Friday Five: 6/12 Edition
A new malware strain is targeting Linux and Windows systems, mobile banking apps potentially targeted by hackers, and the city of Knoxville suffers a ransomware attack - catch up on the week's news with the Friday Five.
1. Fitness Depot Notifies Customers of Data Breach by Sarah Brennan
2. Florida Student Discovers Flaws in Leading Doorbell Security Cameras by Sarah Coble
Blake Janes, a student at the Florida Institute of Technology, discovered “systematic design flaws” in devices manufactured by Ring, Nest, SimpliSafe, and other internet-connected doorbell and security camera companies. The flaws, which allow a shared account to remain in place despite appearing to have been removed, could permit malicious actors to covertly record audio and video from vulnerable devices indefinitely. The way these devices were designed to grant access to users is where the vulnerability arose. All decisions to grant access are completed in the cloud and not made locally on the camera itself or the users’ smartphones. The repercussions of such a flaw are very serious as victims’ privacy could be compromised on their very own doorsteps. The student has informed vendors about the vulnerabilities and suggested several fixes; many vendors have been in communication with him about potential solutions.
3. Linux and Windows Systems Targeted by New Tycoon Ransomware by Mike Moore
A new ransomware strain, given the name Tycoon, appears to be responsible for highly targeted attacks against Linux and Windows systems, mostly in the software and education industries. Security researchers have spotted the malware being manually deployed with the operators targeting individual systems and connecting via a RDP server. Once the attackers identify a target and successfully infiltrate the system using local administrator credentials, they disable the antivirus and install a ProcessHacker hacker-as-a-service utility. The ransomware takes the form of a trojanized Java Runtime Environment (JRE), and after its been executed on a system, the malware encrypts file servers and demands payment from the victims. The malicious JRE contains both Windows and Linux versions which suggests the hackers want to target multiple systems and servers. Although Tycoon has been active for six months, there's been a limited number of victims which may suggest the malware is highly targeted.
4. FBI Warns Hackers Targeting Mobile Banking App Users During Pandemic by Teri Robinson
The FBI has issued a warning that hackers are attempting to exploit mobile banking customers in an effort to steal credentials and commandeer bank accounts. Due to an increase in bank app use during the Covid-19 pandemic, the FBI expects hackers to increasingly target consumers using a variety of techniques, including app-based banking trojans and fake banking apps. There are many fake mobile apps floating around, many which angle for an immediate payday by stealing banking credentials. Most of these sites take users to websites that mirror real sites to download fake apps as they usually do not make it to public app stores. Individuals should remain extra cautious during this time if they're downloading or logging onto banking apps.
5. Knoxville Shuts Down Part of its Network After Being Hit by Ransomware by Dan Goodin
The city of Knoxville, Tennessee was hit by a ransomware attack overnight on Thursday and was forced to shut down large portions of its computer network the following day. Members of the Knoxville Fire Department first noticed the attack around 4:30 a.m. on Thursday, and David Brace, Knoxville Chief Operations Officer, sent employees a notification of the breach shortly after that. The city followed recommended protocols and began shutting down servers, their internet connections and all PCs. Fortunately, the fire and police departments were able to continue operating as usual. In his email, Brace said that city servers were hit but no backup servers were affected so much of the city’s workflows could be rerouted through them. City IT officials believe the threat has been isolated and that no financial or personally identifiable information was compromised but the investigation is still ongoing. Knoxville joins a growing list of municipalities that have been targeted by ransomware. It's the 51st U.S. state or municipal entity to be affected by such an attack this year.