Author Archives: David Bisson

Data of 1.5 Million People Breached in Singapore’s ‘Worst’ Digital Attack

A data breach that’s being described as Singapore’s “worst” digital attack on record exposed the personal information of an estimated 1.5 million people. On 20 July, multiple ministries Singapore’s government held a press conference on what they believe was a state-sponsored attack. They didn’t reveal whom they felt was responsible for targeting SingHealth, the island […]… Read More

The post Data of 1.5 Million People Breached in Singapore’s ‘Worst’ Digital Attack appeared first on The State of Security.

Dark Web ‘RDP Shops’ Offer Access to Vulnerable Systems for as Little as $3

Cybercriminals have been selling remote desktop protocol (RDP) access to compromised machines on business networks through Dark Web marketplaces, according to July 2018 research from McAfee. Bad actors can do a lot with this access, including committing other acts of fraud and facilitating data breaches.

Given the widespread use of the protocol, organizations should implement basic security measures and password hygiene practices to protect themselves from this threat.

Dark Web Shops Offer Cheap Access to Breached Systems

While analyzing underground web marketplaces, the McAfee Advanced Threat Research team came across several “RDP shops” selling access to vulnerable systems. Some of these shops offered access to more than a dozen connections. Others, most notably the Ultimate Anonymity Service (UAS), had more than 40,000 links up for sale.

Most of these systems consisted of computers running Windows XP through Windows 10, with Windows 2008 and 2012 Server the most prevalent at 11,000 and 6,500 links, respectively. Access to those systems ranged in value from $3 to $19, with dozens of connections linked to healthcare institutions. McAfee’s most significant find was an offering that promised access to the security and building automation systems of a major international airport for just $10.

RDP Access: A Versatile Threat

Flashpoint cybercrime analyst Olivia Rowley explained that RDP access is such a hot commodity because attackers can use it to facilitate a wide variety of crimes.

“For some cybercriminals, it may be more advantageous to use a compromised RDP as a staging ground for conducting other fraud, such as making a fraudulent purchase,” Rowley said, as quoted by Dark Reading in November 2017. “Cybercriminals may also find that the compromised RDP contains sensitive files or other proprietary information, thus making the RDP a tool for conducting data breaches.”

A proprietary protocol from Microsoft, the RDP potentially leaves enterprises exposed to attackers because it allows users to control computers over a network remotely. While it’s designed to help simplify administrative tasks for businesses, attackers can abuse the protocol to remotely access computers on an internal network, including those containing sensitive information. They can then either steal that information or conduct a Samsam ransomware attack to extort payments from victims.

How Can Companies Thwart RDP Attacks?

To minimize the threat of RDP attacks, according to the McAfee report, organizations should disallow RDP connections over the open web, restrict the number of failed login attempts before an account is locked and use multifactor authentication (MFA) to make brute-force attacks more difficult.

Perhaps most importantly, security leaders should work to increase cyber awareness among employees — especially as it relates to password hygiene — through continuous training and education.

The post Dark Web ‘RDP Shops’ Offer Access to Vulnerable Systems for as Little as $3 appeared first on Security Intelligence.

Got Container Security? Make Sure to Secure Code and Supplemental Components

Organizations face numerous primary threats and security concerns when it comes to their container environments. Those issues extend into their build environment, an area which organizations need to protect because it’s usually the least secure aspect of their container infrastructure. They also extend into other areas, including inside the containers themselves. Acknowledging that exposure, organizations […]… Read More

The post Got Container Security? Make Sure to Secure Code and Supplemental Components appeared first on The State of Security.

Recent Attack Suggests Ransomware Is Alive and Well in Healthcare

A U.S. hospital disclosed that it suffered a ransomware attack, the latest in a spate of such incidents befalling the industry in recent years. Despite the fact that ransomware has declined in most other industries, these continued attacks highlight the need for healthcare organizations to boost their defenses and adopt strategies to proactively fight against this persistent threat.

