Symantec’s Report is Out: Wow…Just Wow

Symantec’s 2018 Internet Security Threat Report (ISTR) came out today and it’s a doozy. Symantec has over 125+ million sensors scattered around the world, recording thousands of threat events every second of every day. Needless to say, we think it’s worth paying attention to the ISTR. A few highlight this year are:

  • IoT attacks increased by 600% increase in IoT attacks.
  • Cryptojacking explodes by 8,500%, stealing resources and increasing vulnerability.
  • Ransomware has become a commodity hack with an increasing number of malware variants and lower prices demanded by the attacker.
  • Malware implants in the software supply chain grow by 200%
  • Mobile malware variants increase by 54%.

Bottom line, the bad guys are getting more organized and cyberthreats are getting more serious. Our job has never been more important. For more details and to read the full report, click here. 

Facebook’s Terrible, Horrible, No Good, Very Bad Month

We think it’s safe to say Mark Zuckerberg has a had a bad couple of weeks. In case you missed it, Facebook came under fire for the way it allowed third party consulting and data firm, Cambridge Analytica, to mishandle customer information. Things got so bad that Zuckerberg himself appeared in several interviews, penned an apology letter in major US papers, and has been called to testify in front of congress. If Facebook hoped the worst was over…it wasn’t.

Facebook dropped another bombshell on its users last week by admitting that all of its 2.2 billion users should assume malicious third-party scrapers may have accessed their public profile information. Turns out that the bad guys used automated bots to “scrape” data from user accounts. That search feature is now disabled, but it may not be enough to mitigate the massive privacy and data breach. As of Friday, shares of FB were down 14% for the week.

They’re Watching You

You know those “free” anti-virus apps? Yeah well, at least one of them is pretty much the exact opposite. The crack team at Cisco Talos have uncovered a new Android Trojan that disguises itself as an anti-virus application, called Naver Defender. Apparently this fake anti-virus software is really just a nasty piece of malware, dubbed “KevDroid”, and is capable of recording phone calls, gaining root access, and stealing web history, emails and call logs.

KevDroid even has the ability to record incoming and outgoing calls from the infected Android device. Though no group has taken credit for the malware, South Korean media have linked KevDroid with the North Korean hacking group “Group 123.” More info and recommendations about KevDroid here.
Here are a few tips to keep your smartphone safe from unwanted cyber-spies:

  • Only download verified apps
  • Install anti-virus and software only from a well-known companies
  • Get into a habit of backing up your phone.
  • Consider using an encryption application for sensitive data
  • Don’t open an email or attachment you aren’t expecting
  • Use a secure password to protect your device
  • Keep your software up to date

Atlanta Held Hostage

Where’s Liam Neeson when you need him? Not that the Taken movie star could do much in this case seeing as the crime is digital and instead of a person being held hostage, it’s the data of one of the biggest cities in America.

Last Thursday morning, city workers turned on their computers to find a ransom note and demand for $51,000 in bitcoin in exchange for the safe return of the city’s data. That left authorities scrambling and city’s computers that process payments and relay court information crippled or out of services altogether. The city is working with the Department of Homeland Security and the FBI as well as experts from Microsoft and Cisco to remedy the problem. No word on whether or not the ransom will be paid.

Having a good cybersecurity incident response program is fundamental to all organizations and should include how to deal with ransomware (and how to buy bitcoin). There are pros and cons to paying the ransom in a ransomware event and most people say you shouldn’t. This however, is not a technology decision and should be immediately pushed upstairs to the C-Suite.

A Bad Week to Be the Zuck

This is one of the few times we don’t envy being The Zuck. Last week, Facebook lost over $60 billion in market value. That’s more than Tesla’s entire market cap. Unless you’ve been on a digital vacation, you probably know that’s because the word got out that the personal data of over 50 million users (and counting) was taken and used by a British data firm Cambridge Analytica. A company that according to some, helped Donald Trump win the election.

