Articles for October 2017

Updated: Organisations in Russia, Ukraine and other countries have fallen victim to what are thought to be a new variant of ransomware.

Source: Bad Rabbit ransomware: A new variant of Petya is spreading, warn researchers | ZDNet

Just a year after Mirai—biggest IoT-based malware that caused vast Internet outages by launching massive DDoS attacks—completed its first anniversary, security researchers are now warning of a brand new rapidly growing IoT botnet.

Dubbed ‘IoT_reaper,’ first spotted in September by researchers at firm Qihoo 360, the new malware no longer depends on cracking weak passwords; instead, it exploits vulnerabilities in various IoT devices and enslaves them into a botnet network.

Read more here.

Remember NotPetya?

The Ransomware that shut down thousands of businesses, organisations and banks in Ukraine as well as different parts of Europe in June this year.

Now, Ukrainian government authorities are once again warning its citizens to brace themselves for next wave of “large-scale” NotPetya-like cyber attack.

According to a press release published Thursday by the Secret Service of Ukraine (SBU), the next major cyber attack could take place between October 13 and 17 when Ukraine celebrates Defender of Ukraine Day (in Ukrainian: День захисника України, Den’ zakhysnyka Ukrayiny).

Authorities warn the cyber attack can once again be conducted through a malicious software update against state government institutions and private companies.

Read more here.

We don’t really know the pain and cost of a downtime event unless we are directly touched.

Be it a flood, electrical failure, ransomware attack or other broad geographic events; we don’t know what it is really like to have to restore IT infrastructure unless we have had to do it ourselves.

We look at other people’s backup and recovery issues and hope we are smarter or clever enough to keep it from happening to us.

Recovery from a downtime event includes inconvenience, extra work, embarrassment and yes, real pain.

A ransomware attack is a good example.

Unitrends—an American company specialised in backup and business continuity solutions—recently shared with us a real cyber-attack incident happened with one of their customers to describe the required steps they took to recover functionality following a CryptoLocker attack against a US city.

Also, how it cost city’s Governance team days of production and hundreds of man-hours to recover.

Read more here.

If you are reading this on my site… you better not fall for it!!

Data hungry malware tries to hook you with bogus forms and fake PDFs.

Source: These fake tax documents spread jRAT malware | ZDNet

Your IT team will thank you for reading it!

Source: 5 security mistakes your IT team wish you wouldn’t make

PureVPN shared logs that it said it wasn’t storing or making… hmm… who else is doing the same thing?!

FBI recently arrested a psycho cyber stalker with the help of a popular VPN service and this case apparently exposed the company’s lies about the “no logs” policy.

Taking down cyber stalkers and criminals is definitely a good thing, and the FBI has truly done a great job, but the VPN company whose first line of the privacy policy is—“We Do Not monitor user activity nor do we keep any logs”—has literally betrayed its customer’s trust.

It’s no secret that most VPN services—which claim to shield your Internet traffic from prying eyes, assuring you to surf the web anonymously—are not as secure as they claim.

In this post-Snowden era, a majority of VPN providers promise that their service is anonymous, with no log policy, but honestly, there is no way you can verify this.

Read more here.

If you are an iPhone user and use Uber app, you would be surprised to know that widely popular ride-hailing app can record your screen secretly.

Security researcher Will Strafach recently revealed that Apple selectively grants (what’s known as an “entitlement“) Uber a powerful ability to use the newly introduced screen-recording API with intent to improve the performance of the Uber app on Apple Watch.

The screen-recording API allows the Uber app to record user’s screen information even when the app is closed, giving Uber access to all the personal information passing through an iPhone screen.

Read more here.

It seems sophisticated hackers have changed the way they conduct targeted cyber operations—instead of investing in zero-days and developing their malware; some hacking groups have now started using ready-made malware just like script kiddies.

Possibly, this could be a smart move for state-sponsored hackers to avoid being attributed easily.

Security researchers from multiple security firms, including Arbor Networks and FireEye, independently discovered a series of malware campaigns primarily targeting aerospace, defence contractors and manufacturing sectors in various countries, including the United States, Thailand, South Korea and India.

Read more here.

FormBook malware advertises an ‘extensive and powerful internet monitoring experience’ for a relatively low-cost – allowing even low level attackers to distribute stealthy malware.

Source: This cheap and nasty malware wants to steal your data | ZDNet