Detail of a calendar page with dates

A week in security (July 24 – July 30)

Last week, we recognized one of the unsung heroes of our times, explained what the Dark Web is, revealed challenges one of our experienced when putting together his conference presentation for SteelCon, revealed the potential dangers of smart toys to kids, and made a prediction following the arrests made against those involved in Fireball.

We also talked about encryption and law enforcement, Petya’s decryption key, and talked about the real problem with ransomware with accompanying statistics, which you can find from the respective links below:



Below are notable news stories and security-related happenings from last week:

Latest updates for Consumers

  • Top Ten Lessons Learned From WannaCry. “…the WannaCry ransomware variant changed the view of ransomware globally, mainly due to its ability to capture multiple major businesses and critical infrastructure. The cyber-attack that hit the NHS and businesses around the world made headline news globally, bringing awareness about ransomware – and indeed cybersecurity – to the masses.” (Source: InfoSecurity Magazine)
  • Mysterious Mac Malware Has Infected Victims for Years. “The second version of FruitFly is even more puzzling, according to Patrick Wardle, the former spy agency hacker who now develops free security tools for Apple computers and researchers Mac security for the firm Synack. Wardle told Motherboard in a phone call that when he first discovered FruitFly 2, no antivirus software detected it. More surprisingly, it looks like it has been lurking around for five or 10 years and infected several hundred users.” (Source: Motherboard)
  • The Stantinko Botnet Is Back After Years Under The Radar. “ESET researchers alert that Stantinko – a huge botnet which hasn’t been detected for the past five years – is now not only back but it also managed to infect half a million systems and allow its developers to ‘execute anything’ on the infected machine. The botnet was used for a massive adware campaign in 2012 that was primarily targeting Ukraine and Russia. However, thanks to its ability to adapt really quickly and avoid detection as well as the code encryption, Stantinko managed to stay under the radar all this time.” (Source: Virus Guides)
  • Your Old Phone Number Can Be Used To Hack Facebook Account. “We all know that in most cases, Facebook users are required to submit their phone number while registering with the social network. This is how they can link their phone with the profile so that when a user forgets the password, they can prove his authenticity and receive a new password on their smartphone. However, in case the user stops using the phone number linked to their Facebook profile and changes it to another one, there are chances that the previous number can be assigned to someone else. This is where the problem begins.” (Source: HackRead)
  • Segway MiniPro Patched To Stop Hackers Hijacking Remote Control From Hoverboard Riders. “Critical security vulnerabilities have been discovered in the Segway/Ninebot MiniPro Hoverboard, but don’t panic – firmware patches have already been issued to prevent malicious hackers from attacking the devices. Which is a relief – as successful exploitation of the security holes could have seen attackers seize remote control of a hoverboard and potentially injure riders by suddenly disabling the motor.” (Source: Tripwire’s State of Security)
  • AI Cyber Wars: Coming Soon To A Bank Near You. “The battle between cyber criminals and banks is an intensifying arms race. Cyber criminals are racing to develop new offensive weapons while the banks and insurers they are targeting are scrambling to keep pace.Financial institutions are increasingly deploying Robotic Process Automation (RPA) and other early-stage AI technologies to the front lines, identifying the behavior of trustworthy users and detecting emerging threats. However, much cutting-edge software in areas such as machine learning and AI is open-sourced, meaning that it is readily available to the wrong side.” (Source: Forbes)
  • Discover Launches Social Security Number Alert Feature. “There’s a corner of the internet, inaccessible by traditional search engines, where stolen personal information can be sold anonymously. A new feature announced this week from Discover aims to shed a little more light into that corner. Discover says the new service alerts cardholders when their Social Security number appears on certain websites on the so-called ‘dark web.'” (Source: NerdWallet)
  • Letting Cyberattack Victims Hack Back Is A Very Unwise Idea. “As the rate of cybercrime increases, so too does the intensity of those attacks. Now, companies like the UK’s Pervade Software are exploring new digital weapons with the goal of better protecting themselves and recovering stolen data. These include turnkey denial-of-service attacks and actions that damage the accused hackers’ computers and data. But taking advantage of tools more appropriate for a vigilante climate will have serious consequences for the health of the internet.” (Source: Wired)
  • New Form of Cyber-Attack Targets Energy Sector. “In the attacks so far picked up by Israel-based cybersecurity company CyberInt, a ‘lure’ document masquerades as a curriculum vitae accompanying a harmless email. What makes this latest type of spear-phishing attack hard for the energy companies to identify is that the lure email and attached Word document are totally clean and contain no malicious code whatsoever. They are therefore undetectable to incoming email monitoring defenses.” (Source: InfoSecurity Magazine)
  • Bots Make Lousy Dates, But Not Cheap Ones. “Bill installed the dating app on his smartphone. To his surprise, he was quickly matched up with several women he found attractive. Better yet, they immediately showed their interest by sending him text messages. ‘One’s a flight attendant and three are models!’ he told his friends over coffee. ‘Why didn’t I jump into online dating years ago?'” (Source: Dark Reading)
  • Officials Arrest Suspect In $4 Billion Bitcoin Money Laundering Scheme. “Police in Greece have arrested a man wanted in the United States for allegedly running a massive Bitcoin-based money laundering operation, according to the Associated Press. Authorities say the 38-year-old Russian man was responsible for converting $4 billion in illicit, conventional cash into virtual currency.” (Source: Ars Technica)
  • Malware Creators Increasingly Run Their Business Like Legitimate Software Companies. “The continuing increase in ransomware attacks is, partly, due to how easy the malware can be built and used by attackers that have limited technical skills. Take for example the Philadelphia Ransomware-as-a-Service (RaaS) offering. Offered for sale by a group (or individual?) that calls itself The Rainmakers Labs, it is just a part of the overall arsenal of ‘anti-security solutions’ on offer.” (Source: Help Net Security)
  • Google Discovers New Lipizzan Android Spyware. “Google’s Android Security team announced today the discovery of a new powerful Android spyware — named Lipizzan — which Google claims to be linked to Equus Technologies, an Israeli company that describes itself on its LinkedIn page as being specialized ‘in the development of tailor made innovative solutions for law enforcement, intelligence agencies, and national security organizations.'” (Source: Bleeping Computer)
  • Gas Pump Skimmer Sends Card Data Via Text. “Skimming devices that crooks install inside fuel station gas pumps frequently rely on an embedded Bluetooth component allowing thieves to collect stolen credit card data from the pumps wirelessly with any mobile device. The downside of this approach is that Bluetooth-based skimmers can be detected by anyone else with a mobile device. Now, investigators in the New York say they are starting to see pump skimmers that use cannibalized cell phone components to send stolen card data via text message.” (Source: KrebsOnSecurity)
  • Hackers Are Targeting People Using Free Wi-Fi At Hotels Around The World. “Travellers are being warned about an evil new form of malware that is targeting people who use free Wi-Fi at hotels around the world. Notorious hackers the DarkHotel group, which have been targeting the IT systems of hotels for years are back with a new campaign which targets free Wi-Fi connections in hotels across the globe.” (Source: Thai Visa)