Another Hospital, Another Data Breach

The hospital announced that it became aware of a crypto-malware attack on the morning of July 9. The incident affected the organization’s internal communications systems and access to its electronic health record (EHR).

Soon after discovering the malware, the hospital quickly initiated its incident response protocol, and IT professionals worked with law enforcement and forensics experts to investigate the incident. The security team also evaluated the hospital’s digital defense capabilities and decided to divert ambulance patients suffering from trauma or stroke to other institutions.

Although the investigators did not discover any evidence of the attack compromising patient data, they did opt to temporarily shut down the system as a precaution.

Ransomware Rates Remain High in Healthcare

According to Recorded Future, ransomware campaigns began declining in 2017, driven largely by the disappearance of many exploit kits (EKs) on the cybercrime market. At the same time, the remaining EKs made a tactical shift toward distributing crypto-mining malware. Unfortunately for hospitals, the decline in overall ransomware attacks does not apply to the healthcare sector.

Healthcare companies are still prime targets for ransomware because they invest relatively little in IT security. In addition, hospitals are often more willing to pay ransoms due to the criticality of their IT systems and EHRs. As John Halamka, chief information officer (CIO) at Boston’s Beth Israel Deaconess Medical Center, noted in Fierce Healthcare, some of these systems are not up to date, which makes them susceptible to vulnerability-driven attacks.

“Each time a patch is introduced, the act of changing a mission-critical system impacts reliability and functionality,” Halamka explained. “Some mission-critical systems were created years ago and never migrated to modern platforms.”

According to ZDNet, many hospitals have recently paid ransoms of tens of thousands of dollars to regain access to their data. Threat actors view these incidents as evidence that ransomware is still an effective and lucrative tactic to use against healthcare organizations.

How Can Hospitals Protect Their Data?

To protect healthcare data from threat actors looking to hold it for ransom, hospitals should double down on patch management to ensure that all networks, endpoints, applications, databases and medical devices are up to date. They should also implement network segmentation to limit attackers’ lateral movement and regularly back up data so that operations can resume quickly in the event of a breach.

As always, the best defense against threats such as ransomware is continuous training and education throughout the organization. By ensuring that everyone from rank-and-file employees to top leadership can recognize signs of a ransomware attack and act accordingly, these users can serve as the first line of defense against this persistent threat.

The post Recent Attack Suggests Ransomware Is Alive and Well in Healthcare appeared first on Security Intelligence.

Researchers Can Earn Up to $100K via Microsoft Identity Bounty Program

Microsoft announced its Identity Bounty Program through which security researchers can earn up to $100,000 for an eligible submission. On 17 July, Microsoft Security Response Center (MSRC) unveiled the creation of a new bug bounty program to help it remediate vulnerabilities affecting its Identity services. Phillip Misner, principal security group manager of MSRC, noted that […]… Read More

The post Researchers Can Earn Up to $100K via Microsoft Identity Bounty Program appeared first on The State of Security.

Why Consumers Demand Greater Transparency Around Data Privacy

Although consumers have a wide range of attitudes toward data privacy, the vast majority are calling for organizations to be more transparent about how they handle customer information, according to a July 2018 survey from the Direct Marketing Association.

Previous research has shown that many companies are not doing enough to communicate and clarify their data-handling policies to customers. Given these findings, what practices can organizations adopt to be more upfront with users and build customer trust?

How Important Is Data Privacy to Consumers?

The Direct Marketing Association survey sorted respondents into three categories:

  1. Data pragmatists (51 percent): Those who are willing to share their data as long as there is a clear benefit.
  2. Data unconcerned (26 percent): Those who don’t care how or why their data is used.
  3. Data fundamentalists (23 percent): Those who refuse to share their personal data under any circumstances.

It’s not just fundamentalists who see room for improvement when it comes to organizations’ data-handling practices. Eighty-two percent of survey respondents said companies should develop a flexible privacy policy — while 84 percent said they should simplify their terms and conditions. Most tellingly, 86 percent said organizations should be more transparent with users about how they engage with customer data.

