Weekly Security Roundup #65: Business as Usual on the Battlefield
Don’t be fooled: cyber crime is all about money nowadays
It’s been business as usual on this week’s security battlefield. Just after last week’s security roundup, we published a security alert about a mobile malware called Mazar BOT. This little fellow targets Android devices and spreads via text messages. It can gain administrators rights, read and send SMS, steal your data, erase the phone – long story short, it can do anything it pleases. Surprisingly, the malware cannot be installed on Android smartphones set on Russian language option, so you will be safe if you learn Russian. Or simply don’t install any fishy apps that you run into. Afterwards we met Locky – and we’re not talking about the Asgardian God of Mischief and Evil. Locky is a new ransomware that made its entrance with a bang: it extorted money from a Hollywood hospital. And since we brought cryptoware into discussion, we also have an article on how cyber criminals behind Angler exploit kit grew their distribution network. Over 350 domains related to the Angler exploit kit infrastructure were blocked only Monday. We also published two security guides that you shouldn’t miss. If you’re struggling with your online security, use this free plan to solve your issues. And last but not least, we explained how Zombies and Botnets work. Don’t worry, we’re not talking about Michael Jackson’s “Thriller” kind of zombies, that will strangle you while you sleep. No, this kind of zombies will only attack other computers. And you won’t even have a clue about what they’re up to (unless you read our article on Botnets and how to prevent your PC from being enslaved). Before you wrap up your browser tabs and fly off into the weekend, take a quick look over the most important security news of this week:
Security articles of the week
A subject that’s been on everybody’s lips in these past days: in an open letter addressed to Apple customers, Tim Cook reveals the US government’s demand to build a backdoor to iPhone. He explains how this could turn into a dangerous precedent. Here are two more articles regarding this issue that you should read: one’s from Troy Hunt, who takes his time to explain all the grey shades from this Apple vs FBI case. The other one presents John McAfee’s take:
And why do the best hackers on the planet not work for the FBI? Because the FBI will not hire anyone with a 24-inch purple mohawk, 10-gauge ear piercings, and a tattooed face who demands to smoke weed while working and won’t work for less than a half-million dollars a year. But you bet your ass that the Chinese and Russians are hiring similar people with similar demands and have been for many years. It’s why we are decades behind in the cyber race.
As we were pointing out earlier, when we introduced you to Locky, not even hospitals are immune to ransomware attacks. After not being able to access their electronic records for a ten day period, a Hollywood hospital decided to give up and pay the attacker.
CEO Allen Stefanek confirmed that the center had paid the fee, a decision that he said was “the quickest and most efficient way to restore our systems and administrative functions.”
And we thought it’s obvious that you shouldn’t flash your cash on social networks. Or your bank card. Or concert tickets. Or vacation details. Or your kids photos. Or… ah, nevermind, we’ll just follow up with an extended article on this subject.
The title is pretty much self-explanatory, right? Hundreds of Spotify premium accounts details were dumped online this week. Email addresses, coressponding passwords, home countries, account types and renewal dates were leaked. No payment credentials left out in the open, whatsoever.
Instagram finally started to roll out two-factor authentication option. It was about time! Btw, if you don’t have any idea why we’re so enthusiasted about this, check out our huge security guide on two-factor authentication. We covered how it works and why should activate it immediately everywhere it’s available. (Immediately, you hear that?)
Bad news is: because of a security flaw related to password recovery, thousands of Twitter accounts were affected. Good news is: the bug was fixed. Useful tip before we move on to the next issue: activate login verification on your Twitter account to enhance your security.
A new email phishing campaign has been targeting Airbnb customers. Make sure you don’t fall into this trap.
Scammers have plenty of options after successfully hijacking an account, especially those that are verified and have obtained stellar reviews, making it easier to lure potential victims into paying in advance in order to secure their rental.
And since we opened the phishing subject, here’s an overview of spear phishing costs. Spear phishing is at present the most effective phishing technique. It requires greater efforts, but it also provides cyber criminals better pay-off.
Just cyber attackers attacking favorite cyber attackers’ payment method.
According to Balbait’s recent survey, IT security experts believe that attackers are mostly using or taking advantage of social engineering techniques.
In “The Art of War”, Sun Tzu said that you should fully know your enemy and know yourself. Our weekly security roundup is about knowing thy enemy. But you should also do something about it, don’t just ignore all these privacy and security warnings we keep babbling about.