The tide of ransomware is gaining momentum. We will definitely see a lot more high profile cases of ransomware in 2017. As cyber-physical barrier becomes more fluid, so too will cyberattacks.
One of Europe’s top hotels has admitted they had to pay thousands in Bitcoin ransom to cybercriminals who managed to hack their electronic key system, locking hundreds of guests in or out of their rooms until the money was paid.
Hear, hear. I’ve always regarding AV software by the usual suspects as bloatware and it’s always the first thing I uninstall on new machines that came with them. It’s ironic how the public – and shockingly some IT professionals – gives AV vendors a free pass just because they market themselves as a panacea to the malware out there.
At best, there is negligible evidence that major non-MS AV products give a net improvement in security. More likely, they hurt security significantly; for example, see bugs in AV products listed in Google’s Project Zero. These bugs indicate that not only do these products open many attack vectors, but in general their developers do not follow standard security practices. (Microsoft, on the other hand, is generally competent.)
Source: Eyes Above The Waves: Disable Your Antivirus Software (Except Microsoft’s)
If you are not an architect-level user of AWS you will probably be lost in the ever growing list of AWS services. The non-obvious names (Cognito, Athena, anyone?) for the services doesn’t help. Now someone is attempting to provide a – sometimes tongue-in-cheek – explanation of those services. Well, it’s not exactly plain english, but good attempt anyway. An Azure version is also available.
Phishing attacks are getting more creative, relying on moments of weakness in human perception. The tried-and-tested phishing method normally includes the domain name of the target site as part of the URL (eg. paypal.com-privacyprotection.com) and hope that the user doesn’t notice the actual domain (com-privacyprotection.com). This method takes it to another level ‘cos you will see the actual URL of the target site.
A new phishing technique that affects GMail and other services and how to protect yourself.
Source: Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited
Oh yes. Smart TVs. We should really be looking at it as a computer with a large screen – which happens to be running Android OS most of the time. Needless to say malware/ransomware that “works” for existing Android devices will seamlessly work in the Smart TV.
Streaming TV has been a boon for consumers. Programming is everywhere, right at our fingertips, as soon as we get our screens online. But that connectivity comes with a big…
Source: Ransomware Spreading Onto Smart TVs, Is A Pain To Fix
The first story of ransomware in 2017. We’re likely to see more stories about ransomware given its lucrativeness – people/organizations are quite willing to pay a “small” fee to get their data back. This in turns encourages more cybercriminals to turn to ransomware. The rise of cryptocurrencies like Bitcoin also helps to facilitate this as it makes it hard to trace the perpetrators.
More than 10,000 website databases have been taken hostage in recent days by attackers who are demanding hefty ransoms for the data to be restored, a security researcher said Friday.
Source: Online databases dropping like flies, with >10,000 falling to ransomware
The fragile PHP ecosystem continues to break down with holes like this. To be fair, this is a PHPMailer vulnerability. However this is likely to affect a large chunk of PHP sites as “PHPMailer continues to be the world’s most popular transport class, with an estimated 9 million users worldwide”.
An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application.
Source: PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass
It has long been speculated that NSA is able to eavesdrop on even encrypted traffic. Researchers think they have figured out how.
The Snowden documents also hint at some extraordinary capabilities: they show that NSA has built extensive infrastructure to intercept and decrypt VPN traffic and suggest that the agency can decrypt at least some HTTPS and SSH connections on demand.
…
It shows that the agency’s budget is on the order of $10 billion a year, with over $1 billion dedicated to computer network exploitation, and several subprograms in the hundreds of millions a year.
— How is NSA breaking so much crypto?
In order words, really expensive and dedicated hardware. Something only state actors can afford.
Haven’t I heard this before, you may ask. No, this is a different hack from the earlier one. It’s deja vu all over again.
Back in the days Yahoo was like Google or Facebook now. It’s hard to imagine how a company in such a superior position can end up in this state. Yahoo’s story serves as a cautionary tale for the current Internet darlings.
The company says the attack was separate from the breach that led to an earlier disclosure that 500 million accounts were hacked.
A long form article on the earlier story about NSO Group’s iPhone Zero-Days. Pretty long but easy to follow.
Last summer, Bill Marczak stumbled across a program that could spy on your iPhone’s contact list and messages—and even record your calls. Illuminating shadowy firms that sell spyware to corrupt governments across the globe, Marczak’s story reveals the new arena of cyber-warfare.