There Is No Digital Trust Without Transparency

The results of a May 2018 study from Ranking Digital Rights (RDR), Ranking Digital Rights 2018 Corporate Accountability Index, suggest that consumers’ demands for more transparency are justified. Not one of the 22 internet, mobile and telecommunications companies surveyed for the study earned a privacy score higher than 63 percent, indicating that most organizations fail to disclose enough information about data privacy to customers.

Transparency is often a critical factor for consumers when deciding whether to establish digital trust with a company or service provider. According to IBM CEO Ginni Rometty, organizations can and should work to improve their openness by being clear about what they’re doing with users’ data. Those efforts, she said, should originate from companies themselves and not from government legislation.

“This is better for companies to self-regulate,” Rometty told CNBC in March 2018. “Every company has to be very clear about their data principals — opt in, opt out. You have to be very clear and then very clear about how you steward security.”

The post Why Consumers Demand Greater Transparency Around Data Privacy appeared first on Security Intelligence.

Four Healthcare IT Companies Warn PHO Put 800K Patients’ Data at Risk

Four healthcare IT companies warned that a primary health organization (PHO) put up to 800,000 patients’ medical data at risk. On 17 July, New Zealand and Australian healthcare companies HealthLink, Medtech Global, myPractice and Best Practice Software New Zealand sent a letter to New Zealand’s Privacy Commissioner. In it, they explained how they learned in […]… Read More

The post Four Healthcare IT Companies Warn PHO Put 800K Patients’ Data at Risk appeared first on The State of Security.

U.S. Senators Ask FTC to Launch Privacy Investigation of Smart TVs

Two United States Senators asked the Federal Trade Commission (FTC) to investigate the privacy policies and practices of smart TV manufacturers. In mid-July, Senators Edward Markey (D-MA) and Richard Blumenthal (D-CT) submitted a letter to Joseph Simons, Chairman of the FTC, asking him to open an investigation. To support their argument for an FTC review, […]… Read More

The post U.S. Senators Ask FTC to Launch Privacy Investigation of Smart TVs appeared first on The State of Security.

Human Error Strains Security Teams: How Can Companies Nip Employee Negligence in the Bud?

Employee negligence continues to be a top information security risk for key figures in the enterprise, especially IT security professionals who rely on internal threat reports to do their jobs. This risk can take the form of genuine human error, a lack of security awareness or even deliberate attempts to steal corporate data for personal gain.

According to the 2018 State of the Industry report from document destruction company Shred-it, 96 percent of Americans said they view employee negligence as at least a minor cause of data breaches against U.S. companies. Some were even more convinced: Eighty-four percent of C-suites see it as one of their biggest information security risks — and 51 percent of small-business owners agree.

Reflecting this viewpoint, the majority of U.S. businesses revealed that they’re struggling to keep pace with modern workplace trends. In particular, 86 percent of C-suites, and 60 percent of small-business owners said they believe the risk of a data breach is higher when employees work remotely.

How can companies increase cyber awareness among nontechnical employees and better incentivize them to report potential security issues before they become full-blown incidents?

What Are the Consequences of Employee Negligence?

According to the Shred-it report, two main factors are driving up the level of concern over instances of workforce negligence, which includes accessing company systems over remote and unsecured networks or improperly disposing of sensitive data.

Employee carelessness is the first factor and has historically been one of the primary causes of data breaches. The IBM X-Force team uncovered as much in its 2018 Threat Intelligence Index, noting that negligent actions were behind two-thirds of total records compromised in 2017.

Employee negligence is the second factor and makes the job of IT security professionals more difficult. To adequately defend organizations against cyberthreats, security teams need employees to report any issues they come across. However, organizations don’t always encourage them to do so. According to a 2016 Ponemon report, 67 percent of respondents said their organizations don’t provide incentives for employees to report security issues proactively.

