In “Hated and hunted,” a BBC reporter describes visiting a ransomware expert “who has devoted himself, at huge personal cost, to helping victims of ransomware around the world.”
They hate him so much that they leave him angry threats buried deep inside the code of their own viruses… “I was shocked but I also felt a real sense of pride,” says Fabian. “Almost like, a little bit cocky. I’m not going to lie, yeah, it was nice….” He works remotely for a cyber security company, often sitting for hours at a time working with colleagues in different countries. When he’s “in the zone”, the outside world becomes even less important and his entire existence focuses on the code on his screen. He once woke up with keyboard imprints all over his face after falling asleep during a 35-hour session.
All of this to create anti-ransomware programs that he and his company usually give away free. Victims simply download the tools he makes for each virus, follow the instructions and get their files back… According to research from Emsisoft, the cyber security company Fabian works for, a computer is attacked every two seconds. Their network has managed to prevent 2,584,105 infections in the past 60 days — and that’s just one anti-virus firm of dozens around the world…. “It’s pretty much an arms race,” says Fabian. “They release a new ransomware virus, I find a flaw in its code and build the decryption tool to reverse it so people can get their files back. Then the criminals release a new version which they hope I can’t break… It escalates with them getting more and more angry with me….”
Fabian accepts that moving around and restricting his life and circle of friends is just a part of the sacrifice for his hobby-turned-profession… He earns a very good salary but looking around his home and at his life it’s hard to see how he spends it.
He estimates that he’s “upset or angered” 100 different ransomware gangs (based on his analysis of the Bitcoin wallets where they collect their ransoms.) One group had collected about $250,000 (£191,000) in three months — until Fabian created a countering anti-ransomware program — which is one reason he carefully hids his identity.
“I know how much money they make and it would be literally nothing for them to drop 10 or 20,000 for like some Russian dude to turn up to my house and beat the living hell out of me.”
Read more of this story at Slashdot.
Zack Whittaker reports via TechCrunch: A reader contacted TechCrunch after his [OkCupid] account was hacked. The reader, who did not want to be named, said the hacker broke in and changed his password, locking him out of his account. Worse, they changed his email address on file, preventing him from resetting his password. OkCupid didn’t send an email to confirm the address change — it just blindly accepted the change. “Unfortunately, we’re not able to provide any details about accounts not connected to your email address,” said OkCupid’s customer service in response to his complaint, which he forwarded to TechCrunch. Then, the hacker started harassing him strange text messages from his phone number that was lifted from one of his private messages. It wasn’t an isolated case. We found several cases of people saying their OkCupid account had been hacked.
But several users couldn’t explain how their passwords — unique to OkCupid and not used on any other app or site — were inexplicably obtained. “There has been no security breach at OkCupid,” said Natalie Sawyer, a spokesperson for OkCupid. “All websites constantly experience account takeover attempts. There has been no increase in account takeovers on OkCupid.” Even on OkCupid’s own support pages, the company says that account takeovers often happen because someone has an account owner’s login information. “If you use the same password on several different sites or services, then your accounts on all of them have the potential to be taken over if one site has a security breach,” says the support page. In fact, when we checked, OkCupid was just one of many major dating sites — like Match, PlentyOfFish, Zoosk, Badoo, JDate, and eHarmony — that didn’t use two-factor authentication at all.
Read more of this story at Slashdot.
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn what security issues and critical threats will impact consumer data this year. Also, learn about a malicious Adobe app targeting macOS systems.
Trend Micro reports that there are certain security issues which will specifically impact consumer data, including phishing and fraud attacks.
Linksys and Trend Micro have partnered to deliver a security solution for home networks to give families an added layer of digital projection.
Trend Micro contributed to a new Europol report detailing guidelines on logical ATM attacks, in support of ongoing efforts by both law enforcement and the financial industry to stop ATM abuse.
Since the European Union’s General Data Protection Regulation (GDPR) came into effect in May last year, EU organizations have reported almost 60,000 data breaches, but so far fewer than 100 fines have been issued by regulators.
Trend Micro found a malicious app posing as Adobe Zii (a tool used to crack Adobe products) targeting macOS systems to mine cryptocurrency and steal credit card information.
As auto makers roll out more sophisticated features, the upgrades are also making cars more vulnerable to cyberattacks, according to a new report from the Ponemon Institute.
A massive data dump involving more than two billion user credentials was reported earlier this year. The ramifications of this dump is just the beginning for many of those whose data are included.
A new report from blockchain investigation company Chainalysis reveals that just two criminal groups are responsible for around 60% of all cryptocurrency stolen from exchanges.
For the first time, EU authorities have announced plans to recall a product from the European market because of a data privacy issue. The product is Safe-KID-One, a children’s smartwatch produced by German electronics vendor ENOX.
Do you agree phishing and fraud attacks will be the main threats impacting consumer data in 2019? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Consumer Data and Malware appeared first on .
Around the world, hundreds of thousands of employees in thousands of companies receive an email from the company’s payroll department. It contains a PDF attachment with the details of the employees’ end of year bonuses. Some, the more cautious among them, delete the email, sensing that it could be a phishing attack. Others open the attachment, and release the worst cyberattack in history. 43% of the world’s devices are affected, all of their files encrypted. The cost of this attack reaches a staggering $85 billion.
