Detail of a calendar page with dates

A week in security (May 15 – May 21)

In case you haven’t heard, dear Reader, Malwarebytes was nominated for five (5) categories in the EU Security Blog Awards, which will commence in June during InfoSec Europe. Even our very own Chris Boyd‘s Twitter feed was nominated for Best EU Security Tweeter. You can read more about these on this post. Remember, voting is open until the midnight of the 3rd of June.

Last week, we debunked a myth about Macs, felt the grief of a popular video game modding site with regard to ads, and looked into an automated tax refund scam email that were aimed at UK tax payers.

Security researcher Hasherezade tangoed with the tandem of Petya and Mischa, which are offered as ransomware-as-a-service (RaaS), in a series of posts. She gave us the first of two wherein she focused on the “green” version of Petya.

Senior security researcher Jérôme Segura took on the tech support scammers once more in a post where he focused on those using screen lockers, which at first appeared to be a genuine Microsoft program but may actually be malware. Segura also added that this new sophistication in TSS tactics may become a worrying trend.

For our final PUP Friday post for this month, we talked about a bubble shooter game we detect as PUP.Optional.SweetIM.

Notable news stories and security related happenings:

  • Data Breaches Continue To Be Focus of Consumer Complaints. “Released in February, the report found a 47 percent year-on-year increase in identity theft complaints. According to the National Consumers League (NCL), Javelin Strategy & Research estimates that close to one in three data breach victims will also experience identity fraud. When it comes to data breaches and identity theft, John Breyault, NCL vice president for Public Policy, Telecom and Fraud, said there is a ‘strong nexus between the two.'” (Source: LegalTech News)
  • Many Americans Refrain From Shopping, Stating Opinions Online. “Recently released results of a survey by the US Department of Commerce’s National Telecommunications and Information Administration (NTIA) have revealed that security and privacy fears stopped 45 percent of polled households from conducting financial transactions, buying goods or services, posting on social networks, or expressing opinions on controversial or political issues via the Internet.” (Source: Help Net Security)
  • World’s Oldest Hacking Profession Doesn’t Rely On Internet. “According to Verizon’s 2015 Data Breach Investigations Report, about 50 percent of all security incidents — any event that compromises the confidentiality, integrity or availability of an information asset — are caused by people inside an organization. And while 30 percent of all cases are due to worker negligence like delivering sensitive information to the wrong recipient or the insecure disposal of personal and medical data, roughly 20 percent are considered insider misuse events, where employees could be stealing and/or profiting from company-owned or protected information.” (Source: CNBC)
  • A Million Machines Enslaved By MitM Google Ad Fraud Botnet. “About a million computers have been enslaved into a newly-identified botnet that is plundering Google advertising revenues, a security trio says. The redirector.paco botnet steals advertising revenue by replacing a website’s Google AdSense for search results on infected machines with their own.” (Source: The Register)
  • Paranoid Furtim Malware Checks for 400 Security Products Before Execution. “Security firm enSilo took a closer look at his discovery and named the malware Furtim, the Latin word for “stealthy” and tracked down some of its command & control servers to a Russian domain, which resolves back to a Ukrainian IP. At the time of his analysis, despite managing to break down a large part of Furtim’s mode of operation, enSilo didn’t manage to discover how crooks are spreading the malware, how it gains an initial foothold on the infected devices, or what kind of targets it is seeking.” (Source: Softpedia)
  • 95.4 Percent of All Android Devices Are Susceptible To Accessibility Clickjacking Exploits. “With this exploit, a hacker could persistently monitor all of a victim’s activity, and read and possibly compose corporate emails and documents via the victim’s device. This also enables ransomware exploits, where a hacker may elevate their permissions to remotely encrypt or wipe the device, potentially forcing the victim to pay money to get access to their own device.” (Source: The Official Skycure Blog)
