Friday Five: 2/19 Edition
Happy Friday and welcome to this week’s recap of top security news.
1. Gartner Predicts That One in Four Companies Will Reduce Data Leakage Incidents by 2018 by Razvan Muresan
According to Gartner’s research director Felix Gaehtgens, less than 5 percent of organizations were not only tracking, but also reviewing privileged activity in depth last year. Often companies review access and log activity, but do not go further in terms of what particular activity occurred. Gartner predicts that data leakage incidents will be cut by a third as a result of about 25 percent of organizations reviewing privileged activity. On the other hand, without researching the actual activity that privileged users took, it becomes very easy for malicious users and insider threats to take advantage of organizations. Read the article for more predictions from Gartner.
A new type of malware called “Metel” or “Corkow” has been used as an entryway into financial institutions and is currently being used to conduct extensive ATM raids against banks in Russia. Most recently Metel malware allowed hackers to break into Kazan-based Energobank, exfiltrating about US$500 million. This caused such a blow to the country that it alerted the Russian Central Bank. Within 14 minutes the Russian ruble exchange rate changed from 55 to 66 rubles per dollar; a 15 percent hike. According to the Group-IB’s discussion with Bloomberg, this could have been a test for future attacks. Read the full article for more on Metel.
3. “Locky” Ransomware: What You Need to Know by Paul Ducklin
As ransomware is coming back to the forefront of recent news, Paul Ducklin discusses the inner workings of the newly discovered ransomware dubbed “Locky” and provides immediate steps you can implement to better safeguard yourself. Locky is a new type of ransomware that adds the “.locky” extension to all your files and scrambles them along with any shadow copies. To obtain your information and to decrypt the files, the victim has to pay the attacker in Bitcoin to receive the decryption key. Read the full article to find out what you can do to protect your computer from being overtaken and held hostage by Locky.
LA Times reported that the Hollywood Presbyterian Medical Center in Los Angeles fell victim to a ransomware attack that rendered its computers offline for over one week. Known for having a wealthy clientele, this seems to be a more targeted attack; the perpetrators were asking for a $3.4 million bitcoin payout in exchange for providing the “private key” to bring all computers back online. The hospital appears to have paid the hackers $17,000 in bitcoin to regain access to its technology. The attack raises questions on whether it will persuade future attackers to use ransomware as a method for successful attack, yet if the attackers are caught and revealed this incident may serve to deter such future attacks. Read the full article for more on this ransomware attack.
In the case of the San Bernardino shooter suspect and the FBI’s investigation, a magistrate has ordered Apple to assist the FBI in unlocking the suspect’s phone. Essentially the FBI is asking Apple to create a type of aftermarket back door into the device to investigate its contents. While Apple has cooperated with the FBI in past cases to provide access to phones, this case is unique in several ways. In 2014, Apple created software that does not allow it to unlock customers’ phones, partially in response to the government’s request to circumvent Apple's encryption and gain access to these devices. Much of the heated debate hones in on one vulnerability Apple left open, which may make it easier for the FBI to gain access and unlock the phone on its own. Apple is actively trying to close this loophole, which may trigger federal legislation to prevent technology companies from locking the government out of devices. Read the article for more on the latest developments in the encryption debate.