Weekly Security Roundup #79: Ransomware Is the Star of the Week (Once Again)
Your confidential data is leaking all over the place, but you can stop it
Once again, ransomware was the star of the week in the cyber security news, along with the ghosts of past hacks and data breaches.
Our latest security alert documents a highly targeted ransomware attack: cyber criminals are impersonating Telia, a giant telecom company with operations in Europe and Asia. Attackers localize the emails and all elements tied to the campaign, thus raising their chances to succeed.
And after all these ransomware attacks, it only came naturally to publish an anti-ransomware plan. It’s a protection plan for you to read and follow to cut down the odds of an infection.
We also updated an article on the top online scams cyber criminals use to trick you. It was published by my colleague, Aurelian, two years ago, and now brought up to date.
Also, if you haven’t had the chance, don’t forget to vote for us at the European Security Blogger Awards. There’s only one week left! Thank you for your support, we are grateful for all the great feedback.
Security articles of the week
Troy Hunt wrote about the impact and implications of the LinkedIn data breach.
You should also read this article on how to protect your LinkedIn account using two-step verification.
Everybody’s warning against it, nobody takes it seriously. We’re talking about password recycling. After the recent large data breaches on other sites and a rise in account takeovers, Reddit was forced to reset the passwords of 100,000 users in two weeks.
FBI‘s Internet Crime Complaint Center recorded 2,453 ransomware victims last year, that resulted in more than $1.6 million in losses. That’s double the number of victims, and three times as much in damage compared to 2014.
The report shows the number of victims and financial losses for each state.
A few lessons that we can draw from Guccifer‘s confession on how he hacked 100 email and social media accounts:
“This shows how apparently harmless information like a school’s name can help criminals and why people should be careful with what they disclose about their lives online.”
Also, here’s an independent audit that reveals all the reasons why presidential candidate Hillary Clinton and her team were at fault over email security.
One of the cyber crooks involved in the Celebgate nude-photo scandals (also known as The Fappening) pleaded guilty. Ryan Collins managed to breach into more than 100 Apple and Gmail accounts using phishing emails.
WhatsApp users are tricked into installing WhatsApp Gold – “an exclusive chance” into downloading a fake version of the app. Infected with malware, of course.
In what researchers at Comodo Threat Research Labs say it might be one of the biggest spam ransomware campaigns of this year, Amazon customers are targeted with a massive spear phishing campaign. The recipients receive Microsoft Word documents with a macro that triggers downloads of the Locky ransomware.
Experts point out that Dropbox Infinite, the new feature the company just announced, may also open the device to serious vulnerabilities.
“Anyone can create another stage upon which to present. Bringing value to the security dialogue and adding to the collective discussion is something else entirely. All the world may indeed be a stage, but that doesn’t mean I shouldn’t yearn for more than that.”
Have you ever given a thought on what will happen to your accounts and passwords after you die? This guy did. Here’s what he did to tackle them.
Ransomware attacks keep stealing the spotlight. Everywhere you turn, there’s another attack that’s publicized. It’s no wonder that cyber experts are considering it the biggest cyber threat of the moment – and don’t expect it to go anywhere soon.
Also try and keep our anti-ransomware protection plan at hand – read it, follow it, share it.