Friday Five 10/1
Android scam apps, how insider threats can cause damage, and combating SIM swap attacks - catch up on the week's infosec news with the Friday Five!
1. A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death by Kevin Poulsen, Robert McMillan and Melanie Evans
A brutal but necessary read - one could argue the read of the week - in the Wall Street Journal on what could be the first death connected to ransomware. It’s worth reading in full but a tweet by Bob McMillan, one of the journalists on the byline, does a good job summing it up: “An expectant mother checked into Springhill Medical Center she didn’t know it was 8 days into a ransomware attack that affected the system that would monitor her baby for signs of distress.”
2. Hundreds of Scam Apps Hit Over 10 Million Android Devices by Lily Hay Newman
In this world nothing is certain but death, taxes, and scam apps lingering for months on end in Google Play. Seriously though, it feels like every few weeks there's news of a rogue malware app or a series of scam apps that were found in Google Play. The company has gone great lengths to prevent this from happening, its stepped up how it scans apps and reviews them but still, they continue to pop up. According to Wired that was the case with 200 apps recently that wound up costing unsuspecting users potentially millions of dollars. The apps were simple looking things like heart rate trackers and translators but racked up charges through the premium SMS services feature of wireless bills. This campaign, dubbed GriftHorse by researchers, wound up tricking Android users in more than 70 different countries. For what it's worth, all of the apps have been removed and developers have been banned, something that should deter them from attempting a similar scam, at least in the near future
3. 10 Recent Examples of How Insider Threats Can Cause Big Breaches and Damage by Ericka Chickowski
Not an article but a slideshow that delves into the world of insider threats and stolen intellectual property. DarkReading's Chickowski looks at 10 breaches that can be traced back to either malicious or negligent insiders. It's worth mentioning that some of these we've written about on our blog, like Garrett Popcorn Shops' interesting case involving stolen popcorn recipes and formulas. It’s not an exhaustive list by any means but there are some stories in here you may have missed.
4. FCC Working on Rule for Wireless Carriers to Avert SIM Swap Fraud by Mariam Baksh
There was some movement on a federal level this week around combating SIM swap fraud. SIM swapping, when a scammer transfers your phone number to another device to access your accounts, has long been viewed as a tricky to solve attack vector because it can side-step phone number, SMS-based two-factor authentication. The Federal Communications Commission agreed to look into creating new rules that would verify the identity of a user before making changes to their account. According to NextGov, the commission is proposing “amending the Customer Proprietary Network Information and Local Number Portability rules to require carriers’ secure authentication of a customer before changing their number to a new device and to immediately notify customers whenever a SIM change is requested on their accounts.”
5. Fake Amnesty International Pegasus scanner used to infect Windows by Ionut Ilascu
News on an especially shady campaign spotted by researchers with Cisco Talos in which attackers are passing off malware as an Amnesty International scanner for Pegasus, the NSO spyware. Pegasus has been in the news plenty lately; most recently, last month, Apple was forced to issue a patch for a hole in iOS the group was using to spy on activists, journalists and dissidents. According to the researchers, attackers are unleashing Sarwent - a remote access rool - via a fake Amnesty International website advertising Anti-Pegasus AV. Here's hoping that those concerned enough of getting targeted by Pegasus are adept enough to differentiate a fake Amnesty International website from a legitimate one.