The story broke when a 28-year old data scientist, Chris Wylie, blew the whistle on the social media giant, telling how poorly it handled people’s personal information. So how does the info get collected? Well, you know those annoying quizzes that pop up on your Facebook feed? “How will you look in your 80’s?” or “which celebrity do you look like?” Yup, those ones. And a lot more just like them. Once they gain access to your FB profile, just think of them as giant data harvesting machines.

Over the past few days people have been downloading copies of all the data Facebook has collected about them over the years and it’s fairly astonishing to say the least. Everything from your personal contacts list and your entire ‘friend’ history to every post you ever made and even your Android cell phone call history. So, not only did they lose a lot of market value, people in droves are deleting their Facebook accounts for perceived privacy issues.

As you can imagine, this caused a PR whirlwind for Facebook, ultimately leading Mark Zuckerberg to sitting for a rare interview and even a full-page apology letter in some of the nation’s leading newspapers.

Orbitz Isn’t Having a Holiday

Let’s just say it’s not exactly smooth sailing right now for the online travel and vacation booking company Orbitz. The subsidiary of Expedia revealed last week that one of its websites has been hacked, exposing credit card and personal info of nearly 900K customers. Talk about a bad vacation.

The incident occurred somewhere between October 2016 and December 2017 and the data pirates made away with critical customer information including full names, credit card information, dates of birth, phone numbers and addresses. There is a bright spot though since it’s been confirmed that social security information was not exposed. The company says it has reinforced its cybersecurity program and that customers of the current are safe.

Customers that bought travel during the affected dates are advised to monitor their credit card statements and report anything suspicious.

Skype Flaw Strikes Back

If you’re a Skype fan but you’re still running Windows 7 or older (seriously…time for an update) then this story matters to you. So, a bug in Microsoft’s video chat app has been detected which apparently can’t simply be patched. The flaw is going to require a bit of reengineering from Team Skype. Good news is that its only for the Windows 7 or older versions. Our takeaway? Update your ancient machine and Skype on!

Russian Bots vs. the Gun Debate

Guess what? Russian social media bots are at it again. Even after the big FBI reveal last week, their obviously isn’t enough fear of retribution to scare them off. Seems Russian bots on twitter began using the trending #Parklandshooting to spread false information and stoke tensions, attempting to sway Americans from rational thought and debate. Some bots claimed that the shooter searched for Arabic phrases on Google, while other bots used the hashtag #falseflag, implying that the United States had sponsored the attack to ultimately take guns away from Americans. The guys are getting smarter and programming the bots to fit certain patterns in their attempt to create doubt about the government, police, and media.

Welcome to the Cyber-Olympics

Just when you thought we were all holding hands across the world, this happens. Malware intended to disrupt the Olympics opening ceremony in PyeongChang succeeded in taking away Internet and media services from journalists covering the event. According to Cisco’s Talos division, this malware was also intended to delete shadow files and event logs. The culprits behind this attack appear to be Russia and North Korea. Some are suggesting Russia’s Olympics hacking was in retaliation for it’s athletes being banned from participation by the IOC, while others are saying North Korea was hacking because…well, just because.

And it turns out the cyberattacks weren’t limited solely to the Olympic stadium. There seems to have been another coordinated cyberattack happening in parallel with the games that McAfee has dubbed Operation GoldDragon. Operation GoldDragon appears to have been designed to plant spyware on victims’ machines (at hotels, event centers, etc.) for the purposes of espionage. So much for that warm-fuzzy-Olympics-feeling.

So, the Russians DID do it?

We’re guessing there are 13 Russian guys raiding their Vodka cabinets about now. Last week, Robert Mueller officially charged 13 Russians and three Russian entities with interfering in the U.S. Presidential election in 2016. A 37-page indictment alleges that Russian troll farms targeted social media in attempts to sway the election and cause chaos in our political system. Supposedly, these Russians pulled a fast one, posing as Americans to buy social media ads and stage rallies.