  • Cyber’s Hot, But Low-Tech Spies Are Still A Threat. “Lin’s arrest is a stark reminder that traditional espionage is ongoing, and despite such a global focus on securing computer systems in the wake of (alleged) Chinese hacking of the Office of Personnel Management, Edward Snowden’s theft of National Security Agency data, Bradley Manning’s release of classified information to the website WikiLeaks and several others, we must continue and renew the focus on countering all of the foreign intelligence methods used to obtain U.S. information.” (Source: The National Interest)
  • Beware Of Cyber Groomers, Warn Police. “They would chat up young girls on social media websites on the pretext of befriending them. Soon, the conversation will turn intimate, luring the unsuspecting girls into removing their clothes. Once they fall into the ‘trap’, they will be asked to perform lewd acts such as exposing their private parts and masturbating. ” (Source: The Star – Malaysia)
  • Time To Treat Sponsors Of Ransomware Campaigns As Terrorists, Lawmaker Says. “A senior lawmaker Wednesday hinted that nations not doing enough to stop ransomware groups from operating within their countries should be treated in the same way that the US treats countries that sponsor terror groups. In opening comments at a Senate Judiciary subcommittee hearing Wednesday, Senator Lindsey Graham described ransomware attacks as a ‘terrible crime’ affecting schools, hospitals, and the lives of thousands of others.” (Source: Dark Reading)
  • FindFace App Heralds The End Of Public Anonymity And Privacy? “While Facebook battles in court to be allowed to use its facial recognition tech (which it already gave up using in Europe), another company – whose facial recognition offering has been indirectly put in the hands of the greater public via a mobile app – is currently in talks with businesses, police departments and city governments that are eager to use its algorithm.” (Source: Help Net Security)
  • Microsoft Disables Wi-Fi Sense On Windows 10. “Microsoft has disabled its controversial Wi-Fi Sense feature, a component embedded in Windows 10 devices that shares access to WiFi networks to which you connect with any contacts you may have listed in Outlook and Skype — and, with an opt-in — your Facebook friends.” (Source: KrebsOnSecurity)
  • Cyber Criminals Using Rio Olympics As Bait To Target Users With Phishing Scams. “Phishing attacks are definitely on a rise nowadays with email scams and spam messages doing the round across the World Wide Web incessantly. Usually, these campaigns increase in their gravity, scope and proportion when a big event of national or global nature is expected to be held in the near future. The same is the case this time when the 2016 Rio de Janeiro Olympics are due to be held malicious actors are showing their antics with full vigor and fervor.” (Source: HackRead)
  • The Life Of A Social Engineer: Hacking The Human. “Street is a master of deception: a social engineer, specializing in security awareness and physical compromise engagements. He’s outspoken, friendly, always wearing a smile, and besides working in the field, he’s also the InfoSec Ranger at Pwnie Express, and is well-known for his books and conference talks around the world.” (Source: Help Net Security)
  • Threat Of Mobile Malware Persists As Attacks Targeting iOS Devices Increase. “Check Point identified 2,000 unique malware families during April, which was more than a 50 percent increase on the previous month. The findings revealed a wide range of threats that organisations’ networks face and the scale of the challenges that security teams need to think about in preventing an attack on their business critical information.” (Source: IT Security Guru)
  • New Surveillance System May Let Cops Use All Of Your Cameras. “Computer scientists have created a way of letting law enforcement tap any camera that isn’t password protected so they can determine where to send help or how to respond to a crime. ‘It’s a way to help people take advantage of information that’s out there,’ says David Ebert, an electrical and computer engineer at Purdue University.” (Source: Wired)
  • Microsoft: U.S., Italy And Canada Are Top Ransomware Targets. “May 19 was Ransomware Info Day, a campaign launched by the Swiss Internet Security Alliance to help raise awareness about this particularly nasty type of malware. Microsoft, one of several backers of the outreach effort, is sharing some data about the spread of ransomware and some tips on how to avoid it.” (Source: eWeek)
  • An Eight-year-old Virus Is Still Infecting Thousands Of PCs. “The worm would pull payloads over the network, used to spread its malicious files across a network. It would also enlist the infected computers as part of a botnet, which could be remotely controlled. It didn’t take long for variations to quickly emerge and spread. It later became one of the world’s most notorious malware families going.” (Source: ZDNet)

Safe surfing, everyone!

The Malwarebytes Labs Team