Friday Five: 9/1 Edition
It's Friday! Catch up on the latest infosec news with our weekly roundup.
A new Locky campaign hit this week. Over 23 million emails containing this strain of ransomware were sent over the course of 24 hours. The ransomware’s latest variant Lukitus was hidden in a ZIP file and when clicked would download and encrypt all files. Security researchers have yet to crack the new variant and provide free decryption tools so it’s key that users follow best practice to back up their data and not pay the ransom. This is one of the largest malware campaigns in this second half of 2017 and continues Locky’s reign as one of the most successful ransomware families.
A phishing attack hit MacEwan University in Edmonton, Alberta, resulting in a loss of $11.8 million (CAD). A series of fraudulent emails hit university staff and prompted them to change vendor banking information. Unfortunately the controls around the process of these changes were inadequate and the money was transferred to alternate accounts traced to Canada and Hong Kong. This was discovered only after the real vendor notified them of non-payment. The banks involved with the e-transfers were notified and were able to freeze the funds while the university works with its legal team to recover the money.
A massive spambot weaponized 711 million email and server accounts to distribute phishing emails containing the Ursnif malware, which targets Windows computers. Dubbed Onliner, the spambot collected stolen email and server credentials from previous data breaches, including the giant LinkedIn breach, to circumvent spam filters. 80 million email servers were compromised to send the phishing emails to over 630 million email accounts. This spambot's phishing campaign shows how breached data can be used over and over again even for years and emphasizes the importance of consistently changing passwords especially when notified of a breach.
The Food and Drug Administration (FDA) has recalled 465,000 pacemakers over fears that security vulnerabilities leave patients at risk. The flaws in the pacemaker, which uses electrical pulses to simulate heartbeats, could allow hackers to change a person’s heartbeat or run the batteries out of juice. The recall affects six types of pacemakers manufactured by Abbott but does not require patients to have their pacemakers removed and replaced. Fortunately, they just need to be given quick firmware updates through their healthcare providers.
An Instagram security bug that was stealing celebrities’ personal data was discovered. It appeared to be limited but a database of 10,000 credentials was published Thursday night. The sender of the database said that the 10,000 was just a small chunk of the 6 million users whose data he possessed. He is selling the data on a searchable website for $10 a search. The sample records contain usernames, phone numbers and emails. Though Instagram has yet to confirm the validity of the sample, Troy Hunt of Have I Been Pwned conducted an analysis of the data and concludes that there is “every indication that it’s legitimate”.