Friday Five: 7/10 Edition
Lebron James' legal files put up for auction, US Secret Service warns of increase in MSP hacks, and Android Apps stealing user data - catch up on all the week's news with the Friday Five.
1. Lebron James Among the 1st Stars to Have Their Stolen Law Firm Files Put up for Auction by Bradley Barth
Back in May, the Sodinokibi/REvil ransomware gang was extorting the celebrity law firm Grubman Shire Meiselas & Sacks (GSMS) for a $42M ransom demand. After the law firm failed to fulfill the request, the group doubled the ransom demand, released data containing Lady Gaga’s legal documents, and threatened to release files related to US President Donald Trump. The extortion attempt is still ongoing, and the gang has now made good on its threat to auction off files as they placed legal documents corresponding to Nicki Minaj, Mariah Carey and Lebron James up for bid on July 1st. The starting price is reportedly set at $600,000 per lot, or bidders can buy all of the stolen documents from all clients for the $42 million ransom demand. Threat experts are not sure if the ransomware gang actually expects to monetize this data or if they are conducting the auction simply to demonstrate that they can cause problems that extend well beyond the initial ransomware attack to future victims.
2. US Secret Service Reports an Increase in Hacked Managed Service Providers (MSPs) by Catalin Cimpanu
The US Secret Service has sent out a warning to the US Private sector and government organizations that alerted them of an increase in hacks of managed service providers (MSPs). MSP services are usually built around a server-client software architecture and can be remotely hosted with the MSP inside a cloud infrastructure or installed on-premise with the client. An attacker can usually gain full control of all software clients if they get access to the server component of an MSP. In their security alert, the Secret Service investigations team reported an increase in incidents where hackers breach MSP solutions and use them as a springboard into the internal networks of the MSP’s customers. The Secret Service officials have also observed threat actors using the hacked MSPs to carry out attacks against point-of-sale systems, to perform business email compromise (BEC) scams, and to deploy ransomware. The alert contained a list of best practices that should be implemented by MSPs and their respective customers.
3. EDP Energy Giant Confirms Ragnar Locker Ransomware Attack by Sergiu Gatlan
EDP Renewables North America (EDPR NA), the energy giant focused on electric power generation and distribution, has suffered a ransomware attack that affected its parent corporation’s systems. The attack was confirmed to be the work of Ragnar Locker ransomware. In a breach notification sent to customers, EDPR NA’s Chief Executive Officer Miguel Angel Prado said the attack occurred on April 13th but did not discover that its computing systems were accessed by unauthorized third parties until May 8th. The company’s parent corporation immediately began investigating the incident and tried to find all individuals potentially affected by the data breach. The evidence gathered so far shows that the attackers were not able to access any personal information. The attackers are reportedly asking EDPR NA for more than $10 million in a ransom demand in return for a decryptor and to stop having over 10 TB of data stolen from the group’s servers leaked to the public.
4. Exposing the Privacy Risks of Home Security Cameras by Help Net Security
IP home security cameras, internet-connected cameras that can be installed in people’s homes and remotely monitored online, are growing in popularity and expected to reach $1.3 billion in the global market by 2023. A recent study shows that the traffic generated by these home security tools could potentially be monitored by attackers and used to predict when a house is occupied or not. Users could be at a higher risk of burglary as even future activity in the house could be predicted based on past traffic generated by the camera. The data that these systems upload could allow attackers to see when the camera was uploading motion, and even distinguish between certain types of motion, such as sitting or running. As these cameras become commonplace in homes worldwide, it is of extreme importance that the risks associated with them become understood in order to minimize potential threats.
5. Over Two Dozen Android Apps Found Stealing User Data by Tyler Omoth
Android users beware: It has recently been discovered that a list of 25 Android apps disguised as games, wallpaper, and other useful programs could be trying to steal your private information. The apps were available for download on the Google Play Store; once a victim downloaded one of them, it would scan the device for other applications. It would specifically look for Facebook, and once a victim opened their Facebook app, the fake app would trigger a lookalike browser window over the login page. The app would capture the requested login credentials as the user put them in, and then would ship the details over to a remote server. Google quickly deleted the 25 offending apps after being notified of them in May, but some of them had been available for purchase for over a year and roughly 2.3 million Android devices had already downloaded them.