter describes visiting a ransomware expert “who has devoted himself, at huge personal cost, to helping victims of ransomware around the world.”

They hate him so much that they leave him angry threats buried deep inside the code of their own viruses… “I was shocked but I also felt a real sense of pride,” says Fabian. “Almost like, a little bit cocky. I’m not going to lie, yeah, it was nice….” He works remotely for a cyber security company, often sitting for hours at a time working with colleagues in different countries. When he’s “in the zone”, the outside world becomes even less important and his entire existence focuses on the code on his screen. He once woke up with keyboard imprints all over his face after falling asleep during a 35-hour session.
All of this to create anti-ransomware programs that he and his company usually give away free. Victims simply download the tools he makes for each virus, follow the instructions and get their files back… According to research from Emsisoft, the cyber security company Fabian works for, a computer is attacked every two seconds. Their network has managed to prevent 2,584,105 infections in the past 60 days — and that’s just one anti-virus firm of dozens around the world…. “It’s pretty much an arms race,” says Fabian. “They release a new ransomware virus, I find a flaw in its code and build the decryption tool to reverse it so people can get their files back. Then the criminals release a new version which they hope I can’t break… It escalates with them getting more and more angry with me….”
Fabian accepts that moving around and restricting his life and circle of friends is just a part of the sacrifice for his hobby-turned-profession… He earns a very good salary but looking around his home and at his life it’s hard to see how he spends it.

He estimates that he’s “upset or angered” 100 different ransomware gangs (based on his analysis of the Bitcoin wallets where they collect their ransoms.) One group had collected about $250,000 (£191,000) in three months — until Fabian created a countering anti-ransomware program — which is one reason he carefully hids his identity.

“I know how much money they make and it would be literally nothing for them to drop 10 or 20,000 for like some Russian dude to turn up to my house and beat the living hell out of me.”

Read more of this story at Slashdot.

Users Complain of Account Hacks, But OkCupid Denies a Data Breach

Zack Whittaker reports via TechCrunch: A reader contacted TechCrunch after his [OkCupid] account was hacked. The reader, who did not want to be named, said the hacker broke in and changed his password, locking him out of his account. Worse, they changed his email address on file, preventing him from resetting his password. OkCupid didn’t send an email to confirm the address change — it just blindly accepted the change. “Unfortunately, we’re not able to provide any details about accounts not connected to your email address,” said OkCupid’s customer service in response to his complaint, which he forwarded to TechCrunch. Then, the hacker started harassing him strange text messages from his phone number that was lifted from one of his private messages. It wasn’t an isolated case. We found several cases of people saying their OkCupid account had been hacked.

But several users couldn’t explain how their passwords — unique to OkCupid and not used on any other app or site — were inexplicably obtained. “There has been no security breach at OkCupid,” said Natalie Sawyer, a spokesperson for OkCupid. “All websites constantly experience account takeover attempts. There has been no increase in account takeovers on OkCupid.” Even on OkCupid’s own support pages, the company says that account takeovers often happen because someone has an account owner’s login information. “If you use the same password on several different sites or services, then your accounts on all of them have the potential to be taken over if one site has a security breach,” says the support page. In fact, when we checked, OkCupid was just one of many major dating sites — like Match, PlentyOfFish, Zoosk, Badoo, JDate, and eHarmony — that didn’t use two-factor authentication at all.

Read more of this story at Slashdot.

This Week in Security News: Consumer Data and Malware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn what security issues and critical threats will impact consumer data this year. Also, learn about a malicious Adobe app targeting macOS systems.

Read on: 

Keys to Safeguarding Consumer Data in 2019

Trend Micro reports that there are certain security issues which will specifically impact consumer data, including phishing and fraud attacks. 

Linksys Partners with Trend Micro for Network Protection on Velop Wi-Fi Systems

Linksys and Trend Micro have partnered to deliver a security solution for home networks to give families an added layer of digital projection.

Collaborating with Law Enforcement to Tackle the Scourge of ATM Attacks

Trend Micro contributed to a new Europol report detailing guidelines on logical ATM attacks, in support of ongoing efforts by both law enforcement and the financial industry to stop ATM abuse. 