Fortunately, the world is yet to see anything of this kind. However, according to a study by the Cyber Risk Management (CyRiM) project in Singapore, this is a scenario that we could well experience. The investigation was carried out to illustrate the catastrophic consequences that an incident of this type could have on the economy. It describes an advanced ransomware attack, called Bashe, in detail, along with the devastating effects that it could have.
The study describes several scenarios: the “best case”, in which 43% of the world’s devices are encrypted, causing costs of $85 billion; and the “worst case”, where 97% of devices are encrypted, and costs spiral to $193 billion.
Development of a large-scale attack
The study describes how the developers of the ransomware are recruited to create this malware and design the attack. One of the cybercriminals’ goals is to avoid the pitfalls of previous global attacks. As such, the Bashe attack is designed to use a vulnerability without a patch, and efforts are made to ensure that there is no possibility of an online kill-switch being discovered, as happened with WannaCry.
As with so many other malware campaigns, it is delivered inside attachments, in this case a PDF with the subject “Year-End Bonus”. The malware is able to imitate the email domain of the victim, and thus spoof the ‘sent from’ part of the email header. In this way, the email seems to be coming from someone in the victim’s company.
Once the attachment is opened, the malware is executed, downloading the ransomware worm, encrypting all the data on all the computers that share the network with the infected device. It demands a ransom of $700. To make sure the ransomware spreads as far as possible, the worm automatically forwards the malicious email to all the victim’s contacts. .
In 24 hours, Bashe has encrypted the data on around 30 million devices all around the world.
Companies start to respond
The study explains that the worst hit industries would be retail, healthcare, and manufacturing. In the retail sector, the costs stem from encrypted payment systems, and the collapse of e-commerce thanks to inoperative websites. The healthcare sector is affected due to its heavy reliance on antiquated systems, just as we saw with the WannaCry attacks. As for manufacturing, the encryption of infrastructure and machines necessary for their activity, along with possible problems in shipping networks, logistics, and inventory would be the main problems caused by this kind of attack.
Many companies rely on IT systems to carry out their day-to-day business; this leads around 8% of them to pay the ransom in order to return to normality as quickly as possible. The criminal organization makes between $1.14 and $2.78 billion this way. Smaller companies are most likely to pay the ransom, given their limited capacity to manage disasters of this kind.
Beyond the economic costs detailed above, one of the most immediate outcomes is an increase in distrust of connected devices, along with stricter controls on the use of corporate email.
Another repercussion of the Bashe attack is a dramatic increase in the demand for IT security. Companies want to protect their corporate networks and their assets in order to avoid similar attacks in the future. Cybersecurity training becomes mandatory for employees, and cyberrisk management courses a requirement in order to get an IT security insurance policy.
How to protect yourself against advanced attacks
Although an attack on the same scale as Bashe is unlikely, any kind of cyberattack can have extremely serious repercussions for a company, regardless of its size:
1.- Employee training. We’ve said it time and time again, but one of the most important steps in protecting against the most advanced cyberthreats is awareness. Companies mustn’t wait until an incident like this one occurs to start to train employees in cybersecurity.
2.- Careful with emails. Email plays a key role in the cataclysmic scenario we’ve just seen. And it is far from being the only kind of threat that uses email as an attack vector. In fact, 87% of IT security professionals have admitted that their company has had to deal with some kind of threat that came via email. If you have even the slightest doubt about where and email has come from, the best course of action is to contact the company’s security team.
3.- Advanced security solutions. An IT security suite such as Panda Adaptive Defense can help to detect any attempted attack that tries to get in via email. It does so by using of cognitive intelligence and a real-time detection system. What’s more, it includes a managed Threat Hunting service, which actively searches for the most advanced threats, so that your network is always protected.
The post Bashe: the hypothetical $193 billion ransomware attack appeared first on Panda Security Mediacenter.
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about new routines for encryption of JobCrypter ransomware. Also, understand how Emotet has managed to evolve into one of the most notorious cyber threats in existence.
A variant of JobCrypter ransomware was observed by Trend Micro using new routines for encryption and features the ability to send a screenshot of the victim’s desktop to an email address.
In the future, industrial robots may create jobs, boost productivity and spur higher wages. But one thing seems more certain for now: They’re vulnerable to hackers.
Microsoft CEO Satya Nadella is a major proponent of the the recent European data regulation GDPR, which came into force in May 2018.
While advanced components to support utilities, critical infrastructure, and more can bring numerous benefits, these solutions also open both urban and rural areas to new risks and cyber threats.
The Department of Homeland Security has issued a rare “emergency” directive ordering federal civilian agencies to secure the login credentials for their internet domain records out of concern that they could be vulnerable to cyberattacks.
While most security professionals have come to embrace — or, at least, accept — bring-your-own-device (BYOD) policies, leadership still often lacks confidence in the data security of employees’ personal phones, tablets and laptops.
Over a period of just five years, Emotet has managed to evolve into one of the most notorious cyber threats in existence – one that causes incidents that cost up to $1 million dollars to rectify.
An online casino group has leaked information on over 108 million bets, including details about customers’ personal information, deposits and withdrawals.
France’s data protection regulator, CNIL, has issued Google a €50 million fine (around $56.8 million USD) for failing to comply with its GDPR obligations.
More than 70% of tech professionals said security spending has increased in the past year, according to a Ping Identity report.
More than a decade’s worth of credit and mortgage records, many linked to some of the country’s largest banks and lenders, was temporarily exposed online.
What do you think are some other risks smart cities will create within the next years? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Ransomware and Cyber Threats appeared first on .