Friday Five: 5/18 Edition
Malicious Android apps, hospital leaks, and more - catch up on the week's infosec news with this roundup!
1. Hackers siphon hundreds of millions of pesos out of Mexican banks through shadow transactions by Graham Gluley
Cybercriminals made off with an eye-popping amount of money from Mexican banks earlier this year. According to a recap of the news via The Tripwire over 300 million pesos, $15 million USD, was illegally transferred out of banks. The transfers were detected until last month but Reuters broke the news Wednesday. It's unclear exactly how attackers got in but it’s possible a software vulnerability in SPEI, an electronic payments system used by banks in the country, similar to SWIFT, is to blame. Of course it was only two years ago that an attack on SWIFT resulted in the loss of $81 million from the central bank of Bangladesh. The New York Times Magazine, in case you missed it, delved into the SWIFT attack in an issue earlier this month.
2. 'Telegrab' Malware Grabs Telegram Encryption Keys, Steam Credentials Lucian Armasu
Of all the so-called encrypted messaging apps it's always seemed as if Telegram has had the hardest time maintaining a reputation. The latest issue to affect the app - a strain of malware that steals encryption keys and cached data - only targets the desktop version of the app but that doesn't make it any less scary. The malware, discovered by researchers with Cisco Talos, is named Telegrab. According to Tom's Hardware the malware makes use of a design flaw in the app - the fact that users can't automatically logout - to harvest stored files. It’s worth nothing the desktop version of the app does not allow users to utilize Telegram's Secret Chats feature, something that when compounded by malware like this can really put a users’ privacy and security in jeopardy, Talos researchers warn.
3. Fake Fortnite Apps Scamming and Spying on Android Gamers by Viral Gandhi
It's happened before and will happen again: Attackers will always try to capitalize on uber-popular mobile games to scam users. The rampant popularity behind Pokemon Go and Super Mario Run in 2016 prompted a flurry of scams and malware. The latest victim: Fortnite fans. While the game was recently released for iOS it's yet to be released on Android, driving many fans to download fake apps that are actually spyware and adware. Researchers with Zscaler have kept on top of the phony apps, including apps that mine cryptocurrency, apps that can read user keystrokes and record audio, and apps that download other fake apps and attempt to raise revenue for attackers.
Digital Guardian Receives High Marks in KLAS Research’s 2017 Data Loss Prevention Report for Healthcare
4. Google rolls out free cyberattack shield for elections and campaigns by Alfred Ng
Jigsaw, the tech incubator owned by Google parent company Alphabet, announced this week it will offer its DDoS protection tool, Project Shield, to any political campaign, candidate, or political action committee that needs it this November. It's a bit of much needed goodwill especially in wake of a cyberattack that took down the web server behind the election website of Knox County, Tenn, just two weeks ago. While the attack didn't have an effect on the election it left the site offline for an hour and made it demonstrably clear that when it comes to elections not just ballots are vulnerable to hackers.
5. UT physician group improperly shared patient email addresses by Todd Ackerman
It's well documented how important data security is when it comes to the healthcare industry - what with HIPAA compliance, critical electronic protected health information (ePHI) and so on. Even when healthcare facilities botch seemingly procedural tasks, like sending emails, it can have a troublesome effect on patients however. That's exactly what the University of Texas Health Science Center at Houston did last week when it accidentally sent out emails to patients that included the email addresses of between 100 to 300 other patients, the Houston Chronicle reports. The slipup could make patients prime targets for social engineering or phishing attacks going forward. UT, for its part, said it will implement tighter processes for emailing patients and will update "practice-wide training on patient privacy."