Report: Over 59,000 GDPR Data Breach Notifications, But Only 91 Fines

Since the European Union’s General Data Protection Regulation (GDPR) came into effect in May last year, EU organizations have reported almost 60,000 data breaches, but so far fewer than 100 fines have been issued by regulators.

MacOS Malware Poses as Adobe Zii, Steals Credit Card Info and Mines Monero Cryptocurrency

Trend Micro found a malicious app posing as Adobe Zii (a tool used to crack Adobe products) targeting macOS systems to mine cryptocurrency and steal credit card information. 

Auto Engineers Warn Your Car Might be Easier to Hack Than You Think

As auto makers roll out more sophisticated features, the upgrades are also making cars more vulnerable to cyberattacks, according to a new report from the Ponemon Institute.

Managing Digital Footprints and Data Privacy

A massive data dump involving more than two billion user credentials was reported earlier this year. The ramifications of this dump is just the beginning for many of those whose data are included. 

Just Two Hacker Groups are Behind 60% of Stolen Cryptocurrency

A new report from blockchain investigation company Chainalysis reveals that just two criminal groups are responsible for around 60% of all cryptocurrency stolen from exchanges.

EU Orders Recall of Children’s Smartwatch Over Severe Privacy Concerns

For the first time, EU authorities have announced plans to recall a product from the European market because of a data privacy issue. The product is Safe-KID-One, a children’s smartwatch produced by German electronics vendor ENOX.

Do you agree phishing and fraud attacks will be the main threats impacting consumer data in 2019? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Consumer Data and Malware appeared first on .

Bashe: the hypothetical $193 billion ransomware attack

bashe attack ransomware

Around the world, hundreds of thousands of employees in thousands of companies receive an email from the company’s payroll department. It contains a PDF attachment with the details of the employees’ end of year bonuses. Some, the more cautious among them, delete the email, sensing that it could be a phishing attack. Others open the attachment, and release the worst cyberattack in history. 43% of the world’s devices are affected, all of their files encrypted. The cost of this attack reaches a staggering $85 billion.

Fortunately, the world is yet to see anything of this kind. However, according to a study by the Cyber Risk Management (CyRiM) project in Singapore, this is a scenario that we could well experience. The investigation was carried out to illustrate the catastrophic consequences that an incident of this type could have on the economy. It describes an advanced ransomware attack, called Bashe, in detail, along with the devastating effects that it could have.

The study describes several scenarios: the “best case”, in which 43% of the world’s devices are encrypted, causing costs of $85 billion; and the “worst case”, where 97% of devices are encrypted, and costs spiral to $193 billion.

Development of a large-scale attack

The study describes how the developers of the ransomware are recruited to create this malware and design the attack. One of the cybercriminals’ goals is to avoid the pitfalls of previous global attacks. As such, the Bashe attack is designed to use a vulnerability without a patch, and efforts are made to ensure that there is no possibility of an online kill-switch being discovered, as happened with WannaCry.

As with so many other malware campaigns, it is delivered inside attachments, in this case a PDF with the subject “Year-End Bonus”. The malware is able to imitate the email domain of the victim, and thus spoof the ‘sent from’ part of the email header. In this way, the email seems to be coming from someone in the victim’s company.

Once the attachment is opened, the malware is executed, downloading the ransomware worm, encrypting all the data on all the computers that share the network with the infected device. It demands a ransom of $700. To make sure the ransomware spreads as far as possible, the worm automatically forwards the malicious email to all the victim’s contacts. .

In 24 hours, Bashe has encrypted the data on around 30 million devices all around the world.

Companies start to respond

The study explains that the worst hit industries would be retail, healthcare, and manufacturing. In the retail sector, the costs stem from encrypted payment systems, and the collapse of e-commerce thanks to inoperative websites. The healthcare sector is affected due to its heavy reliance on antiquated systems, just as we saw with the WannaCry attacks. As for manufacturing, the encryption of infrastructure and machines necessary for their activity, along with possible problems in shipping networks, logistics, and inventory would be the main problems caused by this kind of attack.

Many companies rely on IT systems to carry out their day-to-day business; this leads around 8% of them to pay the ransom in order to return to normality as quickly as possible. The criminal organization makes between $1.14 and $2.78 billion this way. Smaller companies are most likely to pay the ransom, given their limited capacity to manage disasters of this kind.

