Skip to main content

Friday Five: 6/12 Edition

by Amanda Brown on Friday June 12, 2020

Contact Us
Free Demo

A new malware strain is targeting Linux and Windows systems, mobile banking apps potentially targeted by hackers, and the city of Knoxville suffers a ransomware attack - catch up on the week's news with the Friday Five.

1. Fitness Depot Notifies Customers of Data Breach by Sarah Brennan

Fitness Depot, a Canadian fitness retailer, was informed of a data breach impacting their e-commerce platform on May 20 and has recently begun notifying its customers that their personal and financial information may have been stolen. In the breach notification letter, Fitness Depot revealed that the attackers compromised the company’s online store and may have accessed sensitive customer information including names, addresses, contact information and credit card numbers. The breach was likely the result of a Magecart attack in which the hackers injected malicious JavaScript-based scripts into the store’s checkout page in order to steal customer information that's entered into the payment form. The breach dates as far back as February 2020 and the company is advising any customers who placed orders in that time to monitor their credit reports and review account statements regularly to protect themselves against identity fraud.

Read more

2. Florida Student Discovers Flaws in Leading Doorbell Security Cameras by Sarah Coble

Blake Janes, a student at the Florida Institute of Technology, discovered “systematic design flaws” in devices manufactured by Ring, Nest, SimpliSafe, and other internet-connected doorbell and security camera companies. The flaws, which allow a shared account to remain in place despite appearing to have been removed, could permit malicious actors to covertly record audio and video from vulnerable devices indefinitely. The way these devices were designed to grant access to users is where the vulnerability arose. All decisions to grant access are completed in the cloud and not made locally on the camera itself or the users’ smartphones. The repercussions of such a flaw are very serious as victims’ privacy could be compromised on their very own doorsteps. The student has informed vendors about the vulnerabilities and suggested several fixes; many vendors have been in communication with him about potential solutions.

Read more

3. Linux and Windows Systems Targeted by New Tycoon Ransomware by Mike Moore

A new ransomware strain, given the name Tycoon, appears to be responsible for highly targeted attacks against Linux and Windows systems, mostly in the software and education industries. Security researchers have spotted the malware being manually deployed with the operators targeting individual systems and connecting via a RDP server. Once the attackers identify a target and successfully infiltrate the system using local administrator credentials, they disable the antivirus and install a ProcessHacker hacker-as-a-service utility. The ransomware takes the form of a trojanized Java Runtime Environment (JRE), and after its been executed on a system, the malware encrypts file servers and demands payment from the victims. The malicious JRE contains both Windows and Linux versions which suggests the hackers want to target multiple systems and servers. Although Tycoon has been active for six months, there's been a limited number of victims which may suggest the malware is highly targeted.

Read more

4. FBI Warns Hackers Targeting Mobile Banking App Users During Pandemic by Teri Robinson

The FBI has issued a warning that hackers are attempting to exploit mobile banking customers in an effort to steal credentials and commandeer bank accounts. Due to an increase in bank app use during the Covid-19 pandemic, the FBI expects hackers to increasingly target consumers using a variety of techniques, including app-based banking trojans and fake banking apps. There are many fake mobile apps floating around, many which angle for an immediate payday by stealing banking credentials. Most of these sites take users to websites that mirror real sites to download fake apps as they usually do not make it to public app stores. Individuals should remain extra cautious during this time if they're downloading or logging onto banking apps.

Read more

5. Knoxville Shuts Down Part of its Network After Being Hit by Ransomware by Dan Goodin

The city of Knoxville, Tennessee was hit by a ransomware attack overnight on Thursday and was forced to shut down large portions of its computer network the following day. Members of the Knoxville Fire Department first noticed the attack around 4:30 a.m. on Thursday, and David Brace, Knoxville Chief Operations Officer, sent employees a notification of the breach shortly after that. The city followed recommended protocols and began shutting down servers, their internet connections and all PCs. Fortunately, the fire and police departments were able to continue operating as usual. In his email, Brace said that city servers were hit but no backup servers were affected so much of the city’s workflows could be rerouted through them. City IT officials believe the threat has been isolated and that no financial or personally identifiable information was compromised but the investigation is still ongoing. Knoxville joins a growing list of municipalities that have been targeted by ransomware. It's the 51st U.S. state or municipal entity to be affected by such an attack this year.

Read more

Tags:  Data Breach hacking Ransomware Malware

Recommended Resources

The Definitive Guide to DLP

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives

The Definitive Guide to Data Classification

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business