A New Ransomware ‘RedEye’, Destroys Files
‘RedEye’, A newly discovered piece of ransomware has been created mainly to destroy the victim’s files instead of the usual case of encrypting and holding them for ransom
The creator of the RedEye malware appears to be the same as that of the Annabelle ransomware. The same as Anabelle and JigSaw, RedEye’s destructive nature makes it stick out in the crowd. While majority of ransomware out there have been created with the purpose of generating revenue for their creators, RedEye would gladly destroy users’ files even if there’s no financial gain in it.
The new threat has a large file size, at 40.0 MB. Once it has infected a computer, the ransomware performs a sequence of actions to make removal a difficult process. The threat disables task manager and also hides the infected machine’s drives.
RedEye then shows a ransom note informing victims that their files have been encrypted using AES256 and that they should access an .onion website and pay Bitcoins to a specified address. This would supposedly lead to a decryption key being delivered to them. The victim is asked to pay the ransom in 4 days, and the malware claims to be able to “fully destroy” the computer after that period of time is over.
Options available in the ransomware include the possibility to view encrypted files & decrypt them, get support, and “destroy PC.” Blaze also notes that, despite claiming to have securely encrypted files with AES256, RedEye appears to actually “overwrite and fill files with 0 bytes,” thus rendering them useless. The malware also appends the .redeye extension to the affected files.
“While it appears that the RedEye ransomware has even more tricks up its sleeve than its predecessor Annabelle, the same thing holds true: do not pay the ransomware. As for the actual purpose of the ransomware: it may be considered a ransomware of the wiper kind, however, it appears the author likes to showcase his or her skill,” Blaze concludes.
Chinese Government Hackers Steal U.S. Navy Data: Report
Chinese government hackers have stolen a massive amount of sensitive information from a US Navy contractor, including secret plans to develop a new prototype of submarine-launched anti-ship missile, the Washington Post reported Friday.
The breaches were executed in January and February, from the Chinese province of Guangdong by a division of the Chinese Ministry of State Security.
The unnamed contractor, works for the Naval Undersea Warfare Center, based in Newport, Rhode Island. It conducts research and development for underwater weapons systems and submarines.
According to the Post, hackers swiped 614 GB of data that included information relating to sensors, submarine cryptographic systems and a little-known project called Sea Dragon. All that The Pentagon has said about Sea Dragon, launched in 2012, is that it is aimed at adapting existing military technologies to new uses. At the Navy’s request, the Post withheld information about the compromised new missile system, but said it was for a supersonic anti-ship missile with the capability of being launched from submarines.
Navy spokesman Commander Bill Speaks declined to confirm the Post report, citing security reasons. “Evolving cyber threats are serious matters and we are continuously bolstering our cybersecurity culture by focusing on awareness of the cyber threat, and the adequacy of our cyber defenses and information technology capabilities,” he told AFP.
News of the hack comes amid growing tensions between Beijing and Washington on a range of issues including trade and military matters. The Pentagon last month withdrew its invitation for China to join maritime exercises in the Pacific because of Beijing’s “continued militarization” of the South China Sea.
MyHeritage Data Breach – 92 Million User Credentials Exposed
MyHeritage, a DNA and genealogy firm, announced that the access credentials of nearly 92 million users had been stolen. It only discovered the breach when a security researcher told the company he had found a file named myheritage stored outside of MyHeritage.
“The file contains the email addresses and hashed passwords of 92,283,889 users who had signed up to MyHeritage up to and including Oct 26, 2017 which is the date of the breach.” said MyHeritage CISO Omer Deutsch in a statement. He stressed that the passwords are stored as “a one-way hash of each password, in which the hash key differs for each customer.”
Deutsch believes that only the credentials were stolen. “We have no reason to believe that any other MyHeritage systems were compromised.” Furthermore, he adds, “we have not seen any activity indicating that any MyHeritage accounts had been compromised.” Payment data, user DNA data and family trees have not been affected.
MyHeritage went public on the same day it learnt of the breach. However, some aspects of the statement are concerning. For instance, it immediately set up an incident response team to investigate the incident. Best practice would have such a team already convened in anticipation of a breach.
The firm is expediting “work on the upcoming two-factor authentication feature that we will make available to all MyHeritage users soon.” Best practice would have had MFA in place long ago. Furthermore, it will ‘recommend’ rather than necessitate users to employ the MFA option. It also recommends users should change their passwords, when it should perhaps force a password reset for all users.
