Blog

Blog

December 2016: The Month in Ransomware

Online extortionists closed 2016 with a spike in ransomware activity. The statistics for December were alarming: 32 new samples emerged and 33 existing strains got updated. The fact that security researchers released nine decryption tools is quite promising, but it is still a weak countervailing factor. The report below explores the ins and outs of...
Blog

Are You Hiring? GoldenEye Ransomware Wants to Meet Your HR Department

GoldenEye ransomware wants to interview with your company's HR department, but it's not interested in filling an open position. For this new campaign, GoldenEye has assumed a job application theme to target German speakers in companies' HR departments. The authors of the ransomware, which is an updated form of Petya, know it's part of HR employees'...
Blog

Ransomware Offers Free Decryption if you Learn About Cybersecurity

In recent weeks there have been some peculiar new strains of ransomware spotted. Take the Popcorn Time ransomware, for instance, which lets you decrypt your files "the nasty way" by helping the blackmailers spread their attack further. If you can infect two other victims (and get them to pay up) Popcorn Time's developers will allegedly send you your...
Blog

Efficient Wi-Fi Phishing Attacks: Would You Fall for That?

In recent years, Wi-Fi networks are usually secured with the Wi-Fi Protected Access II (WPA2), a security protocol which leverages a strong cryptographic hash function (PBKDF2 with the network's ESSID as salt) to protect the pre-shared key (PSK). Breaking into a WPA-2 network can be a great challenge during a penetration test. A modern GPU that is...
Blog

Unprotected MongoDB Databases Wiped and Held for Ransom by Attacker

An attacker is obtaining access to unprotected MongoDB databases, stealing and erasing their content, and holding them for ransom. On 27 December, security researcher Victor Gevers came across a MongoDB server that was open to external connections and that lacked a password on its admin account. This database didn't contain a lot of information. In...
Blog

Divining Infosec: Security Experts' Predictions for 2017

We saw a lot happen in information security over the course of 2016. Some of these events, like the distributed denial-of-service (DDoS) attacks that struck Dyn and Russia's hacking of the DNC, made the public care about digital security as never before. Those incidents changed the national discourse on information security. As such, they shifted...
Blog

Anonymous Hackers Deface Victoria's Human Rights Commission Website

Hackers claiming to be part of Anonymous defaced the website of Victoria's Human Rights Commission. On 2 January, the statutory authority in the Australian state of Victoria announced on Twitter that its website was temporarily down. https://twitter.com/VEOHRC/status/816095043282796544 The Guardian reports Victoria's Human Rights Commission took its...
Blog

Dyn DDoS: What It Means for Supply Chain Security

By now, you have probably heard about one, maybe two massive Distributed Denial of Service (DDoS) attacks that occurred near the end of 2016. The first was Brian Krebs being subjected to a 620 Gbps DDoS. The second, and more noticeable, attack targeted DNS provider Dyn and took down parts of Twitter, Amazon, and other Dyn clients' infrastructure on...
Blog

How and Why Small Businesses Are Investing in Cybersecurity

Businesses of all sizes are taking note that cyber threats are continually on the rise. No one is safe. In our digital world, you just can't be too cautious when it comes to protecting your data. This is true whether your company employs 200,000 or 10 employees. Cyber criminals have no bounds. They just want to profit off of your information. That...
Blog

KillDisk Wiper Malware Evolves into Ransomware

KillDisk malware has moved away from wiping infected computers of their stored data and has evolved into ransomware. Researchers at ICS/SCADA security firm CyberX recently came across a new KillDisk variant. After reverse-engineering it, they found that the malware displayed a pop-up ransom message demanding victims pay 222 Bitcoins in exchange for...
Blog

Here's How VPNs Can Bolster Your Digital Security

Contrary to popular belief, VPNs are not restricted to being used for gaining unrestricted access to the internet alone. VPNs are by far one of the most effective tools for you to enhance your online security and anonymity. If you are not sure how VPNs can help you in this regard and need help figuring out their many applications, then read on to...
Blog

The Three "M's" of Mirai: Money, Multiplication, and Mitigation

21 October 2016 is a date that will live in infamy. At 11:10 UTC, internet performance management company Dyn began monitoring a distributed denial-of-service (DDoS) attack against its Domain Name System (DNS) infrastructure. It took Dyn approximately two hours to mitigate the attack. In that span of time, the DDoS campaign took down the websites...
Blog

GootKit and Godzilla End 2016 Strong with New Malware Campaigns

Two malware families known as GootKit and Godzilla are closing out the year strong with separate campaigns designed to harvest users' financial information. In Canada, the GootKit trojan is targeting members of several financial institutions. The campaign begins when a user receives a spam message that appears to have originated from a trusted actor...
Blog

How Multi-Factor Authentication Can Protect You Against the Unknown

Often times I am asked by friends and family: what’s the most important thing I can do to protect myself online? The answer I always give to them is to never use the same password on multiple sites. Ever. The reason this is my number one answer is simple: every day there is another breach announced. Some of these breaches are major events that you...
Blog

Top 10 State of Security Articles of 2016

With 2016 coming to a close, The State of Security wanted to give our readers an overview of some of the most interesting, educational, and standout blogs from the year to help fill the time between eating holiday treats and celebrating the New Year. 6 Stages of Network Intrusion and How to Defend Against Them In June, David Bisson wrote up...
Blog

Android Trojan Performs DNS Hijacking Attacks against Wireless Routers

A new Android trojan targets wireless routers and performs DNS hijacking instead of attacking users directly. Kaspersky Lab found that the trojan, dubbed Trojan.AndroidOS.Switcher, generally adopts one of two disguises. The first facade (com.baidu.com) is a fake mobile client for the Chinese search engine Baidu. The second (com.snda.wifi) is a fake...
Blog

2016 Reflections on ICS Security

As the year approaches the end, it is a time to reflect on 2016 and industrial control systems (ICS) security. Why ICS security? Because securing ICS should be everyone’s concern. Consider the impact on this critical infrastructure and what it means to you. Impact Why? Your entertainment—watching movies on your TV or laptop,...
Blog

The Top 5 Scam Types of 2016

In a recent article, I discussed how HDDCryptor, Cerber, and eight other families dominated the ransomware scene in 2016. It was a good year for ransomware authors. But they weren't the only ones who closed out 2016 in the black. Scammers also made a killing off unsuspecting users. They did so partly because 2016 saw such a dramatic spike in scams....
Blog

Cerber Ransomware Spread by Nemucod in Pseudo-Darkleech Campaign

A pseudo-Darkleech campaign is exposing users to Nemucod malware that in turn downloads Cerber ransomware onto their machines. Heimdal's security evangelist Andra Zaharia found the campaign hinges on pseudo-Darkleech infections by which malicious actors compromise WordPress websites and inject code into core WP files. The code displays a malicious...