5/20/16 Weekly Security News: Extra Sneaky Malware, TeslaCrypt Ransomware is Over, and LinkedIn Breach Expanded

Welcome back for more weekly news updates on information security, brought here to you by Astria Business Solutions. This week saw many interesting developments, including a new and particularly stealthy form of malware, Ransomware encryption being beaten by an unlikely source, and new findings on the 2012 breach of LinkedIn user accounts. Read on for more information on this week's news.


1. Security Week: "Windows Malware Tries to Avoid 400 Security Products."

A particularly interesting new form of Malware was recently discovered, and it appears to target Windows systems without any antivirus. According to the article by Security Week, this malware known as "Furtim" initiates checks on systems where it may be installed, looking for over 400 different types of security products (such as antivirus or firewalls) on the system. If it finds any of these, the program immediately deletes itself, likely with the goal of never being caught on such systems.

If the malware does find a suitable system however, such as an undefended home computer, the malware will successfully install and proceed to steal any saved user account and password information on the infected system. It also blocks the user's access to 250 different security based websites, prevents downloads or updates of antivirus, blocks command line usage, and prevents the system from being shut down or put in hibernation, making it difficult to keep it from stealing other personal information from your system. The moral of the story is that if you do not have antivirus software of any sort, now would be an ideal time to install some.

2. CSO Online: "TeslaCrypt Victims Can Now Decrypt Their Files for Free."

Very good news for anyone hindered by the effects of the TeslaCrypt Ransomware, researchers now have a free tool to decrypt your files and once again obtain access to your computer. The especially strange part? The master decryption key used for the tool came directly from the developers of TeslaCrypt. CSO Online's article reported that the makers of TeslaCrypt decided to end their malicious activity of holding people's computers hostage through their Ransomware campaign. Researchers at ESET reached out to the group through official channels, asking for the master key to decrypt victims files, and the TeslaCrypt developers went ahead and made the key public.

Shortly after, ESET created a tool that is able to decrypt victims files and made it free to use for the public. If your system was previously infected with TeslaCrypt, you can find instructions on how to remove it from your system on ESET's website. This is certainly an unusual case, Ransomware decryption tools are not frequently developed, and rarely do their developers offer master keys such as in this instance. Remember: prevention is the best remedy for Ransomware.

3. Krebs on Security: "As Scope of 2012 Breach Expands, LinkedIn to Again Reset Passwords for Some Users."

Apparently, the breach of LinkedIn passwords back in 2012 was much larger than initially believed. Krebs on Security reported that while the initial scope of the breach appeared to be about 6.5 million users, in actuality it affected more than 117 million users, with the pool of user accounts being offered for sale on criminal websites. LinkedIn seems to be planning to force some of these users to reset their passwords, but not everyone will receive this prompt.

The problem here is that LinkedIn is only forcing some users to change their passwords, and not all. Since the breach was initially believed to only have been 6.5 million users, only those users were initially required to reset their passwords. Now it has been shown that the same breach actually affected over 117 million users. Even if LinkedIn forces all of these users to change their passwords, what happens if next year they discover the breach was even larger? When incidents such as these occur, companies need to be open with their users, and at least suggest password changes to them all.

One important take-away, it is advised you change your LinkedIn passwords, whether you receive official notification or not. With breaches such as these it is often difficult to assess the full scope, and it's much better to take a brief precaution than to have your account stolen for reputation hijacking purposes.


That's all for this week, check back next week for more news on Information Security. And if you want more information on how Astria Business Solutions can assist you in meeting your business' information security goals, visit our website at AstriaBiz.com