The SecuriTea News - Issue #8
Every Friday The Weekly SecuriTEA Report brings you the latest week’s trending Information Security News. Here's what is new for this week:
Just say no. The city of Bedford, Massachusetts is the latest to have its network to be crippled by ransomware. Fortunately for them their IT teams were able to detect the attack early, contain and mitigate it before the ransomware could do extensive damage. The threat actors behind the attack were demanding $5.3 million in Bitcoin, said to be the biggest ransom demand to date, to undue the encryption of their network but the city has opted out of paying the ransom. Instead their teams have decided to manually restore their systems, to the best of their ability, using backups. According to their press release delivery of services were not disrupted to their residents as well as. systems and applications have been completely restored. Affected workstations (about 4% or 158 computers) were isolated and rebuilt, ensuring the threat has been completely removed. This latest case of ransomware just highlight the ever growing threat that local governments are facing. The city of Bedford is a great example of how properly established, and practiced, security incident response and disaster recovery can go a long way in saving an organization from operational, financial, and reputational ruin.
Scamming taken to a new level. The first known case of a successful Deep Fake financial scamming has taken place. A "Deep Fake" is an audio or video that has been altered, powered by powerful artificial intelligence, to impersonate someone. You may have seen an example with the fake President Barack Obama video that went viral. The impacted company has not yet been revealed but The Wall Street Journal released a report detailing the attack and its dangerous precedence. The threat actors were able to create a near-perfect impersonation of the victim organization's CEO to fool the company into transferring $243,000 to their bank account. The incident took place in March when the CEO of child company of the victim organization received a phone call from the imposters asking for a money wire transfer with the promise of reimbursement. The victim, deceived into thinking that the voice was that of his boss – particularly because it had a similar slight German accent and voice pattern – made the transfer. The funds reportedly went from Hungary to Mexico before being transferred to other locations. Luckily the affected company was reimbursed.
Twitter Disables Text-Messaging Feature after CEO Hack. While users still don't have the ability to edit tweets, they did have the ability to tweet via text message instead of directly through an application. This feature has now been turned off after their Chief Executive's, Jack Dorsey, account was hacked and used to spew a tirade of racist tweets. Twitter released a statement explaining that the compromise was due to a security oversight by a mobile company. Declining to name the mobile provider, the compromised account was taken back and tweets were deleted within half an hour. This comes on the heels of another compromised account, this time social media personality James Charles, that also was due to a phone number compromise. Critical of his company and their response of handling malicious content on their platform, Dorsey has said improving the health of conversations on Twitter would be a priority for the company and pledged employees would work to identify problems faster.
Food Quality Reports Under Threat. We typically lookout for threats to our identity, credit cards, networks but now it is possible for the quality control reports for our food industry to possibly be altered or deleted altogether. There have been two critical vulnerabilities found in a food-quality management software package would allow adversaries to completely compromise the system, possibly allowing an attacker to manipulate or delete data, modify or disable alarms which could potentially impact food quality reports. The software vulnerabilities are found in the vendor, Danfoss, who has since released a patch and have advised organizations using the vendor to do so. This latest threat highlights the wide potential of critical vulnerabilities found in systems and services relied on by society.
Company competes against Apple/Google for Zero-Day Payouts Zero-day's are classified as an unknown flaw in software or hardware that can create problems for users/vendors way before it is known to them. It is a major security risk as an adversary can compromise your data without you knowing it was there in the first place. About two months ago we reported how Google and Apple were upping the ante on paying researchers more money for submitting these kinds of flaw to the company rather than selling them. They now have some competition as Zerodium, the world's leading exploit acquisition platform for premium zero-days and advanced cybersecurity capabilities, is now offering a whopping $2.5 million dollars for zero-click zero-day submissions for Android. They also have slashed how much they are willing to pay Apple, signaling a viewpoint in the valuation of Apple declining, while increasing other vulnerability pay-outs for Android. Zerodium making this move so soon after Google and Apple just increased the pressure in the weapons market to keep their products safe.
And that's a wrap for your Weekly SecuriTea Report. Be sure to check out the latest every week for the latest in Information Security News.