Weekly Security Roundup #58: Why You Should Never Say “This Can’t Happen to Me”
Don’t rely on sheer luck for your online protection
All the talk in the past days was about Angler and TeslaCrypt, so it wouldn’t be fair to start our weekly roundup without mentioning them.
The infamous exploit kit Angler got a lot off atention lately. My colleague, Andra, published yesterday a a step by step walk-through with everything you need to know about Angler: what it is, why it stands out, how it spreads and how you can stay safe from it. We tried to write it in a friendly matter, to ensure that even our most non-technical followers will understand its relevance.
TeslaCrypt was the other “star” of the week. A ransomware that started as a Trojan designed to target users and is now attacking companies. First discovered at the beginning of the year, it’s back and in better shape. In the past days we’ve seen an increase in targeted infections, so don’t skip our extended alert on TeslaCrypt.
For more security news of the week, scroll on.
Security articles of the week
Nemesis is the newest and baddest type of malware detected, designed to steal financial information.
Exposed by the researchers at FireEye, it uses a technique called bootkit, that infects lower-level system components and executes before the operating system even started booting.
Because of its location, Nemesis is difficult to identify and erradicate, and it also stubbornly persists after a re-installation of the operating system.
2. Cyber attacker asks UAE bank for $3 million ransom and then leaks tens of thousands of customers’ financial data
In latest data breach news, tens of thousands of customers financial information from an United Arab Emirates Bank were leaked online.
The cyber attacker, someone claiming to be “Hacker Buba“, demanded to be paid $3 million in Bitcoin.
Since the bank representatives declared that they refuse to negotiate with blackmailers, he kept his word and started publishing customers databeses – mostly corporate accounts.
The UK’s National Crime Agency recently launched #CyberChoices campaign, with the intention to discourage youngsters getting involved in cyber crime activities. The campaign comes after a sudden drop in cyber attackers’ average age, to only 17 years, from 24 in the previous year.
“[…] the campaign seeks to help motivate children to use their skills more positively. […] By choosing the criminal path they can move from low level ‘pranking’ to higher level cyber crime quite quickly, sometimes without even considering that what they’re doing is against the law.”
Just because USA switched to the EMV cards technology, don’t be tricked into thinking financial fraud risks will drop. Cyber attackers just changed their strategies and are now taking advantage of different system vulnerabilities. Business as usual.
Apparently, someone has been trying to take down the Internet. DNS root servers were badly hit on November 30 and 1st of December, by two huge DDoS attacks. Lasting for a total of 4 hours, they peaked at five million queries per second. However, the impact was barely perceptible by end-users, the flood only causing some minor delays.
The attack’s source couldn’t be tracked and there’s no hope in finding it, because of the nature of the attack.
Five reasons why web apps are so insecure and what companies do (or, better said, don’t) to ease cyber attackers’ path.
“[…] it’s the business who pays the salaries to developers and infosec folks, and it’s always the business who has the last word.”
In this interview, Natalya Kaspersky, the co-founder of Kaspersky Lab, talks about the state of the cyber security industry and how we’re losing the war against the dark side.
We’re insisting with the Vtech data breach because of the gravity of the issue: 200.000 kids had their personal details leaked, together with 5 million parents. Imagine pairing children and parents photos together with their names, postal and email addresses, and dark possibilities suddenly arise.
Also related to our kids’ protection concerns, several security issues for Hello Barbie toy were discovered by the folks at BlueBox Labs.
To those unfamiliar with the subject, Hello Barbie is the first interactive Barbie doll. Using voice recognition technology, it connects to wi-fi and is able to have real time conversations with each child. The audio records are uploaded into cloud.
With the Internet of Things devices gaining popularity, have you ever just stopped and wondered about what security and privacy problems they will bring?
Here’s an easy example: you come home at night, tired after a long working day, and all you want to do is eat, take a long relaxing bath and sleep. Before going to bed, you check your smart home sensors to see if your front door is locked. How can you be sure that it really is locked? How can you be sure that nothing (or nobody?) is interfering?
This article raises some serious questions, but also brings a few sollutions that can be implemented by manufacturers.
You can run, you can hide, but you’ll always be more or less exposed to cyber risks. All it takes is a working Internet connection.
What you can do is try to keep the attackers in check. Be aware of the new threats, stay informed and up to date with the latest security measures. You can also take our cyber security course.