5/31/16 Weekly News: Locky back in action, More iOS vulnerabilities, and Hacking as a business

This week we found several interesting topics, including a Ransomware campaign restarting, a new vulnerability discovered in iOS devices, and how hackers are increasingly treating their activities in a business-like fashion.


1. CSO Online, "New JavaScript spam wave distributes Locky Ransomware."

It appears that the "Locky" developers found a new way to distribute their ransomware variant. According to the article by CSO Online, ESET researchers have seen a recent influx of Locky being distributed through JavaScript attacks, opposed to previous methods using Office documents. This comes only a few weeks after the news that the Locky ransomware campaign was disrupted by white-hat hackers, which you can read about here.

The attacks are still primarily distributed through email. The article warns that the attackers are sending Zip folders containing .js and .jse files within, which do not require the users to execute them. This file type is rarely sent in email except for malicious uses, so it is best to avoid these opening these entirely. The biggest take away from this is to be careful of what emails you open, and especially of what attachments you open.

2. Security Week, "'SandJacking' Attack Allows Hackers to Install Evil iOS Apps."

Apple's patches to iOS unfortunately have only gone so far. According to this article by Security Week, security researcher Chilik Tamir discovered the iOS 8.3 update was a little less than adequate. The 8.3 update added some new features for users and patched some vulnerabilities, including one that Tamir discovered which allowed apps on iOS devices to be replaced with fake versions of the same app. This could have been exploited to spy on user activity and steal information off of devices running these malicious apps, and so it was patched in the 8.3 update to prevent replacement of legitimate apps.

Tamir however has found that Apple's patch ignored the restore process in their update, which allows the original attack to still be implemented. The process is slightly different, but can still be entirely automated. This form of attack is still a proof of concept and may not be known to attackers, but it is still a vulnerability that Apple has yet to patch. In any case, it is an interesting concept and yet further proof that sandbox environments like those found on iPhones are not impervious to malware incursion.

3. HPE Business Insights, "The (Big) Business of Hacking."

This article put forward by Hewlet-Packard Enterprises discusses a subject that has caught many people's interests recently: the strategic changes of hackers treating their illegal activities as a business. Increasingly, hackers and other cyber-criminal organizations have formed their own "companies," complete with accounting departments, payroll, and R&D. According to the article, these sorts of criminal companies are often offer several illicit products and services, including stolen information, rented hacking software, and even hacking as a service.

This can be a problem because these "companies" are regularly searching for new businesses to break into, as they often need new information to sell; and lots of it. The article discusses how personally identifiable information is often worth as little as $1 online, which means that criminal companies selling this information need to have masses of it to be successful. HPE goes on to mention that it is becoming increasingly important to have information security practices in place to defend against this sort of activity, as it will likely only increase as more hackers adopt a business model for their illegal activities.


That's all for this week, check back next week for more news on Information Security. And if you want more information on how Astria Business Solutions can assist you in meeting your business' information security goals, visit our website at AstriaBiz.com