4/28/16 Weekly News: Empty DDoS Threats, Automotive Cyber-Security, and Malware in a Nuclear Power Plant

This week saw some very interesting bits of news, including scams with threats of DDoS, the difficulties involved in making vehicles cyber-secure, and even malware being found on a nuclear power plant.


1. CSO Online, "Empty DDoS threats earn extortion group over $100,000."

Not all threats online have an actual bite. Sometimes cyber-criminals try and simply scare their victims into paying them, essentially just scamming them out of their money. CSO Online reported that for the last two months, many businesses have been receiving email threats of a DDoS attack from a group calling itself the Armada Collective. The messages demand that the victims pay "protection" fees or the group will begin DDoS attacks on the victims.

However, none of those that refused to pay have experienced any attacks at all. It seems the threats are entirely empty, and those sending the emails may not even be a part of the actual Armada Collective, but may simply be using their name in an attempt to add credibility to their scam. The scammers in fact have no way of telling who has paid and who hasn't, and therefor would be hard pressed to know who to even attack. Unfortunately it seems to be working, as collectively the threats have earned them over $100,000. Remember, it is always best not to pay such demands, as there is no way to be sure they won't attack again, or inform other criminals that your business pays when threatened.

2. Network World, "Headaches likely to grow over auto cybersecurity concerns."

As we discussed briefly last month, cyber-security in automobiles is becoming a growing concern. With vehicles to often connected to the internet, flash drives, or even USB music players, the risk of infection by malware is increasingly a concern. Researchers have found numerous vulnerabilities, even being able to completely stop a vehicle remotely, but patches to security may prove more difficult than expected.

According to this article by Network World, current vehicles may never be possible to secure, and even vehicles in production now will not be able to implement the encryption and secure communication processes that are necessary to properly secure the vehicle. In fact it is estimated that it will take an additional 5 years before proper encryption is developed and implemented into vehicles with wireless functions, leaving a multitude of new vehicles unfortunately vulnerable to cyber-attacks.

3. Security Week, "Concerns Raised Over Malware in German Nuclear Plant."

A nuclear power plant located in Gundremmingen, Germany, made the news this week after it was revealed that it's systems were infected with various types of malware. Fortunately, none of the malware infections were particularly vicious, and many were even old and quite outdated. In fact, none of the malware posed any real threat to the reactor, nor did it appear to be targeted towards hindering its systems.

The malware likely was accidentally put on the reactor's computers, which did raise some concerns. How exactly did it get on the system? Could this be exploited by others to put something worse on the reactor? Again it was likely down to carelessness, which just shows how important it is to teach employees about proper security practices.


That's all for this week, check back next week for more news on Information Security. And if you want more information on how Astria Business Solutions can assist you in meeting your business' information security goals, visit our website at AstriaBiz.com

4/22/16 Weekly News: Mac Ransomware Defense, Building Security Inadequate, and New Ransomware

This week was especially busy, and it resulted in delays in the Astria Horizon news posts, but certainly not for lack of interesting news. This week Ransomware is once again a prime topic, including preventative measures for Mac OS X users and the development of a new form of infection, as well as how the Internet of Things can effect a building's security.

1. CSO Online, "This tool can block Ransomware on Mac OS X, for now."

There is good news for Mac users: security researchers have developed a free tool that detects and blocks Ransomware from infecting systems running OS X. The tool, named, "RansomWhere?" is able to detect and suspend any encryption process on Mac OS X systems, and prompts the user to either allow or stop the encryption from taking place. This however does mean that it will not work on systems that are already infected with Ransomware, it is only a preventative measure.

Mac users have been increasingly targeted by Ransomware since the development of KeRanger last month, so the ability to suspend and stop the encryption process that Ransomware starts is very helpful. But the developers mention it is currently only effective against known Ransomware variants, and may not be able to block attacks developed in the future.

2. We Live Security, "Buildings at risk of cyberattacks."

Last week we discussed the Internet of Things (IoT), and in particular looked at a case where malware came pre-installed on IoT security cameras. This week, ESET's blog, We Live Security, covered how such threats can impact the security of not only information, but even directly upon buildings. Specifically they mention white-hat hackers that were able to break in to the building management system of a prominent tech company in Sydney, Australia.

ESET warns that although this was a test, it is important to properly prepare your business for cyber-attacks on the building as well. Often times security systems are installed with just their default passwords in place, and these are easily found in PDF owners manuals. Systems that secure your building electronically, such as security cameras and electronic door locks, need to be properly secured and updated regularly to be effective in keeping your building safe, or they may actually hinder the security of the building you're trying to protect.

3. Security Week, "CryptXXX Ransomware Steals Bitcoin, Private Data."

Another instance of Ransomware in the past week includes the development of a new form, dubbed "CryptXXX." Security Week reported on this new attack after it was observed by Proofpoint in a recent campaign. The Ransomware behaves as most do, encrypting a user's files and demanding a ransom of around $500 to decrypt the files to be useful again.

What makes this Ransomware different is that it also steals information from the user as well as any Bitcoins on the infected system. So if these infections are targeted towards hospitals as they have been in recent months, they could aim to both collect a ransom as well as stealing private information of patients or staff. Hopefully researchers will find better preventative measures for infections such as these in the future.


That’s all for this week, check back next Tuesday for further news from across the web, all here at Astria Horizon. If you want more information on how Astria Business Solutions can assist you in your Information Security goals, visit our website at AstriaBiz.com

Alert: Uninstall Apple Quicktime Now!

Last week, the Department of Homeland Security issued an important alert advising everyone using Windows computers to uninstall Apple Quicktime. The application has now reached its end of life for all Windows platforms and will no longer be updated, and Apple has recommended that it be uninstalled.