The repercussions

Beyond the economic costs detailed above, one of the most immediate outcomes is an increase in distrust of connected devices, along with stricter controls on the use of corporate email.

Another repercussion of the Bashe attack is a dramatic increase in the demand for IT security. Companies want to protect their corporate networks and their assets in order to avoid similar attacks in the future. Cybersecurity training becomes mandatory for employees, and cyberrisk management courses a requirement in order to get an IT security insurance policy.

How to protect yourself against advanced attacks

Although an attack on the same scale as Bashe is unlikely, any kind of cyberattack can have extremely serious repercussions for a company, regardless of its size:

1.- Employee training. We’ve said it time and time again, but one of the most important steps in protecting against the most advanced cyberthreats is awareness. Companies mustn’t wait until an incident like this one occurs to start to train employees in cybersecurity.

2.- Careful with emails. Email plays a key role in the cataclysmic scenario we’ve just seen. And it is far from being the only kind of threat that uses email as an attack vector. In fact, 87% of IT security professionals have admitted that their company has had to deal with some kind of threat that came via email. If you have even the slightest doubt about where and email has come from, the best course of action is to contact the company’s security team.

3.- Advanced security solutions. An IT security suite such as Panda Adaptive Defense can help to detect any attempted attack that tries to get in via email. It does so by using of cognitive intelligence and a real-time detection system. What’s more, it includes a managed Threat Hunting service, which actively searches for the most advanced threats, so that your network is always protected.

The post Bashe: the hypothetical $193 billion ransomware attack appeared first on Panda Security Mediacenter.

This Week in Security News: Ransomware and Cyber Threats

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about new routines for encryption of JobCrypter ransomware. Also, understand how Emotet has managed to evolve into one of the most notorious cyber threats in existence.

Read on:

Spotted: JobCrypter Ransomware Variant With New Encryption Routines, Captures Desktop Screenshots

A variant of JobCrypter ransomware was observed by Trend Micro using new routines for encryption and features the ability to send a screenshot of the victim’s desktop to an email address. 

For Industrial Robots, Hacking Risks Are On the Rise

In the future, industrial robots may create jobs, boost productivity and spur higher wages. But one thing seems more certain for now: They’re vulnerable to hackers.

Microsoft CEO Satya Nadella made a global call for countries to come together to create new GDPR-style data privacy laws

Microsoft CEO Satya Nadella is a major proponent of the the recent European data regulation GDPR, which came into force in May 2018.

Protecting Critical Infrastructure and Roadways: How Smart Cities Create New Risks

While advanced components to support utilities, critical infrastructure, and more can bring numerous benefits, these solutions also open both urban and rural areas to new risks and cyber threats.

DHS Releases Emergency Order to Prevent DNS Hijacking

The Department of Homeland Security has issued a rare “emergency” directive ordering federal civilian agencies to secure the login credentials for their internet domain records out of concern that they could be vulnerable to cyberattacks.

As BYOD Adoption and Mobile Threats Increase, Can Enterprise Data Security Keep Up?

While most security professionals have come to embrace — or, at least, accept — bring-your-own-device (BYOD) policies, leadership still often lacks confidence in the data security of employees’ personal phones, tablets and laptops.

Going In-depth with Emotet: Multilayer Operating Mechanisms

Over a period of just five years, Emotet has managed to evolve into one of the most notorious cyber threats in existence – one that causes incidents that cost up to $1 million dollars to rectify.

Online Casino Group Leaks Information on 108 Million Bets, Including User Details

An online casino group has leaked information on over 108 million bets, including details about customers’ personal information, deposits and withdrawals. 

Google Fined €50 Million for GDPR Violation in France

France’s data protection regulator, CNIL, has issued Google a €50 million fine (around $56.8 million USD) for failing to comply with its GDPR obligations. 

Security is the no. 1 IT barrier to cloud and SaaS adoption

More than 70% of tech professionals said security spending has increased in the past year, according to a Ping Identity report.

Millions of Financial Records Leaked at Texas-Based Data Firm

More than a decade’s worth of credit and mortgage records, many linked to some of the country’s largest banks and lenders, was temporarily exposed online.

What do you think are some other risks smart cities will create within the next years? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Ransomware and Cyber Threats appeared first on .