Weekly Tech Roundup — March 6

With malware transformations, cloud service outages, and data loss making headlines last week, it’s important that we take a step back and look at our own computer habits. New techniques give cybercriminals the ability to hack into our PCs, smartphones and IoT devices. Innovations also let them hack into our financial institutions. Are you sure that your data is safe? Find out what could put it in harm’s way.

Your child’s toys could be leaking important information.

More than 2 million voice messages and personal data from over 800,000 registered users was hacked and leaked online, Threatpost reports. The attack on MongoDB servers exposed voice messages sent and received through CloudPets, an internet-connected stuffed animal.

Spiral Toys, the parent company of CloudPets, released a statement deflecting blame and calling the hack a “minimal issue” as information could only be obtained if hackers were able to bypass user passwords. The statement, however, failed to mention how easy it would be to do so, as the toy had minimal password requirements.

Documented but unpatched vulnerabilities in the popular MongoDB server platform have left it susceptible to attack. The toy company was notified in December and January about these attacks, but failed to do much about it.

Later investigation into the breach showed that multiple parties got their hands on these recorded messages and downloaded them.

“I hope that Spiral Toys does what is in the best interests of their customers and that is to inform them about this breach and give a good and solid advice what to do (remind them about weak passwords or password reuse). Transparency and being helpful should be your highest priority when you deal with sensitive data leaks as these,” said GDI Foundation Chairman Victor Gevers who has been exposing this vulnerability.

A cloud outage last week caused major problems across the web.

Amazon Web Services, the world’s largest provider of internet-based computing services, suffered a seemingly-catastrophic outage last week along the eastern U.S., according to the AP. The outage affected websites throughout the day on Tuesday.

Most websites were still up and running, but thousands had service trouble. Some of the websites that were down completely included Trello, Scribd and IFTTT.

The problems began early Tuesday afternoon, when a Virginia-based S3 region began experiencing “increased error rates.” Amazon released a statement later that day, saying that they were still working on the problem.  For those who don’t know, Amazon S3 stores data for companies on remote servers. It’s also used for building websites, creating apps, and storing company transactions.

The issue was eventually diagnosed as the result of human error traceable to a single typo made by an S3 IT team member during a debugging session of its billing systems. The problems were resolved by Tuesday night, all websites fully functioning and back to normal operations.

The United Kingdom’s National Health Service (NHS) is in hot water after temporarily losing years’ worth of patient data.

Over a five year period, the NHS lost over 500,000 test results and letters, according to the Guardian. Ministers and hospital officials have taken to parliament to discuss the data loss, and a review is currently in place to decipher whether or not the data lost between 2011 and 2016 had led to the death of any patients. The data was stored in a warehouse, and over the five-year period, massive amounts of data failed to reach intended recipients.

The permanent secretary at the Department of Health Chris Wormald told the British Parliament that they are currently investigating 537 “live cases.”

“Over half a million patients’ data – including blood tests results, cancer screening results, biopsy results, even correspondence relating to cases of child protection – all undelivered. They were languishing in a warehouse on the secretary of state’s watch,” said shadow health secretary Jonathan Ashworth.

No harm to patients has yet to be confirmed.

This brings to light the importance of data protection—had the NHS been properly storing and protecting their data electronically on storage devices or in the cloud, they’d be able to account for the data.

Financial institutions are in for even more stress now that an old Trojan has gotten a makeover.

The Dridex Trojan got an upgrade: a code injection feature called AtomBombing that helps the malware evade detection by traditional anti-virus programs, according to ZDNet. This is the first instance of a financial Trojan utilizing this advanced technique.

Dridex is the most well-known of trojans affecting European banking institutions, but many fear that other cybercriminals will adopt these advanced capabilities. As it is, Dridex is infamous because of its ability to infect PCs with malicious macros. Once these systems are compromised, the malware steals credentials and financial data. The trojan first burst onto the scene in 2014 in the UK.

AtomBombing was first spotted in October, storing malicious code in Windows atom tables, where it evades traditional endpoint security detection techniques. Currently, the Dridex Trojan only utilizes part of the AtomBombing capabilities.

"The release of a major version upgrade is a big deal for any software, and the same goes for malware. The significance of this upgrade is that Dridex continues to evolve in sophistication, investing in further efforts to evade security and enhance its capabilities to enable financial fraud,” IBM reports.

The world’s largest spam botnet—Necurs—is upping its game, advancing its tactics and gearing up for a major attack.  According to Dark Reading, researchers discovered the botnet loading DDoS capabilities beginning 6 months ago, making data protection an even bigger priority for consumers and business alike.

An in-depth investigation into this botnet showed that systems infected with this botnet were requesting two separate module downloads—one for spam distribution and the other for a proxy module that would make HTTP or UDP requests to target systems.

There are about 1 million active infected systems on any given day. In total, researchers estimate that there are upwards of 5 million systems infected by the Necurs botnet.

"Simply taking into account its size—more than double the size of Mirai—we would expect it to produce a very powerful DDoS attack,” says Anubus Labs intelligence researcher Tiago Pereira.

Researchers believe a DDoS attack is imminent, especially as this botnet has been used to deliver Locky ransomware and the Dridex Trojan in the past. Past victims know the extent to which this botnet can wreak havoc.

“It seems likely that this is either a test module, or something to be used in a 'doomsday scenario' – for example when the botnet operators need it for a very good reason - not just as a normal DDoS-for-hire campaign," Ben Herzberg, a security group research manager at Imperva, believes.