Ryuk first appeared in August 2018, and while not incredibly active across the globe, at least three organizations were hit with Ryuk infections over the course of the first two months of its operations, landing the attackers about $640,000 in ransom for their efforts. According to CrowdStrike analysis from late last week, Grim Spider has […]
The post A Scary Evolution & Alliance of TrickBot, Emotet and Ryuk Ransomware Attack appeared first on GBHackers On Security.
The City of Del Rio IT system was compromised by the Ransomware attack that leads to shut down the regular operation and the servers are disabled. Del Rio is a city in and the county seat of Val Verde County, Texas reported that the powerful Ransomware hit on their IT system. As a precaution step, Management Information Services (MIS) […]
The post U.S City Del Rio Attacked by Ransomware – All the Operation has been Shut Down appeared first on GBHackers On Security.
Terms like “privacy,” “personally identifiable information (PII)” or “educational technology (EdTech)” often sound abstract and far from the responsibility of the average person, meant primarily for security and IT professionals. But when schools are forced to close after parents and kids receive ominous, personalized messages, as they did recently in an Iowa school district, according to the Des Moines Register, internet security becomes very real for the whole community.
Late last year, a cybercriminal group known as Dark Overlord — infamous for attempting to extort Netflix — stole data from school districts around the country, according to The Washington Post. Then, as part of ongoing extortion attempts, it used the pilfered information to threaten parents and students around the country. Districts in Montana, Texas and Alabama also closed schools after attackers texted threats to parents, according to CSO Online.
The Department of Education issued a warning and that round of attacks subsided, but others continue. Earlier this year, a Massachusetts school district paid cybercriminals $10,000 in bitcoin to regain control of its data after a ransomware attack, according to ABC News.
Incidents like these have federal authorities increasingly worried about security at school districts around the country, even as schools increasingly rely on technology for everything from tracking performance to attendance.
The Federal Bureau of Investigation (FBI) recently issued a sharply worded public service announcement aimed at schools and parents titled “Data Collection and Unsecured Systems Could Pose Risks to Students.”
Software used in schools collects a lot of very sensitive information, the FBI warned, including “[PII]; biometric data; academic progress; behavioral, disciplinary and medical information; web browsing history; students’ geolocation; IP addresses used by students; and classroom activities.” That data is a potential treasure trove for a group like Dark Overlord.
“Malicious use of this sensitive data could result in social engineering, bullying, tracking, identity theft, or other means for targeting children,” the FBI said.
Social Engineering 101: How to Hack a Human
It is unclear whether the FBI’s warning came in response to a specific threat — as the Department of Education’s warning did — or was just a renewed call to action. Either way, the challenges are steep.
While increased use of EdTech products creates an ever-expanding set of targets for threat actors, many districts are facing tighter budgets, unable to buy the latest security technology that corporations employ, warned the Future of Privacy Forum, an industry group.
“Schools rarely have the resources to establish dedicated security staff, leaving technologists with a full plate — combating malicious access attempts while also handling humdrum IT issues and attempting to comply with new state student privacy laws; more than 120 laws were passed in 40 states since 2013,” it said.
In the Iowa case, authorities say student and family data was stolen from a third-party supplier. Vendor management is a headache for all manner of organizations. The proliferation of outside organizations with access to students’ most personal information creates a vast attack surface for threat actors, warned privacy law expert Bradley Shear, CEO of school security consultancy Digital Armour LLC.
“Our public schools are fast becoming targets of cybercriminals. These types of incidents are increasing and costing taxpayers tens of thousands of dollars per incident,” Shear said. “It’s not just school districts we have to protect from cybercriminals, but also their vendors.”
In its PSA, the FBI also called attention to internet of things (IoT) devices.
“EdTech connected to networked devices or directly to the [internet] could increase opportunities for cyber actors to access devices collecting data and monitoring children within educational or home environments,” it said. It also pointed to the risk of take-home devices, like tablets, or monitoring devices that allow remote access.
The FBI alert called on parents to become more aware of potential risks, and urged families to keep in contact with school districts about various EdTech programs they use. It also recommended participation in parent coalitions, and suggested regular internet searches to identify children’s exposure and spread of their information on the internet.
