Weekly Tech Roundup: January 16

Weekly Tech Roundup: January 16

Security was a major theme throughout this week’s news cycle.

Malicious ransomware attacks increased and their tactics continued to evolve; predictions cast a gloomy outlook on the state of cybersecurity, projecting that data will become increasingly vulnerable as the year continued; and new cybersecurity innovations were set in motion in the hopes of protecting data across many different sectors.

The week was full of tech headlines, but we handpicked some stories we thought might be interesting to you. What did you miss?

McAfee Labs releases 2017 Threat Report

McAfee Labs came out with their 2017 Threat Predictions report, which details the increase in cyberattacks that will plague the digital world in the new year and inevitably shape the future of data protection and data storage.

Cloud service providers will become primary targets in 2017, and Internet of Things (IoT) devices like smart thermostats and security cameras will increase data vulnerability. These devices will become another primary target of ransomware, but it’s unclear how future attacks will evolve.

It is obvious, however, that these IoT devices will decrease consumer privacy as they become gateways for more attacks on complex infrastructures. This report shows that the next step in IoT hacking could very likely be the hacking of control panes and servers that are connected to these devices, as opposed to the device itself.

The report predicts that IoT hacking will become more frequent not only because more and more people will be using them, but because manufacturers will continue to create these devices without properly securing them.

The 57-page report indicates that from these attacks, the primary piece of data obtained will be credential information like usernames and passwords. Hackers will continue gaining access to this data by trying to move up or down the stack to increase their privileges, exploit a vulnerability, or gain access to data or applications.

Manufacturers and consumers will need to increase security measures and take data protection into their own hands.

MongoDB ransomware spikes

MongoDB servers are under major attack.

In two days, the number of hijacked MongoDB servers jumped from 10,500 to 28,200, according to Bleeping Computer. In one week, the number of attacks increased by 26,200. The ransomware group behind the majority of these attacks is known as Kraken.

The devices using MongoDB servers are particularly vulnerable, and more than 12 groups are currently launching attacks on these IoT devices. Their method of attack isn’t new: they steal their victims’ data and leave behind a message to their victims demanding a ransom.

Research is showing, however, that many of these groups have begun deleting this data immediately as opposed to storing it.

The attacks began over Christmas, but it wasn’t until last week that they exploded, the Kraken group having found a lucrative target in these extremely vulnerable devices. But due to the influx of attackers, and the rivalry occurring, data began disappearing. These groups were hacking into each other, leaving messages and altering code. Because of this, the data stolen from one group was deleted and altered by another.

This has led to victims paying the wrong group for their stolen data, or paying the right group but never actually getting their data returned. In a week’s time, Kraken had racked up nearly 70 ransom payments paid via Bitcoin.

This vulnerability in MongoDB servers highlights a major concern in the data protection and security of connected devices. Users of MongoDB servers should install the latest patches and be sure to back up their data. If your business data is stolen, integrated disaster recovery strategies can make sure that you aren’t losing time, money and resources getting your systems up and running again.

RELATED: What is Ransomware?

Europe proposing expansion of rules governing personal data

The European Commission has proposed new rules on personal telecom data.

According to TechCrunch, the proposal will give the commission more power and reach over email and mobile messaging data. This expansion means that companies like Google, Apple, Facebook and WhatsApp will have to begin handing over more data.

There is still some tension between electronic communication providers and telecommunication networks due to the unequally strict data protection laws.

These proposals, however, will make these gaps smaller, giving telcos access to data collected by communication providers for research. Even with these regulations, however, users still have the right to refuse to have their data collected.

The new proposals will also give user more control over “cookies” companies collect. Users will be able to accept or decline cookie tracking and to alter cookie settings.

One of the main aims of these proposals is to make the EU’s General Data Protection Regulation, which aims to protect user privacy, more universal when it comes into play in 2018, which is when these regulations are expected to be enforced.

Netflix phishing campaign uncovered and defunct

A phishing campaign targeting Netflix users has recently been shut down, according to Threatpost.

The campaign lured Netflix users into providing their account details and personal information. It began with a very official-looking email that informed customers that Netflix needed updated account details.

Once they were brought to the login page, users were asked for their username and password. After, they were asked for their name, birthday, address, and Visa information. They were also asked for their social security number.

This information was then routed to the attacker via a PHP mail utility.

“By obfuscating the webpage, attackers try to deceive text-based classifiers and prevent them from inspecting webpage content. This technique employs two files, a PHP and a JavaScript file that have functions to encrypt and decrypt input strings. The PHP file is used to encrypt the webpages at the server side; at the client side, the encrypted content is decoded using a defined function in the JavaScript file,” said Mohammed Mohsin Dalla, the researcher who uncovered the campaign.

This way of evading detection makes this phishing attempt particularly devious compared to previous campaigns. With cybercriminals getting sneakier, it’s important that users become more aware of the information they give out. Make sure you always have a backup of your data, and beware of fishy emails, links and webpages—it could save your digital life.

Blockchain research could be the future of the health sector

IBM Watson and the U.S. Food and Drug Administration are working together towards a future that includes blockchain.

The two signed a research initiative that will work out how to use blockchain technology to communicate health data. According to the press release, the two organizations will be testing the exchange of data from electronic medical records, clinical trials, genomic data and health data collected from mobile devices, wearables and other IoT devices.

This research hopes to make accessing and sharing patient health data easier and more efficient. The resulting freedom and transparency will open the door to major medical advancements.

The initiative is turning to blockchain due to its transparent chain of transactions that can be followed and recorded. This way data can be seen as unchanged, and accountability can be taken at every stage of the data storage process, ensuring maximum data protection.

"The healthcare industry is undergoing significant changes due to the vast amounts of disparate data being generated. Blockchain technology provides a highly secure, decentralized framework for data sharing that will accelerate innovation throughout the industry," said IBM Watson Health Innovations Vice President and Chief Science Officer Shahram Ebadollahi.

This research will last two years, with the first round of results expected to be published later this year.

RELATED: What Is Blockchain and What Does It Mean for Data Protection?