Latest updates for Businesses

  • As GDPR Approaches, Retail Data Breaches Remain Unacceptably High. “Two in five retailers across the globe have experienced a data breach in the past year, according to Thales and 451 Research. The report reveals that 43 percent of retailers had experienced a data breach in the last year, with a third claiming more than one. With 60% claiming that they had been breached in the past, it’s perhaps unsurprising to learn that 88% of retailers consider themselves to be ‘vulnerable’ to data threats, with 37% stating they are ‘very’ or ‘extremely’ vulnerable. As a result, three quarters of retailers expect their spending on IT security to increase.” (Source: Help Net Security)
  • Configuration Errors Blamed For Sensitive Data Exposed Via Google Groups. “Researchers at RedLock, working within the Cloud Security Intelligence team, say they’ve discovered hundreds of organizations exposing sensitive data via Google Groups, pinning the cause on basic configuration issues. ‘A customer-controlled configuration error in the Google Groups sharing settings has led to the exposure of sensitive data such as personally identifiable information (PII), including employee salary compensation details, sales pipeline data, customer passwords, names, email addresses and home addresses at hundreds of companies,’ an advisory shared with Salted Hash explains.” (Source: CSO)
  • Compliance And Employee Behavior Bother Data Security. “A survey of 304 IT professionals by HANDD found that 21% of respondents felt regulation, legislation and compliance will be one of the greatest business challenges to impact data security, while 21% believe that the behavior of employees and their reactions to social engineering attacks also pose a big challenge.” (Source: InfoSecurity Magazine)
  • Don’t Click On These New Fake Replies From ‘Customer Service Departments’. “Phishing is not a new crime, but the criminals who send phishing emails continue to refine their craft. One form of phishing email that seems to be gaining momentum is the ‘fake reply.’ According to a recent report by the Comodo Threat Intelligence Lab, Internet users now face ‘a new series of phishing emails that purport to be replies to previously asked requests for information from well-known brands and likely legitimate contacts.'” (Source: Inc)
  • Employees Working While On Holiday Open Orgs To Security Risks. “Many workers will feel the need to check-up on work emails while they are away from the office and enjoying a well-earned vacation. Unfortunately, by doing that, they can open organizations to many security risks. T-Systems, the corporate IT and cyber-security arm of Deutsche Telekom, has asked 2,050 full-time workers UK about their cyber security practices while on holiday…” (Source: Help Net Security)
  • Downtime from Ransomware More Lethal to Small Businesses Than the Ransom. “Of more than half of all small-to mid-sized businesses (SMBs) infected with ransomware in the past year, attackers demanded ransom of $1,000 or less – a drop in the bucket in comparison to the downtime these attacks cause, a new report shows.” (Source: Dark Reading)
  • The Right to Be Forgotten & the New Era of Personal Data Rights. “On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) will go into effect in Europe to help harmonize personal privacy rights across all 28 EU member states. Although individual countries can maintain their own privacy laws and impose additional penalties, GDPR establishes a common baseline of protections for citizens and residents of the EU and for collectors and processors of personal data — a set of common obligations and potential fines (up to 4% of global revenue per company per country).” (Source: Dark Reading)

Safe surfing, everyone!

The Malwarebytes Labs Team