On August 5th Black Hat participants gathered at the Mandalay Bay for the 2015 annual presentation of The Pwnie Awards. The Pwnie Awards began in 2007 and have honored the most magnificent achievements and failures of the information security industry ever since. The winners aren’t [yet] posted on the official pwnies website.
If you needed any more convincing as to just how big a deal the recently discovered Stagefright vulnerability is on Android devices, just take a look at how Google and Samsung are responding.
Over the last several weeks I’ve written about ransomware primarily as it relates to individual machines or mobile devices. There is another very sneaky variant of ransomware which you should be aware of. It’s specifically crafted to hold websites hostage. It’s called RansomWeb. It’s methodology is slow and diabolical, and I believe it’s out there silently working on websites today.
In my previous two posts How Does Ransomware Work? Part 1 and Part 2 I described the process ransomware goes through to get on your systems, encrypt your files, and collect your money. Like any malware, all of the steps in the process need to be successful in order for ransomware to work.
With every day that passes, more details of the activities of controversial spyware firm Hacking Team come to light, aided by the release of 400 GB of documents, source code and email archives from the hacked firm.
In part 1 I outlined how ransomware gets on your system in the first place. We saw that it operates in much the same manner as other malware: It needs a delivery system, a vulnerability to exploit, a payload to install, and a way to establish communications with a command & control (C&C) server.
Operation Pawn Storm is up to its dirty tricks again, this time with what is claimed to be the first new Java zero-day vulnerability in two years.
Another day, another breach. Ho Hum.
So it seemed when news first broke about the hack of the (in)famous Italian vulnerability research firm Hacking Team. Probably a case of hackers hacking back. No impact on most “regular” cybercitizens, right?
Au contraire, mon frère.
It seems that there were a few gems in the 400 GB data dump that was posted online,
Despite have rules and compliance regulations in place, Japan’s pension system has been hit by hackers who made off with over 1.2 million records containing personally identifiable information.
According to reports, staff weren’t obeying the rules – making it far too easy for criminals to access sensitive database records.
Let’s take a look at how ransomware works. In some stages of the operational cycle ransomware runs much like any other malware which may find its way onto your systems. In other stages ransomware has introduced completely new areas of operating for cybercriminals.
The first few stages of the ransomware cycle use the tried-and-true methods cybercriminals are accustomed to using.
1400 passengers are stranded at Poland’s busiest airport after what the airline describes as an “IT attack”.
But what actually happened in shrouded in mystery.
Let me paint a scene for you. You’re sitting at your desk between meetings. You’re working on a PowerPoint for a customer meeting tomorrow, and you’re waiting for an email back from a co-worker. You have another meeting in an hour, which gives you just enough time to hone this presentation. It’s been 15 well-crafted slides since you last saved.
It’s all very well having a bug bounty program, argues LinkedIn, but how is your organisation going to cope if it is bombarded with hundreds of meaningless and useless reports, that your security team cannot act upon?
In the pre-internet days, ransoms typically involved only prominent, wealthy people and their families. Kidnapping people for ransom is mostly a thing of the past nowadays. It’s an old-fashioned crime. You can’t really get away with it anymore.
Kidnapping files, however, is rapidly becoming more popular. Intel/McAfee reports a 155% rise in ransomware in Q4 of 2014,
Good news for privacy.
The US government’s CIO has officially announced that all .gov websites must be only available via encrypted HTTPS connections by the end of 2016.