Week in review 22 December 2019 - ransomware changes, Christmas scams, Microsoft Office apps hit, predictions for 2020
Week in review 22 December 2019
Round up of the most significant open source stories of the last week
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Consulting would like to wish customers old and new a Very Happy Christmas and a happy, prosperous, and cyber safe, 2020
Christmas malware spreading fast: Protect yourself now
Holiday party invitations may infect your PC
It's time for ugly Christmas sweaters — and for ugly Christmas-themed malicious spam emails.
A new malspam campaign dumps an email in your inbox marked "Christmas Party," "Christmas Party next week," "Party menu," "Holiday schedule" or something similar. But the attached Word document delivers a lump of coal: the notorious Emotet Trojan malware.
"HAPPY HOLIDAYS," begins the email, as spotted by researchers. "I have attached the menu for the Christmas Party next week. If you would like bring something, look at the list and let me know.
"Don't forget to get your donations in for the money tree," the email adds. "Also, wear your tackiest/ugliest Christmas sweater to the party." Sometimes it adds, "Details in the attachment."
More here: https://www.tomsguide.com/news/ugly-christmas-emails-give-the-gift-of-malware
Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up
As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of quietly acquiescing to their tormentors.
The cyber criminals behind the Maze Ransomware strain erected a Web site on the public Internet, and it currently lists the company names and corresponding Web sites for eight victims of their malware that have declined to pay a ransom demand.
“Represented here companies dont wish to cooperate with us, and trying to hide our successful attack on their resources,” the site explains in broken English. “Wait for their databases and private papers here. Follow the news!”
Researchers were able to verify that at least one of the companies listed on the site indeed recently suffered from a Maze ransomware infestation that has not yet been reported in the news media.
The information disclosed for each Maze victim includes the initial date of infection, several stolen Microsoft Office, text and PDF files, the total volume of files allegedly exfiltrated from victims (measured in Gigabytes), as well as the IP addresses and machine names of the servers infected by Maze.
As shocking as this new development may be to some, it’s not like the bad guys haven’t warned us this was coming.
Read the full article here: https://securityboulevard.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/
Ransomware: The number of victims paying up is on the rise, and that's bad news
The number of organisations that are giving into the extortion demands of cyber criminals after falling victim to ransomware attacks has more than doubled this year.
A rise in the number of ransomware attacks in the past year has contributed to to the increased number of organisations opting to pay a ransom for the safe return of networks locked down by file-encrypting malware.
That's according to figures in the newly released 2019 CrowdStrike Global; Security Attitude Survey, which said the total number of organisations around the world that pay the ransom after falling victim to a supply-chain attack has more than doubled from 14% of victims to 39% of those affected.
In the UK specifically, the number of organisations that have experienced a ransomware attack and paid the demanded price for the decryption key stands at 28% – double the 14% figure of the previous year.
Read the full article here: https://www.zdnet.com/article/ransomware-the-number-of-victims-paying-up-is-on-the-rise-and-thats-bad-news/
Microsoft Office apps hit with more cyber attacks than ever
New reports have claimed Microsoft Office was the most commonly exploited application worldwide as of the the third quarter of this year.
Researchers found that Microsoft Office solutions and applications were the target of exactly 72.85 percent of cyber exploits this year according to the firm's research.
However, cyber criminals also targeted web browsers with 13.47 percent of the total number of exploits, Android (9.09 percent), Java (2.36 percent), and Adobe Flash (1.57 percent).
Read the full article here: https://www.techradar.com/uk/news/microsoft-office-apps-hit-with-more-cyberattacks-than-ever
Inconsistent password advice could increase risk of cyber attacks
New research suggests that ‘inconsistent and misleading’ password meters seen on various websites could increase the risk of cyber attacks.
The study, led by researchers at the University of Plymouth, investigated the effectiveness of 16 password meters that people are likely to use or encounter on a regular basis.
It tested 16 passwords against the various meters, with 10 of them being ranked among the world’s most commonly used passwords (including ‘password’ and ‘123456’).
Of the 10 explicitly weak passwords, only five of them were consistently scored as such by all the password meters, while ‘Password1!’ performed far better than it should do and was even rated strongly by three of the meters.
However, the team at Plymouth said one positive finding was that a browser-generated password was consistently rated strong, meaning users can seemingly trust these features to do a good job.
Cyber security predictions for 2020: 45 industry experts have their say
Cyber security is a fast-moving industry, and with a new decade dawning, the next year promises new challenges for enterprises, security professionals and workers. But what predictions do experts have for cybersecurity in 2020?
Verdict.co.uk heard from 45 experts across the field of cybersecurity about their predictions for 2020, from new methods and targets to changing regulation and business practices.
