Tech Friday

 
  • A new variant of the Locky ransomware launches 20 million attacks in one day:
    • Locky is relatively new ransomware that is rather nasty. It attacks all local drives as well as network drives and uses both RSA and AES encryption to lock files on an infected machine
    • Locky encrypts your files and demands a ransom for the cryptographic key to unlock them
    • Because of it's advanced capabilities, it's a favorite of criminals
    • Payment is typically demanded via cryptocurrency such as Bitcoin
    • Barracuda Advanced Technology Group (BATG) discovered a new ransomware campaign based on Locky that launched 20 million attacks in a single day!
    • BATG also indicated that the number of attacks is growing rapidly
    • BATG reported that many of the attacks are originating from Vietnam and are primarily delivered via email
    • Initially, many of the emails appeared to come from Herbalife, or indicated that a copier was going to be delivered
    • The attacks are rapidly changing. BATG wrote "There have been approximately 6,000 fingerprints, which tells us that these attacks are being automatically generated using a template that randomizes parts of the files" 
    • "The names of payload files and the domains used for downloading secondary payloads have been changing in order to stay ahead anti-virus engines." - BATG
    • BATG discovered this variant is using a single identifier which means even if you pay the ransom, you will not be able to decrypt your files
    • If you get Locky, a recent backup is your only hope in this case
    • You can learn more about Locky here: https://blog.malwarebytes.com/threat-analysis/2016/03/look-into-locky/
    • You can read the BATG post here: https://blog.barracuda.com/2017/09/19/barracuda-advanced-technology-group-monitoring-aggressive-ransomware-threat/
    • Check https://noransom.kaspersky.com if you get ransomware, you might find a tool that can help
  • Hackers have hidden malware in the CCleaner PC cleanup tool:
    • CCleaner, a program that optimizes PC performance an dused by more than 130 million users, has been hacked 
    • Security firm Cisco Talos reported that the software made by Piriform was successfully infected by Trojan horse style malware
    • The malware attempts to connect to unregistered websites to download a "2nd-Stage Payload", which is even more harmful malware
    • Researchers said the attack impacted more than 2 million CCleaner customers who downloaded the software between August 15 2017 and September 15 2017
    • "There is nothing a user could have noticed" said Talos researcher Craig Williams
    • It appears the attackers are performing industrial espionage on tech firms as several high-profile companies were specifically named in the code
    • "By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users’ inherent trust in the files and web servers used to distribute updates" researchers at Talos said
    • "The 2nd stage payload is a relatively complex piece of code that uses two components (DLLs). The first component contains the main business logic. As with the first payload, it is heavily obfuscated and uses a number of anti-debugging and anti-emulation tricks." - Avast
    • Williams added an attack on accounting software in the Ukraine in June was very similar
    • Avast, Piriform’s parent company, released a statement indicating the has been fixed: "For consumers, we stand by the recommendation to upgrade CCleaner to the latest version (now 5.35, after we have revoked the signing certificate used to sign the impacted version 5.33) and use a quality antivirus product, such as Avast Antivirus. For corporate users, the decision may be different and will likely depend on corporate IT policies. At this stage, we cannot state that the corporate machines could not be compromised, even though the attack was highly targeted."
    • Read the latest from Talos here: http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html
    • Read the latest from Avast here:https://blog.avast.com/progress-on-ccleaner-investigation
    • Learn more about CCleaner here: https://www.piriform.com/ccleaner/download-cc
  • Equifax says it was also hacked back in March:  
    • News broke last week that hackers stole personal information on up to 143 million people from credit reporting firm Equifax 
    • "Given that financial institutions including credit card companies, banks, credit unions, retailers and lenders report the details of credit activity to Equifax, the 143 million consumers affected may not even be aware the company has this information on them" - Theresa Payton, CEO of Fortalice Solution
    • It was recently reported that Equifax was also breached in March of 2017
    • Equifax told Bloomberg that the March breach was not related to the large breach last week and it did not involve the same attackers
    • "Equifax complied fully with all consumer notification requirements related to the March incident," Equifax said in a statement. "The two events are not related."'
    • Equifax offered no details regarding information stolen or people affected in that breach
    • Security firm Mandiant has been hired to investigate both breaches
    • Ironically, Equifax provides credit monitoring and identity theft protection services
    • Equifax's more recent breach is among the largest in the US, and the largest known leak so far this year
    • Equifax announced that they had been hacked from mid-May to July and the breach was discovered on July 29th
    • According to a report on the data breach by William Baird & Co., hackers exploited a flaw in Apache Struts, a popular open-source software package. You can read the Baird report here: https://baird.bluematrix.com/docs/pdf/dbf801ef-f20e-4d6f-91c1-88e55503ecb0.pdf
    • Two Struts vulnerabilities have been discovered so far in 2017. One of these flaws has existed since 2008
    • "At least 65% of the Fortune 100 companies are actively using web applications built with the Struts framework," the report said. "Organizations like Lockheed Martin, the IRS, Citigroup, Vodafone, Virgin Atlantic, Reader’s Digest, Office Depot, and SHOWTIME are known to have developed applications using the framework. This illustrates how widespread the risk is."
    • Thieves made off with names, Social Security numbers, birth dates, addresses and other sensitive information
    • Equifax reported that roughly 209,000 people had their credit card numbers stolen
    • Additionally, hackers stole documents with personal information on 182,000 victims
    • People in Canada and the UK are also affected by this breach
    • In their statement, Equifax said "Criminals exploited a US website application vulnerability to gain access to certain files"
    • The company is working with law enforcement and a cybersecurity firm on the investigation
    • Senator Mark Warner, vice chair of the Senate Intelligence Committee, said the hack "raises serious questions about whether Congress should not only create a uniform data breach notification standard, but also whether Congress needs to rethink data protection policies, so that enterprises such as Equifax have fewer incentives to collect large, centralized sets of highly sensitive data like SSNs and credit card information on millions of Americans."
    • Consumer Watchdog, consumer group, urges Congress to rethink how we use credit reporting agencies and urges lawmakers to mandate two factor authentication (2FA)
    • This is a security risk for any and every website that anyone uses," Christopher O'Rourke, founder and CEO of Soteria
    • "Most often, security questions to access those websites use that data, like a previous address, so this becomes an open-source intelligence nightmare, worse in many ways than the Office of Personnel Management government breach. It's nasty. If I can get my hands on that information I can call a bank. They're going to ask me for your Social, address, the information that was leaked here, to get access." - Christopher O'Rourke
    •  Equifax is offering free identity theft protection and credit file monitoring to all US consumers. You must enroll by November 21st
    • To determine if your information has been compromised and/or sign up for the free identity theft protection and credit monitoring, go here: https://www.equifaxsecurity2017.com/enroll/
    • There have been concerns that by signing up for this service, you waive your right to sue. That has been cleared up, read this article: http://www.vaildaily.com/news/equifax-issues-statement-correcting-misconceptions-about-legal-action/
    •  Equifax has also indicated that they will be sending letters to folks whose information has been compromised
    •  Some other things you can do are:
  • If you think you are a victim, report identity theft here: https://www.identitytheft.gov/Assistant#
  • Read the Equifax FAQ here: https://www.equifaxsecurity2017.com/frequently-asked-questions/
Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view. Read more

title

Content Goes Here