Friday Five: 1/24 Edition
Job performance details of over 900 employees left exposed online, a new ransomware family targets Windows 10 users, and more - catch up on the week's news with the Friday Five.
WeWork was mentioned in the news plenty this week, but surprisingly, they are not the ones catching heat here. Rival office space company, Regus, based in Luxembourg, accidentally leaked detailed information about the job performance of more than 900 of their employees online. The company was using a mystery shopping business, Applause, to audit its sales staff and make sure they were closing enough deals to compete with rivals such as WeWork. The auditing was done through covert filming using “spy pens” fitted with miniature cameras that employees were apparently aware of, according to a Regus spokesman said in a press release. Oddly enough, the information in the leaked documents contained a training guide about covertly filming employees and instructions that read, “the filming of the tour has to be kept secret.” Applause published the collected information to a page on task management servic Trello, which was made public, so the files were accessible to anyone using a simple Google search. After being contacted by The Telegraph, Regus and Applause removed the sensitive documents from the site. When asked about the incident, a Regus spokesman said, “We are extremely concerned to learn that an external third-party provider inadvertently published online the outcomes of an internal training and development exercise. As our primary concern we took immediate action and the external provider has now removed the content.”
2. Windows 10 Users on Alert Over Terrifying New SNAKE Attack by Aaron Brown
The team at MalwareHunterTeam discovered a scary new ransomware family that's targeting Windows 10 users. The ransomware is designed to encrypt everything – apps, files, and anything you really care about – on your computer and every PC that’s linked on the same network. MalwareHunterTeam worked with ethical hacker Vitali Kremez to reverse-engineer the code and figure out whether it could be stopped. Kremez found that SNAKE shows a much higher level of obscurity than you’d typically find with ransomware, and it’s very difficult to stop once its infected a victim’s network. As it encrypts files on a system, it will add a new file to the desktop with a message that notifies the victim that they have encrypted all of their documents, databases, photos, etc. and provides them with an email address where they can pay a ransom to receive a decryption tool. SNAKE also prohibits IT technicians from being able to perform a remote takeover of your machine in order to resolve the problem by disabling any remote management tools and removing management software. As always, security experts are advising everyone against paying as there is no guarantee the decryption key will work, and even if it does, there is nothing stopping the criminals from striking again.
3. GDPR: 160,000 Data Breaches Reported Already, so Expect the Big Fines to Follow by Danny Palmer
Europe’s new digital privacy regulation, GDPR, came to fruition 20 months ago, and the number of security incidents that are being reported are currently on the rise. Since the birth of GDPR, there have been over 160,000 data-breach notifications made to authorities, and the total cost of fines paid so far is estimated to be $126 million. The average number of breach notifications per day has increased by over 12% compared to last year. As the regulation gains momentum and becomes even more firmly enforced, the amount and severity of fines is expected to increase exponentially. Because organizations can be fined up to four percent of their annual turnover if they fail to comply with GDPR, one might think that most of them are ramping up their security measures but it’s believed that just one-third of organizations are fully GDPR compliant.
4. December Cyber Attack Costs New Orleans $7 Million, So Far by Filip Truta
Checking back in on the city of New Orleans – a ransomware attack hit the city’s network in early December, and the city has suffered $7 million in losses so far, with more to be incurred in coming months toward system upgrades and cybersecurity investments. Although Mayor Latoya Cantrell has stated that the city will recover $3 million from their cyber insurance, they still have to devote more funds to building a stronger cyber security platform and buying new computers as many of their antiquated devices would not operate on the new platform. At the time of the attack, all city employees were told to disconnect all computer systems. Gilbert Montano, the city’s chief administrative officer, expects staff to struggle for at least six more months before day-to-day operations return to normal. The city had to clean over 3,400 computers and they are still in a long and laborious stabilization period of rebuilding what they had to turn off. Luckily, New Orleans is a resilient city and knows how to handle downtime thanks to its preparedness for hurricane season.
5. Insurers Look to Curb Ransomware Exposure as U.S. Cyber Rates Rise by Suzanne Barlyn
Reuters spoke to industry sources and found that insurers in the U.S. are planning to ramp up cyber-insurance, specifically ransomware insurance, rates by as much as 25%. There has been a growing trend of hackers using these malicious ransomware programs to take down entire systems, and although the attacks were less frequent in 2019 than the prior year, the ramifications were more severe and longer lasting. The average ransom demand in the third quarter of 2019 more than tripled from the first quarter, reaching an average of $41,198 per attack. Hackers began to turn their focus from big targets to mid-size companies and other organizations that are less technologically adept. Adam Kujawa, director of Malwarebytes Labs, spent time researching these attacks and is quoted in the piece saying that “ransomware is more sophisticated and dangerous than we saw in the past." Cyber policies currently cover not only ransom, but data recovery, legal liabilities and negotiators fluent in hackers’ native languages. Insurers are beginning to consider changes when it comes to the packages they offer, and whether ransomware should be a separate product from general cyber coverage.