The risk of leaving this program on your system is serious, as it already has major vulnerabilities, and will only increase as time goes on. Since cyber-criminals are also aware that it is no longer being updated, it is only a matter of time before they find other significant weaknesses in the application. Trend Micro has already identified two major weaknesses in the program, both of which allow for remote code execution.

Apple was kind enough to provide Windows users with instructions as well on how to properly uninstall Quicktime if you do still have this program. You can find this page here.

Apple Quicktime is primarily used for viewing .mp4 and .mov video files, but there are many alternatives if you truly need to view such files. VLC is a current favorite of mine, but with any such software, remember to keep it updated, and if you don't use it, uninstall it. It is better to minimize any vulnerabilities from free software by only keeping the programs on that you genuinely need.

Malware May Come Preinstalled on Internet of Things (IoT) Devices

What all is your smart blender connecting to?

The Internet of Things, commonly abbreviated as IoT, is simply a term used to describe the way numerous household devices are now becoming a part of the Internet, connected to wireless networks and sharing data with users remotely. A good example of this are things like smart thermostats, which allow users to control their home’s temperature from mobile devices like their phones. With this, users could make adjustments to their home’s temperature while they are out and about, or even simply in another part of the home that may be distant from the actual thermostat. This is of course very convenient, and has many advantages for a variety of users, but unfortunately often comes at the cost of security.

One of the most common issues in the Internet of Things is a lack of security built into IoT products. Often as developers race to provide their customers with new features and connectivity, they leave gaps in their products security; if they even bother to secure it at all. These gaps are often quite simple for cyber-criminals to exploit, and can even infect the technology before the customer even purchases it.

Such was the case when Mike Olsen, co-founder of Proctorio,purchased a set of security cameras off of Amazon. As he installed the cameras he purchased, he noted they were acting unusually. He proceeded to use his developer’s tools to search the code, and found an imperceptible iFrame was running in the background, and set to download malware from a site known to be dangerous.

How the malware got on these cameras is unknown, but Olsen doesn’t imply that Amazon or the seller were at fault in this incident. Still, in an interview with Security Week, Olsen pointed out the ease of which infected devices can end up on websites such as Amazon. One could in fact purchase several of the devices, infect them with malware, and then sell them once again on Amazon as new, or even return them as unneeded items. As long as care is taken with the packaging, the items will be resold, and cyber-criminals proceed to profit from stolen data.

When it comes to IoT devices, it is important to weigh the risks, and determine how worthwhile the connectivity is to you. While you may not be concerned with theft of temperature data from your thermostat, what if that thermostat is infecting your router, phone, or even computers? Research on the security features of these devices is critical, and better yet, if you don’t need it to be connected to your network, don’t even connect it.

What experiences have you had with the Internet of Things? Are the features of the devices beneficial enough to outweigh the risks in security? We at Astria Business Solutions would love to discuss your thoughts in the comments below.

4/13/16 Weekly Security News: Petya Ransomware cracked, Wal-Mart scam resurfacing, and Chinese antivirus left exposed

This week started out a little slower, but some fairly interesting topics came up. First, there's good news for anyone with a system infected with the Petya Ransomware, second, reports of the Wal-Mart Mystery Shopper scam seem to be resurfacing, and third, a Chinese antivirus software was left exposed after they accidentally whitelisted malware.

4/11/2016,CIO: “Experts crack Petya ransomware, enable hard drive decryption for free.”

Some especially good news, CIO reported that experts from the online tech-support website, “BleepingComputer.com,” were able to find a way around the Ransomware known as “Petya.” This form of Ransomware was simple but effective, not actually encrypting your files but still locking you out of your system by preventing it from booting properly. Essentially, the Ransomware would encrypt one particular file that the system needs to start the OS, and so a user would be locked out of their files. Restoring or rebuilding were about the only options, until now. 

An expert at “BleepingComputer” was able to find a way to crack the key needed to restore this file and allow the system to boot properly. It still can be a little complicated for inexperienced people, but it works to reverse the effects of this Ransomware without having to pay the attackers. More specific instructions can be found in the article.

4/11/2016,CSO Online: “Walmart mystery shopper scam resurfaces.”  

An old scam seems to be coming back for another go, targeting shoppers at Wal-Mart, CSO Online reports. The scam claims to be a “mystery shopper” program where the victim is sent a check for up to $2000 to shop at Wal-Mart and rate their experience. The trick is, to sign up for the program, the victims have to go online and fill out a form containing their name, address, date of birth, and even SSN: plenty of information in order to steal someone’s identity. The checks are also fake and entirely worthless to the recipient. Wal-Mart itself has issued warnings to the public about this scam, and made it very clear that they do not utilize such services, but the scam must be fairly successful as it has been around for the last 5 years. 

4/11/2016,Security Week: “Cybercriminals Trick Qihoo 360 into Whitelisting Malware.”

Malware makers are becoming increasingly crafty. Last week, cyber-criminals managed to trick the Chinese antivirus software Qihoo into whitelisting their malware. Bribing employees of a gaming company in China, they placed their malware in with the company’s legitimate software to be whitelisted by Qihoo 360. Whitelisting essentially just marks software as being safe, so that the antivirus doesn’t block it from being installed. In this case, anyone who used Qihoo’s antivirus, which is fairly common in China, was vulnerable to the malware, because the software would not recognize that the malware was dangerous.


That’s all for this week, check back next Tuesday for further news from across the web, all here at Astria Horizon. If you want more information on how Astria Business Solutions can assist you in your Information Security goals, visit our website at AstriaBiz.com