Read the full list of predictions here: https://www.verdict.co.uk/cybersecurity-predictions-2020/
This ‘grab-bag’ hacking attack drops six different types of malware in one go
'Hornet's Nest' campaign delivers a variety of malware that could create a nightmare for organisations that fall victim to attacks, warn researchers.
A high-volume hacking campaign is targeting organisations around the world with attacks that deliver a 'grab-bag' of malware that includes information-stealing trojans, a remote backdoor, a cryptojacker and a cryptocurrency stealer.
Uncovered by researchers at Deep Instinct, the combination of the volume of attacks with the number of different malware families has led to the campaign being named 'Hornet's Nest'.
The attacks are suspected to be offered as part of a cybercrime-as-a-service operation with those behind the initial dropper, which researchers have dubbed Legion Loader, leasing out their services to other criminals.
Clues in the code point to the Legion Loader being written by a Russian-speaker – and researchers note that the malware is still being worked on and updated. Attacks using the loader appear to be focused on targets in the United States and Europe.
Read the full article here: https://www.zdnet.com/article/this-grab-bag-hacking-attack-drops-six-different-types-of-malware-in-one-go/
Tiny band of fraud police left to deal with third of all crime
Only one in 200 police officers is dedicated to investigating fraud despite it accounting for more than a third of all crimes, The Times revealed.
Most forces have less than half of 1 per cent of their officers allocated to fraud cases and some have none at all, according to figures disclosed under the Freedom of Information Act. In some areas the number of officers tackling fraud has fallen significantly.
Amid a surge in online and cold-calling scams, there were 3.8 million incidents of fraud last year, more than a third of all crimes in England and Wales. Victims are increasingly targeted online and can lose their life savings. However, as few as one in 50 fraud reports leads to a “judicial outcome” such as a suspect being charged.
Last night police bosses said the failure to investigate the cases was due to budget cuts and “poor government direction” and the situation had become a national emergency. Boris Johnson has pledged to “make the streets safer” by recruiting an extra 20,000 police officers but there are concerns that victims of fraud will continue to be failed.
Read the original article here: https://www.thetimes.co.uk/article/less-than-1-of-police-officers-target-fraud-kf6d37qfz
IT worker with a grudge jailed for cyber attack that shut down network for 12 hours
A contractor with a grudge over the handling of an incident in Benidrom has been jailed for carrying out a revenge cyber attack. Scott Burns, 27, was unhappy with the way a disciplinary matter against him by Jet2 was dealt with so decided to cause harm. The attack led to the company’s computer network being shut down for 12 hours and it was only thanks to a fast-thinking colleague that a ‘complete disaster’ was avoided. Burns’s attack cost the company £165,000 in lost business, Leeds Crown Court was told. Jailing Burns for 10 months, Judge Andrew Stubbs QC heard how the motive was revenge because Burns was unhappy about how Jet2 dealt with a disciplinary matter against him relating to an incident at a ‘roadshow in Benidorm’ in 2017. No further details of the incident were outlined in court.
Read more here: https://metro.co.uk/2019/12/20/worker-grudge-jailed-cyber-attack-shut-network-12-hours-11937687/
30 years of ransomware: How one bizarre attack laid the foundations for the malware taking over the world
In December 1989 the world was introduced to the first ever ransomware - and 30 years later ransomware attacks are now at crisis levels.
Ransomware has been one of the most prolific cyber threats facing the world throughout 2019, and it's unlikely to stop being a menace any time soon.
Organisations from businesses and schools to entire city administrations have fallen victim to network-encrypting malware attacks that are now demanding hundreds of thousands of dollars in bitcoin or other cryptocurrency for the safe return of the files.
While law enforcement recommends that victims don't give into the demands of cyber criminals and pay the ransom, many opt to pay hundreds of thousands of dollars because they view it as the quickest and easiest means of restoring their network. That means some of the criminal groups operating ransomware campaigns in 2019 are making millions of dollars.
But what is now one of the major cyber scourges in the world today started with much more humble origins in December 1989 with a campaign by one man that would ultimately influence some of the biggest cyber attacks in the world thirty years later.
The first instance of what we now know as ransomware was called the AIDS Trojan because of who it was targeting – delegates who'd attended the World Health Organization AIDS conference in Stockholm in 1989.
Attendees were sent floppy discs containing malicious code that installed itself onto MS-DOS systems and counted the number of the times the machine was booted. When the machine was booted for the 90th time, the trojan hid all the directories and encrypted the names of all the files on the drive, making it unusable.
Victims saw instead a note claiming to be from 'PC Cyborg Corporation' which said their software lease had expired and that they needed to send $189 by post to an address in Panama in order to regain access to their system.
It was a ransom demand for payment in order for the victim to regain access to their computer.
Read the full article here: https://www.zdnet.com/article/30-years-of-ransomware-how-one-bizarre-attack-laid-the-foundations-for-the-malware-taking-over-the-world/