This lack of engagement can cause small issues to evolve into major security incidents. For example, 79 percent of respondents to a Keeper Security survey that suffered ransomware attacks said the threat entered their systems through phishing emails.

Employees can help identify phishing attacks — but without the knowledge or incentive to do so, many either fall for the scam or simply keep it to themselves. As a result, security teams must devote their resources and respond to these issues that could have been prevented in the first place.

How Companies Can Minimize the Effects of Human Error

Organizations can counter negligence among their workforce by integrating data protection measures, such as resiliency backup and other disaster recovery tools, into their business practices.

Companies should also continuously evaluate the effectiveness of their security strategies and ensure that internal protocols are keeping pace with the increasingly sophisticated threat landscape. These policies should include ongoing security awareness training for the entire company and provide employees with incentives to report potential threats.

The post Human Error Strains Security Teams: How Can Companies Nip Employee Negligence in the Bud? appeared first on Security Intelligence.

Communication: A Significant Cultural Change for Embracing DevOps

Organizations can reap huge rewards by switching to a DevOps software development model. Some enterprises don’t know how to make the change. Recognizing that fact, I’ve spent the past few weeks discussing the benefits of a DevOps model, outlining how organizations can plan their transition, identifying common problems that companies commonly encounter and enumerating steps […]… Read More

The post Communication: A Significant Cultural Change for Embracing DevOps appeared first on The State of Security.

Ukrainian Law Enforcement Thwart Digital Attack Against Chlorine Station

Ukrainian law enforcement personnel thwarted a digital attack that targeted equipment owned and operated by a chlorine station. According to Interfax, the Security Service of Ukraine (SUB) detected an attempt to attack the LLC Aulska chlorine station. Located in the village of Auly in the Dnipropetrovsk region, the station functions as critical infrastructure in providing chlorine […]… Read More

The post Ukrainian Law Enforcement Thwart Digital Attack Against Chlorine Station appeared first on The State of Security.

ICO to Fine Baby Club £140K for Illegally Sharing Data with Labour Party

The Information Commissioner’s Office (ICO) announced its decision to fine a baby club £140,000 for illegally sharing individuals’ personal data with the Labour Party. The United Kingdom’s data watchdog said it intends to impose the penalty as a result of Lifecycle Marketing (Mother and Baby) Ltd (“LCMB”) failing to fulfill its responsibilities as a data […]… Read More

The post ICO to Fine Baby Club £140K for Illegally Sharing Data with Labour Party appeared first on The State of Security.

Facebook Fined £500,000 by ICO for Cambridge Analytica Data Scandal

The Information Commissioner’s Office (ICO) announced its plan to fine Facebook £500,000 over the Cambridge Analytica data scandal. On 10 July, the ICO published a progress report on its investigation into the Cambridge Analytica incident. The report, entitled “Investigation into the use of data analytics in political campaigns,” explained that the ICO had sent a […]… Read More

The post Facebook Fined £500,000 by ICO for Cambridge Analytica Data Scandal appeared first on The State of Security.

Credential Stuffing List Containing 111 Million Records Found Online

A security researcher discovered an online credential stuffing list containing 111 million records that attackers could abuse to prey upon unsuspecting users. Troy Hunt, an Australian web security expert and creator of the second version of Pwned Passwords, learned about the list from several supporters of his Have I Been Pwned service. They directed him […]… Read More

The post Credential Stuffing List Containing 111 Million Records Found Online appeared first on The State of Security.

The FBI’s 10 Most-Wanted Black-Hat Hackers – #1

It all comes down to this. In surveying the FBI’s 10 most-wanted black-hat hackers, we have come across nine criminals who have all made the web a less safe place for users. But we still have one more hacker to discuss. This individual’s crimes have surpassed all the rest in the eyes of law enforcement, […]… Read More

The post The FBI’s 10 Most-Wanted Black-Hat Hackers – #1 appeared first on The State of Security.

Does the Rise of Crypto-Mining Malware Mean the End of Ransomware?