“It appears that MyHeritage hasn’t taken the steps to automatically require users to change passwords, just that they recommend they do,” comments Absolute Software’s Global Security Strategist Richard Henderson. “That should be an immediate action for any breach of this type. We still don’t know (and neither do they) how this information was stolen, or the motives for doing so… and the statement by MyHeritage that they believe no other data was taken, especially unique DNA information and genealogy information, is probably a little premature, until they can determine exactly what happened late last October.”
MyHeritage users will need to wait to see if their DNA, family tree has or may be compromised, researchers will need to wait to see if GDPR may be enforced against them; and businesses around the world – including MyHeritage – will be waiting to see how forcefully GDPR will be enforced by the European Union.
Massive Data Breach in PageUp, an HR Software Firm
PageUp, an Australian company that provides HR software, informed customers this week that it had launched an investigation on May 23 after detecting suspicious activity on its IT infrastructure.
The firm’s analysis of the incident revealed on May 28 that hackers may have gotten access to names, contact information, usernames, and password hashes. However, documents, such as signed employment contracts and resumes, should be safe as they are kept on different servers.
“There is no evidence that there is still an active threat, and the jobs website can continue to be used. All client user and candidate passwords in our database are hashed using bcrypt and salted, however, out of an abundance of caution, we suggest users change their password,” said Karen Cariss, CEO and co-founder of PageUp.
While the company has only shared limited technical information regarding the incident, it did say that the attack involved a piece of malware. The breach has been investigated by both law enforcement and cybersecurity experts. Cybersecurity organizations and data regulators in Australia and the United Kingdom have been notified.
PageUp says it has 2.6 million active users across over 190 countries. Some of the company’s customers have notified job applicants and shut down their online recruitment pages following the incident. Australia Post, which has been using PageUp since October 2016, highlighted that in the case of individuals whose applications were successful, bank details, tax file numbers and other sensitive information was also stored on PageUp servers. There is no evidence, however, that this data has been accessed by hackers, Australia Post said.
Australian telecoms giant Telstra has also adjourned its online recruitment system due to the breach at PageUp. The company warned successful applicants that their date of birth, employment offer details, and pre-employment check outcomes were stored on PageUp systems.
Several universities in the United States also use PageUp. However, none of the U.S. universities listed on PageUp’s testimonials page have issued security alerts or suspended their online recruitment systems.
AXA Takes Help From SecurityScorecard to Set Cyber Insurance Premiums
AXA Will Use Ratings from SecurityScorecard to Help Set Premiums for Insurance Agreements. Cyber insurance is a problem. It is a new industry with huge potential but great complications. Getting premiums right is an example – the cyber insurer needs to fully understand the financial risk it incurs in able to set premiums high enough to cover the risk and still make a profit, but low enough not to kill the market.
Steve Durbin, managing director of the Information Security Forum, describes the problem. “We have already seen that the financial impact of some information security risks is being transferred through cyber insurance,” he told SecurityWeek.
“However, moving forward, I anticipate that several large data breaches will expose aggregated risks and cause insurers to suffer significant financial losses. As a result of this mispricing debacle, several insurers will be forced out of business while others will raise premiums significantly, expand contract exclusions and restrictions, or avoid cyber insurance altogether. This will make cyber insurance no longer financially viable for many organizations, and the market will contract and take several years to recover.”
“Currently, most policy premiums are based on self-assessments,” comments Greg Reber, CEO at consulting firm AsTech. This leads to its own problems. False assessments, even unintentional errors, could lead to reduced payouts in extremis. It is a strange irony that the best premiums will only be obtainable by the organizations that least need to transfer their risk to the insurance industry. At the same time, any companies that seek to rely on insurance alone to handle their risk are likely to come unstuck.
SecurityScorecard and AXA (the world’s largest insurance company) believe they have found a solution to the premium problem. SecurityScorecard is a firm that rates the cybersecurity posture of web-enabled firms. It does not wait to be asked — and the result is a growing database of independent security ratings on the world’s web-enabled businesses. Currently, it continuously monitors more than 200,000 businesses and gives them a security score from A to F. Empirical evidence suggests it works: “Companies that rate as a D or F are 5.4 times more likely to be breached than companies that rate as an A or a B,” claims the company.
AXA has now entered an agreement with SecurityScorecard to have access to these ratings and will use them to help set the premium for its insurance agreements. “The SecurityScorecard platform,” explains Scott Sayce, global chief underwriting officer of cyber at AXA, “will help us rapidly evaluate companies to understand their cyberhealth and provide our underwriters with crucial information needed to evaluate an insured’s risk.”
