Weekly Security Roundup #54: Detecting the Unperceivable
If your antivirus can’t detect this ransomware, than you should add to your protection
One of the most prominent news this week has been the emergence of a new CryptoWall strain, which threatens to give even more trouble to companies and users around the world.
We shared our discoveries in yesterday’s security alert, which includes details about its improved cloaking abilities and enhanced communication capacity.
A challenging 2016 is shaping up, but until then let’s see what the Weekly Security Roundup packs.
Security articles of the week
CryptoWall 4.0 may have just hit the market, but its predecessor has done a lot of damage. The Cyber Threat Alliance released an in-depth analysis that shows how CryptoWall 3.0 has caused $325 Million in financial damage to the victims whose data it has enncrypted. And this is just in a year’s time.
“There’s nothing bad that could happen if a cyber criminal collected the information I’ve posted online.” There are many who still think this is true, but here’s how this type of information was used to attack Vodafone UK, which blocked over 1800 accounts to keep them from leaking confidential data.
The practice of ad blocking rises many ethical questions. The reality is that is also blocks a hefty percentage of attack vectors, but CISOs have yet to vet this as a best practice in any corporate environment.
The famous software forum, was attacked this week, which led to its developers taking it down. User data may have been compromised, so a password change is definitely in order. Here’s what Security Week reported:
Vulnerabilities in unpatched versions of vBulletin are often leveraged to breach websites using the forum software. In 2013, thousands of websites were hacked via a security hole in vBulletin.
While a new ransomware strain rises, another one (or two) fall(s). This week, the Russian security company released all the known keys required to unlock files encrypted by the CoinVault and Bitcryptor cryptoware strains. This may announce their death, but one can never be sure, as we’ve seen with Dridex and other examples.
This is why you shouldn’t keep stuff on your phone that you don’t want to make public online. The Chimera ransomware creators have decided to take it up a notch and threaten victims to publish their photos online if they don’t pay up. Public shaming is yet another dangerous tactic in their social engineering toolbox and we hope it doesn’t become the norm.
A recent survey by Kroll shows that cyber risk managers have started to turn their attention to new tactics and tools that can help them mitigate risk and void data breaches and other cyber attacks consequences. Employee education programs and encryption are becoming more important, as risk managers also call for larger budgets to address security concerns.
Cyveillance releases a very interesting infographic depicting the difference between these key terms and exploring essential characteristics of the Dark Web that is often mentioned in the media. It’s definitely worth an attentive read.
Malware creators and other types of cyber criminals invest a lot of time, money and other resources into building their infrastructure. Botnets are their “business'” staple, because, without them, they couldn’t launch their attacks and maintain the anonymity. But a “multi-layered, decentralized, and widely distributed” botnet is something that’s worth reading about and understanding to see the true danger that lies in its capabilities.
TrendMicro seems to believe so. From Ashley Madison to ransomware, there have been so many extortion attempts that we’ve lost count. And 2016 does not look like it’s going to start a new chapter, but rather continue on the same note, as malware creators and attackers sharpen their tools and become even more ambitious. We have a lot of work to do, and we hope you will join us in a common effort to block their efforts.
We can’t help but emphasize the basics, each time a new type of malware comes up. Many Internet users see cyber security as an intricate field that has nothing to do with them, because who would want to attack them anyway? These are the exact people whose computers are enrolled in botnets, which are then used to infect more computers and create an endless string of vulnerabilities in a system that is already complicated enough (the software and hardware industries).
Getting a few things right in terms of online protection can go a very long way. Don’t start tomorrow. Start today.