3/29/16 Weekly Security News: Verizon Enterprise Breached, New Malware, and Phishing with GPS Data

This week had several interesting news articles, including the discovery of new malware, a new phishing scheme, and a data breach at Verizon Enterprise.

1. Krebs on Security, "Crooks Steal, Sell Verizon Enterprise Customer Data."

Last week, Krebs on Security reported that Verizon Enterprise customer contact data appeared for sale in an unnamed cyber-crime forum. The seller claims to have information for 1.5 million of their customers and is offering to sell it as a whole or in pieces.

While it appears only contact data was stolen, Krebs warns that such data will likely be used for phishing attacks, and could lead to further breaches or theft. It is also worth noting that a majority of Fortune 500 companies use Verizon Enterprise’s services, and may very well be prime targets for these sorts of scams.

This is particularly interesting as Verizon Enterprise is often an advisor to other businesses when data breaches occur. They research breaches and even provide a major report on their findings each year, and provide warnings on how such attacks take place, but unfortunately were not aware of the vulnerability in their website that allowed for this breach.

2. We Live Security, "ESET discovers new USB-based data stealing malware."

Last week, ESET’s researchers discovered a new form of malware on a USB drive that has many unusual characteristics. It seems the malware, currently dubbed, “USB Thief,” has been designed not to replicate or spread. This certainly is unusual for malware, as many will try and spread to steal or damage data across multiple computers, trying to get a larger effect. But USB Thief is believed to be designed for targeted attacks, and as such will not replicate or do anything to draw further attention to it. This makes it especially stealthy, and very hard to detect.

ESET’s team highly recommends training all levels of staff in security practices, as it often seems to be a human tendency to be willing to insert any USB thumb drive into their systems to check what’s on it. If a drive has this special malware on it, such actions could result in lost data. ESET’s full article gives a rundown of how it works in plain English, and offers a detailed analysis of the malware on a separate page.

3. CSO Online, "Drivers targeted by GPS-based Phishing scam."

CSO Online reported yesterday a new phishing scam taking place in Pennsylvania, issuing fake tickets to drivers via email. The thing that adds believability to the phishing scam is the use of personal information, and especially details gathered from phone location data.

The emails include considerable detail on vehicle speed, route, time, and even the driver’s first and last name, in attempt to collect a fake fine for driving over the speed limit. The data is so precise that it has to be gathered from a GPS, and traffic and mobility applications on phones are the likely suspect.

This just shows one way that cyber-criminals can use data that seems to be low in value to create a campaign with more credibility. Simply adding a few details to a scam gives it much more credibility and often makes phishing attempts more successful.

That’s all for this week, check back next Tuesday for further news from across the web, all here at Astria Horizon. If you want more information on how Astria Business Solutions can assist you in your Information Security goals, visit our website at AstriaBiz.com

3/24/16 Yet another hospital attacked by Ransomware

 In case Ransomware wasn’t in the news or on our page enough, it seems another major case of this ever popular form of attack was recorded yesterday by Brian Krebs. The victim this time? Yet another hospital: the Methodist Hospital in Henderson, Kentucky. The hospital’s spokesperson was certain however that no patient data was lost or harmed, which is very fortunate. But this is also the third major case of Ransomware infecting hospitals in the past several weeks, and shows the need for vigilance against this form of malware.

After speaking with the hospital’s information systems director, Krebs On Security found that the particular form of Ransomware in this case is “Locky,” a variant that ESET’s We Live Security covered in this article just last week. This type encrypts files, documents, images, and even videos on an infected hard drive, and then deletes the originals, requiring the victim to pay a ransom to gain access to their files.

It is unclear if the hospital had proper backups in place, but they decided to shut down their computers and scan them one at a time to prevent the infection from spreading to other systems. The hospital said that paying the ransom was an option that they have considered, but that they would not pay unless absolutely necessary.

In this incident, the Ransomware infected their systems due to an employee opening a spam email with an attachment that was infected. This sort of trickery seems to be common in many forms of attacks, and further demonstrates how important it is to be careful of suspicious emails.

The cybercriminals are demanding a rather small amount in this case, roughly $1,600, but this isn’t generally the case. Last month, a Hollywood hospital was infected with Ransomware, and the attackers demanded about $3.6 million.

This may suggest that the attackers of this Methodist Hospital are less aware of what they had encrypted, and may not have specifically targeted that particular hospital. Blanket attacks like these are not uncommon, with the booby-trapped email being sent to many email addresses in hopes that several will be opened, but often without much awareness of who is receiving the emails.

Whatever the case may have been here, Krebs warns in his article that it’s possible that Ransomware attacks may become more targeted as they mature. He also expresses concern that the criminals may in the future pay closer attention to what they have encrypted, and then demand higher amounts based on the perceived value. In cases like this hospital, that could prove very harmful to their business.

All of this again just reinforces the importance of having a consistent and reliable backup. This is the best and most reliable safeguard against Ransomware, and is a good practice to keep safe from other attacks that may potentially corrupt your files. If you haven’t done so yet, now is an excellent time to start working on a standard backup policy for your business.

Need help in planning a backup and recovery strategy? Astria Business Solutions can assist you in your Information Security goals. To find out more or to contact us, visit our website at AstriaBiz.com

3/22/16, Weekly Security News: Cars see threats, App Store Malware, and uncrackable Ransomware

This week, we at Astria Business Solutions found several interesting articles on information security, and on devices you may not expect.

1. Network World, “FBI Warning Puts Car Hacking on BiggerRadar Screen.”

Last week, the FBI issued a warning that modern cars are becoming increasingly susceptible to cyber-attacks, and urged both car makers and owners to become more aware of the risks. Specifically of note were various wireless systems that can potentially be exploited, including Bluetooth systems and keyless entry. These sorts of access points to your car come with some risks, and could be a way for attackers to infect your vehicle and potentially unlock it, or even leave it unable to function. The article above notes many of the key points from the FBI’s warnings and shows some of the suggestions they offer.

2. CSO Online, “Attackers exploit Apple DRM weakness toinfect non-jailbroken iOS devices.”

Apple iPhones seem to have more and more security weaknesses in the recent years, likely due to their popularity. According to CSO’s article, researchers actually found real malware applications on the official App Store last month, apparently able to exploit a weakness in Apple’s DRM checking process. This is also apparently the second time in the past month that harmful applications have been found on Apple’s official App Store, showing that it’s not just a fluke issue. Both of the recent cases have targeted users in China, trying to steal Apple IDs and passwords. Though so far it has only been used overseas, it also serves as a proof-of-concept for potential attacks closer to home.

3. CSO Online, “TeslaCrypt ransomware now impossible tocrack, researchers say."

Our final article is also from CSO Online, and goes back to the topic of Ransomware. While some forms Crypto-Ransomware can potentially be decrypted to unlock your files, one of the more well-known variants, TeslaCrypt, is now considered impossible to decrypt. The Ransomware has been regularly updated by its developers, minimizing its weaknesses, and now in version 3.0.1 is much more difficult to beat. It’s worth noting that the article emphasizes the need to maintain a consistent backup to protect your files, and mentions that network backups are also at risk. As we discussed in our post on protecting yourself from Ransomware, it is important to maintain your backup on an external drive and to only connect that drive for backup purposes.

That’s all for this week, check back next Tuesday for further news from across the web, all here at Astria Horizon. If you want more information on how Astria Business Solutions can assist you in your Information Security goals, visit our website at AstriaBiz.com