Last week was a busy week when it comes to ransomware. New victims included a utility company, visitors to a toymaker’s website, pirates sailing The Pirate Bay and many more. Some cyber crooks are now demanding gift cards for ransom instead of bitcoin.
While it wasn’t all bad news, there are new decryptors and detectors, the FBI published a new warning about the proliferation of increasingly sophisticated ransomware campaigns.Utility company hit with ransomware
Lansing Board of Water & Light (BWL), a Michigan municipal utility, was hit with ransomware after an employee opened an email that had a malicious attachment. The ransomware spread, encrypting files on other computers on the internal network. BWL shut down its accounting system, email service for 250 employees and “phone lines,” including the customer assistance line for account inquiries and the line for reporting outages. “Printers and other technology” were also affected.To read this article in full or to leave a comment, please click here
Given the recent sharp increase in cyberattacks of all kinds, IT operations driving enterprise scale networks need something that will effectively reduce their intelligence gathering problems and help to automate their response to be as fast as possible. What’s needed is the ability to identify and deal with attacks as they happen but there are some really significant challenges in doing this including the sheer scale of network event data, the problem of filtering out the event "noise" and false positives, and the ability to detect zero day threats. With what must be one of the headiest combinations of hot technologies I’ve seen for a while, the security company Cybereason uses behavioral analytics, big data, and machine learning along with major league threat intelligence resources to thwart cyberattacks in, they claim, real time. To read this article in full or to leave a comment, please click here
The scourge of ransomware hit new highs in 2015 and 2016 is turning out to be no bargain – particularly attacks against businesses as the payoffs are higher, the FBI said this week.Ransomware attacks are not only proliferating, they’re becoming more sophisticated, the FBI stated.+More on Network World: FBI warning puts car hacking on bigger radar screen+“Several years ago, ransomware was normally delivered through spam e-mails, but because e-mail systems got better at filtering out spam, cyber criminals turned to spear phishing e-mails targeting specific individuals,” the FBI stated. And in newly identified instances of ransomware, some cyber criminals aren’t using e-mails at all. “These criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers,” said FBI Cyber Division Assistant Director James Trainor in a statement.To read this article in full or to leave a comment, please click here
Cloud providers hosting blockchain secure transactions technology should take additional steps to protect the records, IBM says.IBM's new framework for securely operating blockchain networks, released Friday, recommends that network operators make it easy to audit their operating environments and use optimized accelerators for hashing -- the generation of numbers from strings of text -- and the creation of digital signatures to pump up CPU performance. Along with the security guidelines, IBM announced new cloud-based blockchain services designed to meet existing regulatory and security requirements. The company has worked with security experts to create cloud services for "tamper-resistant" blockchain networks, it said.To read this article in full or to leave a comment, please click here
Attackers are aggressively pushing a new file-encrypting ransomware program called CryptXXX by compromising websites, the latest victim being U.S. toy maker Maisto. Fortunately, there's a tool that can help users decrypt CryptXXX affected files for free.Security researchers from Malwarebytes reported Thursday that maisto.com was infected with malicious JavaScript that loaded the Angler exploit kit. This is a Web-based attack tool that installs malware on users' computers by exploiting vulnerabilities in their browser plug-ins.To read this article in full or to leave a comment, please click here
Your computer has been infected by ransomware. All those files -- personal documents, images, videos, and audio files -- are locked up and out of your reach.
There may be a way to get those files back without paying a ransom. But first a couple of basic questions:
Do you you have complete backups? If so, recovery is simply a matter of wiping the machine -- bye bye, ransomware! -- reinstalling your applications, and restoring the data files. It's a little stressful, but doable.
Are they good backups? Even if you did the right thing, backups aren’t foolproof, as legions of traumatized users have discovered. Unfortunately, this may be hard to determine without a full restore, so be aware that the wipe-and-restore method carries some risk.