Crypto-mining malware activity grew significantly in the first quarter of 2018, according to new research, suggesting that threat actors are finding this tactic to be more lucrative than traditional ransomware attacks due to the increasing popularity and value of digital currencies.

But this shift doesn’t signal an end to the threat of ransomware — rather, it points to an evolution toward more targeted attacks against specific organizations and industries, such as healthcare, that are most vulnerable and store particularly valuable data.

Cybercriminals Shift Tactics Amid Cryptocurrency Gold Rush

In short, this new trend shows that cybercriminals follow the money. Amid the rising popularity of cryptocurrencies like bitcoin, Monero and Etherium, threat actors have embraced crypto-mining schemes as a way to generate illicit financial gains with the least amount of effort, in the shortest time possible — and at a relatively low risk of discovery.

According to McAfee Labs Threats Report: June 2018, researchers observed more than 2.9 million samples of crypto-mining malware in the first quarter of 2018 — a 629 percent increase from just 400,000 samples in the last quarter of 2017.

“Cybercriminals will gravitate to criminal activity that maximizes their profit,” said Steve Grobman, chief technology officer (CTO) at McAfee, in a June 2018 press release. “With the rise in value of cryptocurrencies, the market forces are driving criminals to crypto-jacking and the theft of cryptocurrency. Cybercrime is a business, and market forces will continue to shape where adversaries focus their efforts.”

Troy Mursch, the security researcher behind the website Bad Packets Report, noted that the industry is seeing so many JavaScript-based crypto-miners because most modern browsers run JavaScript. This means that nearly every web user is a target of malicious crypto-jacking attacks.

Alternatively, attackers can maximize their computing power by infecting a server or other network asset with crypto-mining malware. This tactic makes enterprise networks particularly lucrative targets for crypto-jacking campaigns. Also, browser-based crypto-mining doesn’t require attackers to craft an exploit — and the action usually goes undetected so users might not know they’ve been infected for some time.

Why Ransomware Is Down but Not Out

These characteristics of crypto-mining could explain why some attackers have moved away from traditional ransomware. Victims also know when they’ve suffered a ransomware infection and can respond accordingly, which demotivates potential attackers.

But the fact that opportunistic attackers are leaving ransomware behind doesn’t mean the threat is over and done — it’s merely changing. For instance, threat intelligence provider Recorded Future noted that ransomware attack campaigns are becoming more targeted in nature. This is evident in ransomware actors’ penchant for going after healthcare, an industry in which resource deprivation can threaten people’s lives and trigger urgent responses. According to insurance company Beazley Group, healthcare targeting accounted for 45 percent of all ransomware attacks in 2017.

Attackers are also beginning to leverage the mere threat of high-profile ransomware to extract payment. Action Fraud, the U.K.’s cybercrime reporting center, detected one such scam campaign warning users that they had been infected with WannaCry. In actuality, the emails simply aimed to scare recipients into sending a bitcoin payment, limiting the necessity of even distributing malicious software to obtain its gains.

How Companies Can Defend Against Crypto-Mining Malware

Amid the growth of crypto-mining malware and the ongoing evolution of ransomware, enterprises can defend themselves against crypto-mining malware by investing in an endpoint security solution and creating a patch management program.

Because ransomware relies on suspicious emails and software vulnerabilities for distribution, users can guard against its primary attack vectors by following best security practices. Organizations can further defend themselves by regularly updating antivirus software and training employees to refrain from engaging fraudsters over email.

The post Does the Rise of Crypto-Mining Malware Mean the End of Ransomware? appeared first on Security Intelligence.

Timehop Confirms Data Breach Affected 21 Million Users

Timehop confirmed that a data breach affected certain pieces of personal information belonging to 21 million of its users. According to a statement posted on its website, the service that distributes social media memories to its members detected a network intrusion in the afternoon of 4 July. Timehop learned that those responsible for the incident […]… Read More

The post Timehop Confirms Data Breach Affected 21 Million Users appeared first on The State of Security.

