cybersecurity ransomware

ClickSSL Monthly InfoSec Snipper June 26, 2017

This entry is part 153 of 155 in the series Weekly Infosec Snipper

Trojans Are Still Dominating Financial World, Says ISTR

According to Internet Security Threat Report (ISTR), Trojans are still dominating financial world and carries equal importance to ransomware. However, these financial threats are getting less attention compare to ransomware but if we look at ratio, they are 2.5 times bigger than ransomware. There was drastic reduction in financial threat ratio due to early detection and more focus on attacks. Nevertheless, cyber criminals are still hoping profit from such threats. Ramnit, Bebloh (Trojan.Bebloh), and Zeus (Trojan.Zbot) threat families ruled over the world in last 2016 year.

The University College London (UCL) Faced Ransomware Attack

The University College London (UCL) faced ransomware attack that reached to its network and affected personal and shared devices. The official announced that the antivirus failed to detect the attack and it was zero day vulnerability. Moreover, the university has passed infection details to antivirus supplier. The windows systems were not updated against SMB vulnerability that Microsoft patched earlier. The backup is now restored and the drives that infected with ransomware are now cleaned.

Honda Company Stopped Production Due To WannaCry Ransomware

Honda Company in Japan has stopped its production after finding WannaCry ransomware in its networks. Honda has hold its activities in the Sayama plant in northwest of Tokyo. WannaCry ransomware has affected its networks across several countries like Japan, North America, Europe, and China. The plant has daily output of 1000 vehicles including models like Accord sedan, Odyssey Minivan. It is not clear that why ransomware was there in networks after its discovery.

Google Improved Anti-Phishing Protection For Gmail Security

Google is improving its Gmail security by adding several features by machine learning technique. It will detect more spam emails with 99% accuracy and thereby users will have sensitive filter for spam emails. Company has also improved defense against malicious attachments and implemented click-time warning regarding malicious links. G Suite users will have warning between the address bar and text box if you are responding to outside emails sent that is not in your contact list.

Phishing Rate Is All Time High in Symantec’s Intelligence Report

Symantec is ready with its intelligence report that indicates about eruption of Wannacry and rise in phishing attack. The overall blocked attacks rose to 22%, which is highest ratio since November 2015. If we look at exploit kit then RIG toolkit stood at 28.4% points compare to 29.5% in April 2017. Now coming to Malware then we can see a new rise of malware variants that measured at 76.7 million in this month. The spam was down by 0.1% whereas phishing rate was recorded at high in overall this 2017 year.

Symantec SSL Certificate

AV-TEST Revealed About Best Android Antivirus Products

AV-TEST- a security institute carried out research on best android antivirus and total 7 (seven) antivirus products claimed highest points in terms of usability and performance. The top antivirus products are Tencent, Symantec, Sophos, G Data, Cheetah, Bitdefender, and Antiy. AV-TEST advised users to download applications from trusted sources. Besides these antiviruses, ESET and Kaspersky have also scored well like 99.8% for detection rate in real world testing and 99.9% overall detection rate. Chinese firm Droid-X 3 got lowest score or 94.8% in overall detection rate.

Xavier Malware Is Hitting Android Apps In Google Play Store

Android is again in news due to data stealing apps. As per Trend Micro research, around 800 apps in Google Play Store steal users’ data. All apps are infected with Xavier type of malware and it comes with many free apps like photo editors, wallpapers. Xavier malware already comes preinstalled in these type of free apps which have already recorded millions of downloads. Xavier has upgraded now its capabilities and can communicate with remote server and download extra payloads on affected device.

Samsung By Mistake Made Millions Of Phones At Risk

Samsung forgot to renew domain that was accessed by some of its users in the background. The domain named ssuggest.com was assigned to an app called S Suggest that recommends users about potential apps based on their current apps. The company shut down S Suggest app but left the domain to be expired and never renewed it. Meanwhile devices tried to connect to ssuggest.com and hackers would get this opportunity to hack million devices. However, security researcher warned Samsung about this issue. According to findings, there were 620 million connections from 2.1 M devices were trying to get content from that expired domain.

OneLogin Suffered Data Breach

OneLogin suffered a huge data breach as the hacker accessed set of AWS keys and used them to access API. The attack started on May 31, 2017, around 2AM PST and survived until 9AM PST. The authority stated that attacker accessed database that contains information about users, apps, and various key types. The data was encrypted and the company is not sure whether the attacker has decrypted it or not.

The US Republican Party Contractor Misconfigured Voters’ Database

The contractor of the US Republican Party has misconfigured the voters’ database as a result, more than 198M voters’ personal details were exposed. Security Company UpGuard revealed that 62% of database was available at Amazon cloud server. Deep Root Analytics, Targetpoint Consulting and Data Trust were managing voters’ database. The exposed data included name, addresses, phone number, DOB, voter registration status, political views. Deep Root Analytics assured that no hacking incident has been found and the data is no available on Amazon Web Services S3 bucket.

Buckle Inc. Suffered From Credit Card Breach

Buckle Inc. suffered data breach and point-of-sale malware was found on cash registers. The company has more than 450 stores in US states and on Friday, the company revealed about the affected retail locations with a malware that tried to steal credit card data. However, an online sale was not affected with this breach. The company has set investigation team and third party forensic experts to secure the affected system. Nevertheless, hackers clone the cards with malware infection and captured data from the magnetic stripe.

Series Navigation<< ClickSSL Monthly InfoSec Snipper May 29, 2017ClickSSL Monthly InfoSec Snipper July 27, 2017 >>