WannaCry Ransomware Infections Hit Dozens of Traffic Cameras*:
- A month after the first computers were infected with WannaCry and nearly three months after Microsoft made a fix available the WannaCry ransomware continues to infect more systems.
- Earlier this week, production at a Honda assembly plant had to be halted due to WannaCry infections.
- A report from Australian radio station 3AW has revealed that 55 traffic cameras have also been by hit WannaCry attacks.
- A technician unwittingly unleashed the destructive work by simply plugging in a USB flash drive that had been previously infected.
- Australia’s Department of Justice says the cameras continue to operate as expected and that recording data has not been compromised.
- The Department acted quickly to minimize the ransomware’s impact by stopping the spread of the virus, and is in the process of removing the virus from the affected cameras.
*Source: Forbes, June 22, 2017
South Korean Hosting Firm Shells Out $1M in Another Ransomware Hack*:
- South Korean web hosting firm ‘Nayana’ announced that it suffered a massive breach affecting more than 150 of its servers.
- The hackers demanded nearly $4.4 million in Bitcoin to return the data back to the company.
- The two sides have now settled on a ransom fee of around $1 million in Bitcoin, which Nayana will pay out in three instalments.
- The web hosting provider is currently in the process of transferring the stolen data back to its servers.
- The company estimates the entire process will likely take between four to seven days to complete and stolen data is expected to be properly restored back to the almost 3,500 affected clients shortly after.
- The incident marks yet another unfortunately case in a recent string of ransomware attacks worldwide.
*Source: The Next Web, June 20, 2017
Millions of Samsung Users Exposed to Hackers Over Expired Domain*:
- Samsung continues to be the #1 smartphone manufacturer in the world and any vulnerability coming to Sammy handsets would affect a substantial amount of users.
- The latest vulnerability could have hurt 2.1 million devices, and it was essentially Samsung’s fault.
- Samsung phones used to come with S Suggest pre-installed, an app that would suggest other applications to use on your smartphone, but the service was discontinued in 2014.
- The only issue is the Korean manufacturer also stopped worrying about renewing the domain, leaving it up for grabs.
- Samsung claims owning the domain wouldn’t allow the user to install malicious apps on phones, but the security researcher who discovered the domain disagrees.
- The app requests permissions including the ability to reboot, install packages, get full internet access, and more – so someone with bad intentions could have done some nasty things to the phones.
- It is not good news to Samsung users, who trust the manufacturer to do everything it can to keep its customers secure.
*Source: Android Authority, June 15, 2017
Hacker Stole Satellite Data from US Department of Defense*:
- A computer hacker has admitted stealing hundreds of user accounts from a US military communications system.
- The hacker accessed and stole the ranks, usernames and email addresses of more than 800 users of a satellite communications system, as well as of about 30,000 satellite phones.
- The theft took place in June 2014, and he pleaded guilty to charges last week.
- Forensic examination of his computers by NCA officers found the stolen data on the hard drives.
- The DoD mentioned it would cost approximately $628,000 to fix the damage caused by the hacker’s intrusion.
*Source: National Crime Agency, June 15, 2017
Wipro Flags Cybersecurity Breaches as Potential Risk to Biz*:
- Wipro has listed cybersecurity breaches as a potential risk to its business, stating that such attacks could lead to financial obligations to its customers.
- The development comes weeks after 'WannaCry' ransomware hit systems across sectors like telecommunications and healthcare in over 100 countries.
- WannaCry was one of the most widespread cyber attacks in history, infecting computers running on older versions of Microsoft operating systems like XP, and locking access to files on the computer.
- Wipro, in its filing to the US Securities and Exchange Commission, noted that while there is an increase in the number of connected devices and transition to the cloud, the impact of threats is also on the rise.
- Unauthorised access, malwares, fraud, misuse/loss/tampering of personal and business data, deliberate or accidental act of its employees or other stakeholders are also on the rise.
- In the past, the firm has acknowledged the growing cyber threat in its annual reports, but had not listed it as a risk factor.
- In a recent study, Wipro said at least 1.38 billion records of data were reported stolen – around 43 records every second – during the year 2016 through data breaches at enterprises globally.
- Breaches not only impact the business operations, but also can result in customer faith being severely dented for enterprises in the aftermath of these attacks.
*Source: India Times, June 19, 2017
Hacker Bypasses Microsoft ATA for Admin Access*:
- Microsoft's Advanced Threat Analytics (ATA) platform for detecting cyber-attacks can be evaded by attackers to achieve organizational control.
- ATA works by reading information from multiple sources: Windows Event Logs, SIEM events, and certain protocols to the Domain Controller.
- ATA can detect known attacks like pass-the-hash, pass-the-ticket, Directory Services replication, brute-force, and skeleton key.
- A hacker for the Pentester Academy, found a way to bypass ATA and gain administrative access.
- ATA can be used to authenticate to different resources, driving the consequences of what could happen if the system were compromised.
- Some call ATA “the new sheriff in town” for enterprise security and many businesses still don’t use it, but it’s among the most effective mechanisms for businesses today.
- There are ways for cybercriminals to evade the detection capabilities of ATA, or avoid the system entirely, to launch dangerous attacks.
- If they can bypass ATA, it’s possible for them to gain domain administrative privileges and access each and every resource in the enterprise.
- ATA is designed to detect users trying to create a "golden ticket" to gain this level of access, but attackers can bypass this by changing a packet in the Kerberos protocol used to connect with the Domain Controller.
- The hacker has communicated his findings to Microsoft and is collaborating with its team to address the issues, and Microsoft is working to push an update out.
*Source: Dark Reading, June 16, 2017
Queen's Speech: New Data Protection Law*:
- Plans for new data protection rules in the UK have been confirmed in the Queen's Speech.
- The proposed Data Protection Bill will reflect plans described in the Conservative Party manifesto ahead of the general election.
- The government said its key priorities were:
- Ensuring data protection rules were "suitable for the digital age"
- “Empowering individuals to have more control over their personal data.”
- Giving people the "right to be forgotten”
- Modernising data processing procedures for law enforcement agencies
- Allowing police and the authorities to "continue to exchange information quickly and easily with international partners" to fight terrorism and serious crimes.
- The government also said it would implement the General Data Protection Regulation (GDPR).
- This new data protection law is the news that many companies have been waiting for to accelerate their GDPR programme and make it a concrete part of their business.
*Source: BBC, June 21, 2017