[ Wait, is that fake ransomware or the real thing? Here's how to tell and what to do about it. | Make threat intelligence meaningful: A 4-point plan. | Discover how to secure your systems with InfoWorld's Security newsletter. ]
If you answered no to either question, don’t throw in the towel and pay the ransom yet. Maybe -- maybe -- there's a decryption tool that can get you out of this Continue reading
Unlike most malware, ransomware is not stealthy. It's loud and obnoxious, and if you've been infected, the attackers will tell you so in no uncertain terms. After all, they want to be paid.“Your personal files are encrypted,” the message on the computer blares. “Your documents photos, databases, and other important files have been encrypted with strongest encryption and unique key, generated for this computer.” While the language may vary, the gist is the same: If you don’t pay the ransom -- typically within 48 to 72 hours -- your files are hosed.[ Oh no! Got real ransomware? Then one of these tools might help. | 4 reasons not to pay up in a ransomware attack. | Safeguard your data! The tools you need to encrypt your communications and Web data. ]
Or are they? There is a slim possibility the perpetrators may be trying to fake you out and the files haven’t been encrypted. While not a common scenario, it does happen, according to industry experts. Rather than paying up, you can bypass the scary fake message and move on with your day.To read this article in full or to leave a comment, please click here
The advanced threats companies face require security teams have different characteristics than the backgrounds analysts typically have. However, most businesses hire security practitioners who have similar professional backgrounds and capabilities. Analysts usually have IT backgrounds, are taught to quickly resolve threats and work in an environment that doesn’t embrace speaking out when there’s a security incident.The adversaries, meanwhile, have a more evolved perspective on how to carry out hacking campaigns. Attack operations often include people who have a range of experiences. For example, to hack a bank, attackers will hire hacking experts as well as someone with deep knowledge about the financial services industry. Hacking teams often employ experts who have various technical capabilities to help them approach attacks in different ways and switch gears if one tactic isn’t working. Hackers realize that a more diverse team—and the mindset it brings—increases the likelihood of the attack’s success.To read this article in full or to leave a comment, please click here
Google's efforts to police the Android app store -- Google Play -- are far from perfect, with malicious apps routinely slipping through its review process. Such was the case for multiple phishing applications this year that posed as client apps for popular online payment services.Researchers from security firm PhishLabs claim that they've found 11 such applications since the beginning of 2016 hosted on Google Play, most of them created by the same group of attackers.The apps are simple, yet effective. They load Web pages containing log-in forms that look like the target companies' websites. These pages are loaded from domain names registered by the attackers, but because they are loaded inside the apps, users don't see their actual location.To read this article in full or to leave a comment, please click here
The Supreme Court has adopted amendments to a rule to give judges the authority to issue warrants to remotely search computers whose locations are concealed using technology.The proposed move had been criticized by civil rights groups and companies like Google that said it threatened to undermine the privacy rights and computer security of Internet users.The top court has approved changes to the Federal Rule of Criminal Procedure , including Rule 41, which with some exceptions prohibits a federal judge from issuing a search warrant outside of the judge’s district. The change in the rule was proposed by the Advisory Committee on the Rules of Criminal Procedure at the request of the Department of Justice .To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. You know it's bad when a cyber crime wave makes victims out of U.S. police departments. Law enforcement agencies in at least seven states have been blackmailed by cyber attackers using ransomware. Data on departmental computers has been encrypted by malware and held hostage, with the demand that a ransom be paid in bitcoins. Unaccustomed to giving in to criminals, many of the agencies refused to pay and subsequently lost access to their information forever.Cyber criminals also have been targeting U.S. hospitals. In one high profile case, a California hospital lost access to its critical patient records for a week until a ransom worth about $17,000 was paid. Experts estimate this particular facility was losing as much as $100,000 a day in just one department because it wasn't able to perform CT scans without access to its data.To read this article in full or to leave a comment, please click here
The CIA unearths some pretty interesting materials and this week it was touting the oldest once-classified documents in is collection.
The mostly cryptic documents, from 1917 and 1918 describe secret writing techniques are believed to be the only remaining classified documents from the World War I era. Any documents describing secret writing fall under the CIA’s purview to declassify, the agency noted.