Rather than relying on subjective, manual self-assessments from the customer, “They’re going to be using the objective, automated, security metrics that we provide to make their insurance decisions,” Yampolskiy told SecurityWeek. “They will feed that data into their algorithms and then decide, do I increase the premium because the customer’s security posture looks risky, do I lower the premium, or maybe in some cases do I just flat out refuse to provide the cyber insurance?”
Will this relationship be enough to kickstart a serious cyber insurance industry? It will probably happen anyway, but it may take time if left to its own devices.
With Government Initiatives Digitalizing, Indian Cyber Security Market To Grow At A CAGR Of 19%
Due to the rapid adoption of SMACT (social, mobile, Analytics, Cloud & IOT) technologies are boosting the demand for cybersecurity solutions and services across India, reports “India Cybersecurity Market By Security Type, By End User Sector, By Solutions, Competition forecast & Opportunities 2013-2023. The report adds that the India cybersecurity market is slated to grow at a CAGR of 19% during 2018-2023 and the growth is expected to be driven by rising number of government initiatives towards digitizing government sector entities and processes, healthcare, BFSI, education and other vital sectors of the country.
The report discusses the following aspects of cybersecurity market in India: Cybersecurity Market Size, Share & Forecast Segmental Analysis – by Security Type (Network Security, Content Security, Endpoint Security, Application Security, Cloud Security & Others), by Solution, by End User Sector Competitive Analysis Changing Market Trends & Emerging Opportunities.
Facebook Confirms Granting Chinese Electronics Firms Access To User Data, Huawei Denies. Its Reported Bug Affects 14 Million People
In a series of privacy embarrassments for the world’s biggest social network, Facebook reported that a software glitch changed the settings of some 14 million users, potentially making some posts public even if they were intended to be private.
Facebook also confirmed that 4 Chinese electronic firms were granted private access to user data. The partnerships were with Lenovo, Oppo, TCL and Huawei and dated back to 2010 giving Facebook an opportunity to promote its platform to mobile users by having the device makers integrate features.
Huawei has denied collecting data from FB users and said its cooperation with Facebook was to improve user experience.
Cyber Security Attacks’ Biggest Target Is The Federal Government
As per Australia’s Cyber security center, one third of all cyber-attacks investigated in the last financial year were targeted at the federal government. Figures show that of the 671 cyber security incidents during 2016-17 that warranted operational response, 33 percent were aimed at federal parliament.
Of the remaining, more than 29 percent were targeting industry, while all other attacks made up just less than 23 percent. One of their spokesman said threats were on decline. “As the security of government agencies and awareness of the threats have increased, the ASCS has been required to respond to fewer incidents,” the spokesman said.
Attorney-General Christian Porter told Fairfax Media earlier this week that tougher measures were needed. “There’s an unprecedented level of foreign intelligence activity in Australia and that means more foreign agents and more foreign powers using more tradecraft and more technologies to engage in espionage and foreign interference and the attempted foreign influence of our democratic processes,” Mr Porter said.
Cybercrime Law Passed By Egypt’s Parliament, Netizen Reports
Egypt’s parliament approved of a cybercrime law on 5th of June that dictates what is and is not permissible in the realms of online censorship, data privacy, hacking, fraud and messages that authorities feel are spreading terrorist and extremist ideologies. The law gives authorities the right to “order the censorship of websites” whenever a site hosts content that possess a “threat to national security or national economy”
It also has a strong legal basis from which authorities can pursue voices of dissent or political criticism. In the month of May 2018 many bloggers and well known social media activists were picked up by authorities on the same grounds.
Delhi Understaffed Cyber Cell Yet To Solve 80 % Of Cases
As per reports by India Today, Delhi police just has 50 staffers managing its cyber cell and so the understaffed unit is yet to solve 80% of the cases registered with it starting from 2017. An official told that only after a minimal 5 to 10 day crash course on cybercrime and investigation, they are asked to work. “Following that course, the cops are made to join the cyber cell.
Even though there are many in Delhi Police who hold engineering degrees and IT diplomas, recruitments are made randomly,” he said.
“As there is a staff crunch in the cyber cell unit, the government has sanctioned sufficient number of posts. We are already in the process of recruiting for them,” said Dependra Pathak, Special Commissioner and chief spokesperson of Delhi Police. Madhur Verma, DCP (New Delhi district) added: “Recently, we have recruited police personnel having IT skills background for better investigation work.” It has been seen as per sources that more than 110 cybercrime complaints were lodged but only 26 of these were registered as FIR’s. In 2017 around 84 FIR’s were launched, out of which the cyber cell unit was able to solve just 13. Delhi police has also purchased six forensic softwares worth 1.3 crores to help investigators scrutinize data but legal experts however claim that reports through this software is not admissible in court.