6 Steps for Establishing and Maintaining Digital Integrity

To create a secure digital profile, organizations need digital integrity. This principle encapsulates two things. First, it upholds the integrity of files that store operating system and application binaries, configuration data, logs and other crucial information. Second, it protects system integrity to make sure applications, endpoints and networks perform their intended functions without degradation or […]… Read More

The post 6 Steps for Establishing and Maintaining Digital Integrity appeared first on The State of Security.

Wisconsin County Reveals Phishing Attack Most Likely to Blame for Data Breach

A county in Wisconsin revealed that a phishing attack was most likely to blame for a data breach of some service recipients’ personal information. On 22 June, Manitowoc County posted a statement about the incident to its website. County officials wrote that they first learned of the attack on 24 April. Upon discovery of the […]… Read More

The post Wisconsin County Reveals Phishing Attack Most Likely to Blame for Data Breach appeared first on The State of Security.

Twitter’s Support of U2F Key Highlights Organizations’ Ongoing Challenges With 2FA

Twitter announced in June 2018 that it will now support the use of a Universal Second Factor (U2F) key for two-factor authentication (2FA). This announcement addresses password logging issues that Twitter and other online services have experienced in recent months.

These problems, which can potentially expose customer login details to staff members and external actors, underscore the importance of providing users with the option to implement some form of 2FA.

But even though Twitter has enabled this security feature, not all users have taken advantage of it — and a portion of those that have are not thrilled about the user experience. It’s up to organizations and online services across all industries to make 2FA more approachable to users.

U2F Aims to Squash Password-Leaking Bugs

Twitter unveiled its support of the Fast Identity Online (FIDO) Alliance’s U2F security key for login verifications as part of a broader effort to combat spam and malicious bots.

According to a recent blog post, the social media giant announced plans to:

  • Make suspicious accounts less visible in metrics;
  • Make it more difficult for cybercriminals to register spam accounts;
  • Challenge suspicious accounts to prove their authenticity; and
  • Expand its malicious behavior detection capabilities.

In the meantime, Twitter urged users to protect their login information with a physical U2F security key.

The announcement came less than two months after Twitter discovered a bug in its password storage process. As noted in a company blog post, the glitch caused users’ passwords to be written to an internal log before the hashing process completed — meaning the passwords were stored in plaintext. In response, Twitter disclosed the vulnerability and notified its nearly 340 million users that they should change their passwords.

The social networking service isn’t the only company that has accidentally recorded users’ passwords in plaintext. GitHub detected a similar, yet unrelated, error around the time of Twitter’s discovery, as reported by Bleeping Computer.

These types of bugs often arise for companies that manage complex software. System Overlord reported that the change of an environment variable could theoretically produce a similar type of flaw, noting that code review can’t detect 100 percent of these errors because “releases are cut all the time with a handful of changes that were reviewed in isolation and occasionally have strange interactions.”

2FA Is Met With Resistance

Despite the security benefits, not all users see the utility of 2FA, and even those who have adopted the technology frequently bemoan the user experience. In fact, seven out of eight users who participated in a recent survey cited inconvenience as the main reason for disabling 2FA.

According to a recent Duo Labs’ report, State of the Auth: Experiences and Perceptions of Multi-Factor Authentication, just 28 percent of users said they use two-factor authentication, and only about half of those users (54 percent) said they had implemented the control voluntarily. As a result, it’s not surprising that SecureAuth found that 74 percent of IT decisions have received complaints from 2FA users, with 10 percent stating they “hate it.”

Adapting Authentication to User Needs

To strike a proper balance between security and a streamlined customer experience, companies should consider investing in silent identity and access management (IAM) solutions that work in the background to verify users without adding steps to the authentication process. These systems offer features such as single sign-on (SSO) for the one-password logins users expect and user self-service capabilities for password resets, interrupting the user experience only when malicious activity is detected.