+More on Network World: The hot art in the CIA’s cool art collection+
The CIA website noted that one file outlines the chemicals and techniques necessary for developing certain types of secret writing ink and a method for opening sealed letters without detection. Another communication dated June 14, 1918 – written in French – discloses the formula the German’s used to produce invisible ink.To read this article in full or to leave a comment, please click here
Developers from hundreds of companies have included access tokens for their Slack accounts in public projects on GitHub, putting their teams' internal chats and other data at risk.Slack has become one of the most popular collaboration and internal communication tools used by companies because of its versatility. The platform's API allows users to develop bots that can receive commands or post content from external services directly in Slack channels, making it easy to automate various tasks.Many developers post the code for their Slack bots -- some of which are small personal projects -- on GitHub, but fail to remove the bots' access tokens. Some developers even include private tokens associated with their own accounts in the code.To read this article in full or to leave a comment, please click here
I just read a Bloomberg article proclaiming that Symantec cut its quarterly revenue forecast and announcing that CEO Michael Brown will step down. Unfortunately for Symantec, the company has had a revolving door of chief executives—four different individuals since 2008, and now onward to a fifth.When Symantec went through a similar CEO transition in 2014, I posted a blog to suggest what I would do as its next CEO, but surprisingly my phone never rang. Nevertheless, I reviewed my two-year-old recommendations this morning and many of Symantec’s issues back then still need fixing. Given this, allow me to review and update my CEO action plan for Symantec:To read this article in full or to leave a comment, please click here
The U.S. and its allies should be concerned about cyberattacks from ISIS-affiliated groups, but the hackers are poorly organized and likely underfunded, at least in the short term, according to a new report.Several pro-ISIS hacking groups announced this month they are joining together to form the United Cyber Caliphate, but the groups seem to have limited abilities, according to a report from security intelligence research group Flashpoint. Still, with new coordination, "even limited success could inflate their notoriety and enable them to continue to grow their capabilities and attract talent," Flashpoint said.To read this article in full or to leave a comment, please click here
An Estonian man has been sentenced to seven years and three months in prison in the U.S. for his role in a cybercriminal operation that infected over 4 million computers with DNS hijacking malware.Vladimir Tsastsin, 35, from Tartu, Estonia, was one of the key players in a US$14 million click fraud scheme. He is the sixth individual to be sentenced in the case and has received the longest prison sentence. The sentence was handed down Tuesday in U.S. District Court for the Southern District of New York.According to the Department of Justice, between 2007 and 2011, Tsastsin and his co-conspirators set up companies that masqueraded as publisher networks and entered into agreements with advertising brokers to display ads on their properties.To read this article in full or to leave a comment, please click here
Identity protectionImage by ThinkstockThe IoT security battle is lost if you’re uncertain that the person or thing on the other end of an online transaction is actually who or what it claims to be. Most IoT attacks occur when malicious actors are able to replace an authentic sensor with a compromised device, or when unauthorized remote access is gained and transmits a false signal to a device. To prevent these kinds of attacks, digital identity must establish effective online trust for all connected devices and people in an IoT interconnected ecosystem. This kind of online trust is achieved by implementing a comprehensive approach to digital identity and access management.To read this article in full or to leave a comment, please click here
Ransomware has become a major threat to the U.S. healthcare industry this year. The high-profile attacks that involved Hollywood Presbyterian Hospital in Los Angeles, MedStar Health in Washington, D.C., and other healthcare systems are just the tip of the iceberg. Over half of hospitals surveyed recently by HIMSS Analytics and Healthcare IT News said they had been hit by ransomware attacks in the past year. Another 25 percent were unsure whether such attacks had occurred. To read this article in full or to leave a comment, please click here
The U.S. House of Representatives, in a rare unanimous vote, has approved a bill to strengthen privacy protections for email and other data stored in the cloud.The Email Privacy Act would require law enforcement agencies to get court-ordered warrants to search email and other data stored with third parties for longer than six months. The House on Wednesday voted 419-0 to pass the legislation and send it to the Senate.The bill, with 314 cosponsors in the House, would update a 30-year-old law called the Electronic Communications Privacy Act (ECPA). Some privacy advocates and tech companies have been pushing Congress to update ECPA since 2011.To read this article in full or to leave a comment, please click here
The concerns around the cybersecurity of your car are likely magnify in the near term while experts try to figure out what can be done simply to eliminate risks.But while some short-term fixes may develop, forthcoming government auto cybersecurity standards won’t happen until at least 2018. Furthermore, technologies, such as message encryption and authentication, which can be used to secure and verify the legitimacy of communications occurring along in-vehicle networks—cannot be incorporated into existing vehicles. Rather, such technologies must be incorporated during the vehicle design and production process, which according to experts, will take approximately 5 years to complete, according to a report out this week by the Government Accountability Office.To read this article in full or to leave a comment, please click here