Weekly Tech Roundup: January 23
With much of the news revolving around the inauguration of President Donald Trump, it might have been easy to miss the revelations in the world of cybersecurity. A number of new, and old, malware variants were exposed, and the tech world began doing more to protect themselves against attack. With these revelations came new products ready to fight against ransomware, putting data protection at the forefront of cybersecurity.
The headlines were endless, but we made it our mission to gather the most relevant and most intriguing, topics of discussion. What did you miss?
New ransomware offers payment plans to victims
Ransomware is getting more and more innovative; it’s almost hard to keep up.
A ransomware variant named Spora is making the rounds, bringing with it a variety of new features like the ability to work offline and a sophisticated payment website, according to Bleeping Computer. These innovations are making many think twice about their data protection capabilities.
Spora is being distributed through spam emails that mask themselves as invoices. The attachments hold the malicious ransomware. Once these files are opened, the encryption process begins. It’s all about disaster recovery from here.
This specific variant doesn’t encrypt all files, just the ones with certain extensions that indicate likely usefulness or business value, like .xls, .doc, .pdf and .backup. Once these files are encrypted, there is no way to get them back other than to follow through with the strange payment plan.
Victims are forced to log in and sync their computer to an online portal. They are then offered a number of options to decrypt their data:
- Decrypt your files (currently $79)
- Buy immunity from future Spora infections (currently $50)
- Remove all Spora-related files after paying the ransom (currently $20)
- Restore a file (currently $30)
- Restore two files for free
For now, Spora is only attacking Russian users. But that doesn’t mean it doesn’t have its sights set on expanding. In the meantime, users should ensure that their data is protected by conducting routine computer backups.
Data breaches rise 40% in 2016
In 2016, U.S. data breaches reached an all-time high of 1,093 breaches: a 40 percent increase from 2015.
“With support from CyberScout, the ITRC has been able to heighten its efforts in tracking breaches nationwide by seeking out information on breach incidents through direct contact with numerous states’ attorney general offices as well as by submitting Freedom of Information Act requests. For the past 10 years, the ITRC has been aware of the under-reporting of data breach incidents on the national level and the need for more state or federal agencies to make breach notifications more publicly available. This year we have seen a number of states take this step by making data breach notifications public on their websites. The ITRC Data Breach Report 2016 now includes information from more than a dozen state agencies,” said Eva Velasquez, President and CEO, ITRC.
The report went on to break down the five industry sectors hit by data breaches. In the lead was the business sector, with 494 reported incidents, followed by the healthcare and medical industry with 377 incidents, the education sector with 99 incidents, the government with 72, and the financial sector with 52. The leading causes for these breaches, accounting for 55.5 percent of attacks, were hacking, skimming or phishing attacks.
Mac malware found hacking medical research
Previously undetected Mac malware has been making the rounds for years, but was only recently uncovered, according to Malwarebytes. It was detected by an IT administrator at Malwarebytes. The malware, called Fruitfly, is designed to take screen shots, hack into a Mac’s webcam, and give hackers remote access to the mouse. It was also found to work with Linux.
Further investigation led these researchers to the conclusion that this malware has been circulating since at least October 2014. They found certain updates that indicate a change was made when Yosemite (Apple OSX release 10.10) was released.
But it’s not just how long this malware went undetected that is troubling, it’s the material and data it was stealing that is causing some concern. It’s believed that Fruitfly was being used for espionage, the malware targeting biomedical research institutions. Since its detection, Apple has released an update to protect against further Fruitfly infections.
RELATED: What is Ransomware?
Innovative Gmail phishing campaign bypasses 2FA
Phishing campaigns have always been popular, but new techniques are making a new Gmail phishing campaign nearly unstoppable: it bypasses two-factor authentication in real-time scenarios, according to Tech Target.
It is gaining access to users’ data by tricking Google Chrome into formatting its URL to mimic the Gmail login. The page itself looks authentic, and users see the string “account.google.com” in the URL line. The link is not coded with a green or red HTTP link, however, so the phishing campaign is not completely foolproof.
"They see ordinary black text. That is why this attack is so effective. In user interface design and in human perception, elements that are connected by uniform visual properties are perceived as being more related than elements that are not connected. In this case the 'data:text/html' and the trusted hostname are the same color. That suggests to our perception that they're related and the ‘data:text/html' part either doesn't matter or can be trusted,” said Mark Maunder, founder and CEO of Wordfence.
Google is aware of these hacking attempts, and has since begun increasing security and strengthening its defenses. Google is urging people to activate two-step authentication for additional protection, but there have been reports that even this hasn’t stopped the hacks.
Some attacks appear to include two-factor authentication coding for real-time credential hacking. But experts say this isn’t exactly new, though it is quite rare.
"It does require a significant investment on the attacker's side to be able to take advantage of the incredibly small window of opportunity to get into an account before the [time-based one-time password] code expires. Thankfully this isn't all that common—although if attackers do manage to gain significant profit, they will adjust and adapt,” said Absolute Software global security strategist Richard Henderson.