For companies that rely on 2FA to verify user identities, security professionals and business executives must lead by example and enable these controls wherever possible, even if the corporate policy doesn’t require it. These and other identity protection measures are crucial to protect enterprise data from fraudsters looking to exploit stolen credentials.

The post Twitter’s Support of U2F Key Highlights Organizations’ Ongoing Challenges With 2FA appeared first on Security Intelligence.

Recent Extortion Scam Highlights the Need to Address Lingering WannaCry Risks

Law enforcement agencies recently discovered a spam campaign that leverages the threat of WannaCry to extort unsuspecting users, once again highlighting the need for organizations to patch systems and address lingering risks that make them susceptible to ransomware.

Investigators analyzed 300 reports of the campaign between June 21 and 22, 2018, and found that the attackers attempted to cause panic by warning recipients that their devices had been infected with the devastating crypto-ransomware. This same ransomware struck organizations in more than 100 countries in May 2017.

The spam messages claimed the attackers would delete every piece of data on the infected devices sometime during the evening of June 22, 2018. The only way victims could save their data, according to the malicious emails, was to pay 0.1 bitcoin — roughly $650 — to an attacker-controlled wallet and notify the threat group of payment by a certain time on that date.

An Empty Threat Offers a Pregnant Warning

Active Fraud, the U.K. national fraud and cybercrime reporting center that observed the campaign, explained that the emails are in reality a phishing exercise in that they spread fear — nothing more. But although this particular spam campaign doesn’t actually drop WannaCry, it’s conceivable that another operation could.

Supporting this notion is the fact that organizations are not automatically safe from WannaCry just because of the existence of the kill switch. Security firm Kryptos Logic observed approximately 100 million connection attempts from 2.7 million unique IP addresses over the kill switch in March 2018. This discovery indicates that the ransomware attempted to connect to the kill switch domain from millions of infected computers in order to proceed with encryption. It failed because of the registration of the kill switch, but it’s clear that WannaCry is still infecting machines and, by extension, trying to deny users and organizations access to their own data.

“We estimate a wide variety of hundreds of thousands of untreated and dormant Microsoft Windows infections maintain a foothold and are responsible for the residual and continued propagation of WannaCry, which by our data set analysis and estimates reach several (potentially tens of) million systems through an ebb and flow infection cycle every month,” the researchers explained.

The firm then presented scenarios in which the ransomware could still theoretically infect a company. In one scenario, an asset that’s still vulnerable to the EternalBlue Server Message Block (SMB) exploit could lay the foundation for an attack in the presence of dormant infection. Another involves a network segmentation failure.

Tips to Keep WannaCry at Bay

The bottom line: WannaCry still poses a threat to organizations. To mitigate the risk, organizations should scan their environments for vulnerable SMB services and monitor their endpoints for indicators of compromise associated with the ransomware. Users should also continuously update their antivirus software, avoid engaging with fraudsters over email and report suspicious messages to law enforcement.

The post Recent Extortion Scam Highlights the Need to Address Lingering WannaCry Risks appeared first on Security Intelligence.

Irish Retailer Reveals It Was Affected by International Data Breach

An Irish retailer revealed that an international data breach might have exposed some of its customers’ personal information. On 4 July, Harvey Norman Ireland sent out a letter to customers informing them of the incident. Its correspondence didn’t disclose the number of customers potentially affected by the breach. But it did identify the types of […]… Read More

The post Irish Retailer Reveals It Was Affected by International Data Breach appeared first on The State of Security.

Phishing Scams Target World Cup Fans — Here’s What to Do

Security researchers have observed various phishing scams aimed at World Cup fans leading up to and during the first week of the monthlong international soccer tournament. This targeted activity highlights the importance of security awareness and heightened vigilance around large-scale sporting events.

Analysts first detected the widespread phishing campaign when they discovered a rash of emails sent to soccer fans claiming to offer recipients a schedule of fixtures and results tracker for the tournament. Each of those emails used the subject line, “World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager,” and each came with a malware-laden attachment.