The Future of Privacy Forum also offers a number of tools to parents on FERPA|Sherpa, named for the federal law that governs data collection and sharing at schools, the Family Educational Rights and Privacy Act (FERPA). The organization recommends parents regularly ask districts how they handle directory information, what the rules are for recording devices, how they secure children’s information and a set of other queries in their document, “Parents: Raise Your Hand and Ask Schools How They Protect Student Data.”
School districts are beginning to tackle the problem by sharing resources and strategies with one another. Nearly 500 districts in more than a dozen states participate in the Student Data Privacy Consortium (SDPC), and they’ve implemented a model contract that vendors must use to ease vendor management, available on the SDPC website.
The SDPC says it leverages privacy-related projects by member districts “to have their good work utilized and no reinvention of existing work.” The Department of Education also offers a “Student Privacy 101” resource for various stakeholders, from K-12 administrators to vendors.
But for Shear, improving cybersecurity at schools needs to begin with an attitude about collection minimization. The less data schools and vendors collect and store, the smaller the opportunity for threat actors. Most critically, vendors and schools should delete information as soon as it is no longer necessary.
“Technology vendors have a huge bull’s-eye on them because of their insatiable appetite for personal information,” he said. “Recent data breaches … demonstrate why it’s necessary to have strict sunset provisions inherent in the data collection process.”
School districts must perform a balancing act when deleting data, however, as there are various data retention requirements to take into account. There are also juggling acts to perform when setting strict requirements around data to keep out threat actors while enabling access for educators and parents when necessary. Take allergy requirements: If a substitute teacher has trouble accessing his or her students’ health records because of a tricky login process, a dangerous situation could develop.
Parents, teachers, administrators and security experts need to engage in an ongoing dialogue about what schools must do to keep kids safe while ensuring they have access to the tools they need.
The post FBI Warns EdTech Needs Stronger Defenses for Students’ Personal Data appeared first on Security Intelligence.
This post appeared first on Security Intelligence
Author: Bob Sullivan
A new malvertising chain that uses multiple payloads to steal confidential information from the victim’s machine and to encrypt their files with GandCrab Ransomware. Threat actors using the the Fallout exploit kit, a utility program that designedto exploit vulnerabilities in ports, softwares and to deploy backdoors in vulnerable systems. Malwarebytes security researchers observed a threat […]
The post New Malvertising Chain that Steals Confidential Information and Encrypts With GandCrab Ransomware appeared first on GBHackers On Security.
This post appeared first on Naked Security Blog by Sophos
Author: John E Dunn
This post appeared first on Naked Security Blog by Sophos
Author: Paul Ducklin
FBI and DHS issued a joint alert on how to handle the SamSam ransomware attacks that targeted multiple industries. The SamSam ransomware is highly active in 2018, it breaks down 67 different types of organization network across the world especially in the U.S. Every time it evolves with improved sophisticated capabilities and carefully selected specific […]
The post FBI and DHS issued Alert On Increase in SamSam Ransomware Attacks Targeted Multiple Industries appeared first on GBHackers On Security.
A new ransomware strain spreading as a result of supply chain attack targeting Chinese users starting from December 1 and infected more than 100,000 computers. The ransomware not only encrypting the system files, but it is also capable of stealing login credentials of popular Chinese online services such as Taobao, Baidu Cloud, NetEase 163, Tencent […]
The post A New Ransomware Strain Spreading Rapidly and Infected More than 100,000 Computers appeared first on GBHackers On Security.
Although Black Friday and Cyber Monday are behind us, consumer scams are likely to continue surging through the coming month. Malicious actors know that online retail spikes during the holiday season, so they increase their efforts to spread ad malware rather than good cheer.
Cautious consumers might be on the lookout for malicious apps and websites, but another tactic that cybercriminals will likely leverage extensively is malvertising — ads embedded with malware. Retailers also tend to prioritize customer experience over data security, so it’s important to understand how to avoid malvertising scams and prevent opportunistic threat actors from affecting your network during the holiday season.
