Cyber-criminals Offer Christmas Ransomware Discount*:
- Cyber-criminals appeared to be getting into the Christmas spirit, with one group offering ransomware victims who intend to pay a festive discount of more than half the original cost.
- Security vendor Forcepoint spotted the seasonal campaign from the black hats behind the CryptXXX ransomware variant.
- Whereas the group typically charges victims 1.2 Bitcoin ($1040) to get their files back, the special Christmas price was 0.5 Bitcoin ($433).
- CryptXXX is one of the few ransomware families that security researchers have had success with, releasing a decryptor tool for it back in May.
- However, that effort and a second tool were both rendered useless by new versions of the ransomware developed to circumvent these efforts.
- Ransomware continues to cause businesses and consumers chaos and misery, with one attack every 40 seconds on businesses and one in 10 seconds targeting customers.
*Source: Info Security, December 22, 2016
Netflix US Twitter Account Hacked*:
- The Netflix US Twitter account, with 2.5m followers, has been compromised by a hacker group called OurMine.
- OurMine posted tweets promoting its own website and services.
- The tweets were removed about an hour after the first one appeared.
- OurMine has hacked several high-profile Twitter accounts this year, including Facebook co-founder Mark Zuckerberg and Google chief executive Sundar Pichai.
*Source: BBC, December 21, 2016
Insurers Handling Hundreds of Breach Claims*:
- Insurance claims for data breaches are being made at a rate of more than one a day according to figures from CFC Underwriting.
- The firm said that in 2016 it had handled more than 400 claims on cyber-breach policies it had issued.
- The main types of attack being claimed for were privacy breaches and the theft of cash.
- Claims on CFC policies were up 78% on 2015, said chief innovation officer at the underwriter.
- Ransomware, in which data is encrypted unless victims pay cash to a hacker to unscramble it, was behind 16% of the claims filed with CFC, putting it third behind data breaches and theft.
- Cyber-insurance was becoming necessary to help firms cope with the volume of attacks they faced every day.
- Many insurance firms now had security, data forensics, incident response and PR firms on call to help respond when a claim is filed.
*Source: BBC, December 19, 2016
LA County Email Hack Exposes Data of 750,000 People*:
- Around 750,000 people who had business with county departments may have had their personal information or confidential health data exposed through the breach.
- The L.A. County District Attorney has filed criminal charges against a Nigerian national accused of launching the phishing attack on county employees.
- The Los Angeles hack joins an ever-growing list of cyber-attacks hitting institutions big and small.
- The D.A.'s office said 108 employees were tricked into providing their usernames and passwords.
- Some of those officials had “confidential client/patient information” in their email accounts through their county duties.
- The office's Cyber Crime Division is offering free monitoring to people, whose information may have been exposed, including credit monitoring.
*Source: Mashable, December 18, 2016
Russian ‘methbot’ Fraud Steals $180 Million in Online Ads*:
- Russian cybercriminals have built a new high-tech fraud enterprise: showing real ads to fake people.
- The fraud has siphoned more than $180 million from the online ad industry.
- Methbot, so nicknamed because the fake browser refers to itself as the "methbrowser," operates as a sham intermediary advertising ring: Companies would pay millions to run expensive video ads, but the ads were only delivered to counterfeit web pages that no real person was visiting.
- White Ops first spotted the criminal operation in October and it is making up to $5 million per day by generating up to 300 million fake "video impressions" daily.
- In the past, hackers have figured out how to deliver malvertising (viruses through ads) and how to fake clicks on ads, but this is on another level.
- Hackers fooled ad fraud blockers because they figured out how to build software that mimicked a real person who only surfed during the daytime using the Google Chrome web browser on a MacBook laptop.
*Source: CNN, December 20, 2016