Week of December 23, 2016


Week of December 23, 2016

Cyber-criminals Offer Christmas Ransomware Discount*:

  • Cyber-criminals appeared to be getting into the Christmas spirit, with one group offering ransomware victims who intend to pay a festive discount of more than half the original cost.
  • Security vendor Forcepoint spotted the seasonal campaign from the black hats behind the CryptXXX ransomware variant.
  • Whereas the group typically charges victims 1.2 Bitcoin ($1040) to get their files back, the special Christmas price was 0.5 Bitcoin ($433).
  • CryptXXX is one of the few ransomware families that security researchers have had success with, releasing a decryptor tool for it back in May.
  • However, that effort and a second tool were both rendered useless by new versions of the ransomware developed to circumvent these efforts.
  • Ransomware continues to cause businesses and consumers chaos and misery, with one attack every 40 seconds on businesses and one in 10 seconds targeting customers.

*Source: Info Security, December 22, 2016


Netflix US Twitter Account Hacked*:

  • The Netflix US Twitter account, with 2.5m followers, has been compromised by a hacker group called OurMine.
  • OurMine posted tweets promoting its own website and services.
  • The tweets were removed about an hour after the first one appeared.
  • OurMine has hacked several high-profile Twitter accounts this year, including Facebook co-founder Mark Zuckerberg and Google chief executive Sundar Pichai.

*Source: BBC, December 21, 2016


Insurers Handling Hundreds of Breach Claims*:

  • Insurance claims for data breaches are being made at a rate of more than one a day according to figures from CFC Underwriting.
  • The firm said that in 2016 it had handled more than 400 claims on cyber-breach policies it had issued.
  • The main types of attack being claimed for were privacy breaches and the theft of cash.
  • Claims on CFC policies were up 78% on 2015, said chief innovation officer at the underwriter.
  • Ransomware, in which data is encrypted unless victims pay cash to a hacker to unscramble it, was behind 16% of the claims filed with CFC, putting it third behind data breaches and theft.
  • Cyber-insurance was becoming necessary to help firms cope with the volume of attacks they faced every day.
  • Many insurance firms now had security, data forensics, incident response and PR firms on call to help respond when a claim is filed.

*Source: BBC, December 19, 2016


LA County Email Hack Exposes Data of 750,000 People*:

  • Around 750,000 people who had business with county departments may have had their personal information or confidential health data exposed through the breach.
  • The L.A. County District Attorney has filed criminal charges against a Nigerian national accused of launching the phishing attack on county employees.
  • The Los Angeles hack joins an ever-growing list of cyber-attacks hitting institutions big and small.
  • The D.A.'s office said 108 employees were tricked into providing their usernames and passwords.
  • Some of those officials had “confidential client/patient information” in their email accounts through their county duties.
  • The office's Cyber Crime Division is offering free monitoring to people, whose information may have been exposed, including credit monitoring.

*Source: Mashable, December 18, 2016


Russian ‘methbot’ Fraud Steals $180 Million in Online Ads*:

  • Russian cybercriminals have built a new high-tech fraud enterprise: showing real ads to fake people.
  • The fraud has siphoned more than $180 million from the online ad industry.
  • Methbot, so nicknamed because the fake browser refers to itself as the "methbrowser," operates as a sham intermediary advertising ring: Companies would pay millions to run expensive video ads, but the ads were only delivered to counterfeit web pages that no real person was visiting.
  • White Ops first spotted the criminal operation in October and it is making up to $5 million per day by generating up to 300 million fake "video impressions" daily.
  • In the past, hackers have figured out how to deliver malvertising (viruses through ads) and how to fake clicks on ads, but this is on another level.
  • Hackers fooled ad fraud blockers because they figured out how to build software that mimicked a real person who only surfed during the daytime using the Google Chrome web browser on a MacBook laptop.

*Source: CNN, December 20, 2016


Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

scroll top