According to a Black Friday digital fraud report from RiskIQ, “Some fake apps contain adware and ad clicks or malware that can steal personal information or lock the device until the user pays a ransom. Others encourage users to log in using their Facebook or Gmail credentials, potentially exposing sensitive personal information.” In fact, the researchers from RiskIQ found that the brand names of the five leading retailers were frequently used in malicious and fraudulent mobile apps.
With virtually every retailer promoting online shopping deals, the internet is a hotbed of opportunity for scams. Jerome Dangu and Jack Cohen Martin, co-founder and chief technology officer (CTO), respectively, of antimalvertising firm Confiant, said they uncovered what appeared to be the initial attack in an ongoing malvertising campaign on Nov. 12. During the course of discovery, Confiant blocked over 5 million malvertising impressions on the Google Play store meant to impersonate legitimate app downloads.
Because the ads were served in a top-tier exchange, more than 300 million bad impressions were served to publishers in just over a 48-hour period, Dangu and Cohen Martin explained. By comparison, the Zirconium group, named by Confiant as 2017’s largest malvertising operation, created and operated 28 fake ad agencies to distribute malvertising campaigns and was responsible for 1 billion impressions over the course of a full year.
Malvertising can target specific companies, but this particular campaign went after iOS users and used two domains and two types of payloads.
“One family of landing pages was more focused on fake offers from Amazon gift cards and Walmart, in differing denominations and variations,” Dangu explained.
The scam is essentially a way for an attacker to retrieve user data and resell it. Users are often delivered to fraudulent landing pages where they are asked different types of marketing questions about things like their insurance or interest in electronics.
“The attacker is getting an affiliation share on these forms that get submitted, but you can never get out of this loop of forms,” Dangu explained. “Users could enter their data forever until they finally realize it’s a waste of time and they aren’t getting an iPhone for a dollar.”
Because malicious actors have become increasingly sophisticated, the fraudulent landing pages they use appear legitimate.
“They are exploiting the user’s trust by creating malicious landing pages that adopt the same color scheme as Facebook or Google, for example. It’s important for users to make sure they are where they think they are and check the full URL address,” Cohen Martin said.
In monitoring malicious traffic over the last year, Confiant saw one major change from the previous years that saw surges in malware and malvertising campaigns on browsers.
“Mobile is used more and more,” Dangu said. “Attackers are targeting more mobile through scam approaches, which is disturbing for publishers.”
In one case, ads were redirecting users to get them to subscribe to adult dating sites, and the cybercriminals were getting a cut on those subscriptions. Mobile sites tend to have more ads, and because of that density, it is more difficult to identify a scam.
“Because of the nature of business, the ads are being digitally placed there, and it is hard to get 100 percent visibility into what is going on,” said Dangu. “Service providers and exchanges need to do their part to prevent these types of risks from being available.”
Given the evolution of scammer’s methods, it’s important to remember that if a deal seems too good to be true, it probably is.
“Consumers should be wary of deals and go directly to sites they trust,” said Mike Bittner, digital security and operations manager of The Media Trust.
Bittner also emphasized the responsibility of brands to identify all the code executing on their websites and mobile apps.
“Chances are high that online companies only know a small fraction of the 50–95 percent of code in their digital assets provided by third parties,” he said.
Security leaders can help protect their employees by integrating a holiday retail scam identification practice into their regular security awareness training program. They can also defend networks by deploying artificial intelligence-enabled software to flag anomalous behaviors that could potentially represent a breach.
Consumers have a choice when visiting e-commerce sites. Although it’s advisable to rely on trusted, reputable brands with strong ratings, cybercriminals are eager to exploit that trust by visually replicating those very brands. Staying cautious and fully aware of your online navigations will help you to remain safe during the holiday season and all year long.
The post ‘Tis the Season for Spreading Ad Malware appeared first on Security Intelligence.
This post appeared first on Security Intelligence
Author: Kacy Zurkus
Moscow’s first ever cable car system was forced to shut down within two hours after the launch. Cybercriminals hacked into the cable car system and infected with ransomware. The cyber attack forced all the passengers to leave the cable car and the police reported that the cable car will no longer work. An unknown person […]
The post Moscow’s Cable Car System Hacked Within Two Hours After it Opened appeared first on GBHackers On Security.