The malicious emails loaded up one of nine different executable files — and all of them dropped “DownloaderGuide” as its payload. A known malware variant, DownloaderGuide has a reputation for installing potentially unwanted programs (PUPs) onto victims’ computers. These applications include toolbars, search optimizers and adware.

Phishing Scams Abound at the World Cup

The researchers first detected the campaign on May 30. Although activity peaked on June 5, researchers discovered new instances of the operation in the days that followed. This social engineering campaign is only one of several targeting fans of the FIFA World Cup 2018 in Russia. IBM X-Force uncovered numerous attacks luring would-be victims with the prospect of winning prize money to be awarded by sponsors of the tournament.

As IBM noted in a recent report, those emails either came with a suspicious attachment or asked recipients to reply to a cybercriminal-controlled address, which would then enable the attackers to steal victims’ personal and financial information.

How Can World Cup Fans Protect Themselves?

Awareness is crucial for event cybersecurity. Phishing isn’t the only threat targeting World Cup fans. According to X-Force Incident Response and Intelligence Services (IRIS) analyst Camille Singleton, tournament attendees who connect to the internet via unsecured Wi-Fi are also at risk of malware and data theft. Bad actors could also compromise fans’ emails to launch stranded traveler scams in which they ask a victim’s friends and family to send money to attacker-controlled accounts.

“Whether for the purposes of information gathering or geopolitical intent to cause destruction or disruption, major sporting events continue to be a target for cybercriminals of all backgrounds,” said Wendi Whitmore, director at IBM X-Force Threat Intelligence. “Educating the public about the potential threat is an important element to improving the overall security of these events.”

Singleton noted that fans and organizations could defend themselves against World Cup-themed threats by keeping their devices up to date, blocking public Wi-Fi access and exercising caution around suspicious links and email attachments.

The post Phishing Scams Target World Cup Fans — Here’s What to Do appeared first on Security Intelligence.

Malicious Actors Generated $175 Million in Monero Via Cryptocurrency Mining, Report Reveals

Crypto-thieves have earned a total of $175 million in Monero via malicious cryptocurrency mining techniques, according to a recent study. These illicit profits represent 5 percent of all Monero in circulation today.

This surge is largely due to cybercriminals’ preference for the digital currency and the rapid proliferation of crypto-mining malware, the study found. However, since they didn’t include JavaScript or web-based mining activities in their research, the report’s authors noted that the true figure is likely much higher.

Monero: Cybercriminals’ Favorite Digital Currency

For the report, Palo Alto Networks used a threat analysis service to determine which digital currencies malicious actors prefer to mine for and how lucrative this activity is for crypto-miners. Of the 629,126 malware samples included in the research, 531,663 (approximately 85 percent) delivered software designed to mine for Monero. This figure dwarfed that of bitcoin, which came in second with 53,615 samples.

Monero’s dominance extended to the number of wallets observed in the dataset. In total, the researchers identified 2,341 Monero wallets, which was more than twice the amount of bitcoin wallets at 981. By comparison, Electroneum, Ethereum and Litecoin were barely represented at just 131, 44 and 28 wallets, respectively.

In addition, the researchers identified 3,773 emails used to connect to mining pools and 2,995 mining pool URLs.

Addressing the Cryptocurrency Mining Threat

Josh Grunzweig, senior malware researcher at Palo Alto Networks, noted that it’s difficult to defeat cryptocurrency mining software delivered by malware.

“Many malware authors will limit the CPU utilization, or ensure that mining operations only take place during specific times of the day or when the user is inactive,” Grunzweig explained. “Additionally, the malware itself is delivered via a large number of methods, requiring defenders to have an in-depth approach to security.”

To help organizations protect themselves, Palo Alto provided all Monero wallets and hashes for all the malicious samples it identified in its research.

The post Malicious Actors Generated $175 Million in Monero Via Cryptocurrency Mining, Report Reveals appeared first on Security Intelligence.