Friday Five: 7/12 Edition
Android malware, peeling back the layers on the GandCrab malware, and a recruiting website leak - catch up on the week's news with this week's Friday Five!
1. Agent Smith mobile malware hits millions of devices by Warwick Ashford
A relatively new strain of Android malware, Agent Smith, has infected about 25 million devices in multiple countries. Infected devices were mostly in India and other Asian countries, but also the US and UK. The malware, appeared as a Google-related application and automatically replaced legitimate apps already installed on people’s devices with malicious apps, without the users even realizing. Agent Smith posts fraudulent ads on apps to earn money but security researchers are warning users that the malware could easily be used for more nefarious reasons, including banking credential theft and eavesdropping. Researchers are urging users to uninstall any apps that appear malicious and to only download apps from trustworthy app stores.
2. Android App Publishers Won't Take 'No' for an Answer on Personal Data by Curtis Franklin Jr.
With the smartphone market having grown so quickly, OS manufacturers are concerned that apps are being developed to remain competitive, rather than focusing on data privacy. At the Federal Trade Commission’s PrivacyCon 2019 last month security researchers shared that almost 1,325 Android apps were collecting personal data despite users not granting them permission. Android apps use a variety of techniques to gather private data. For instance, photography apps can take GPS information from photos, even if users have denied apps the ability to access their location. Google stated that it plans to fix these data privacy issues when it releases the Android Q in October of this year.
3. NHS still a sitting duck for cyber-criminals by Chandu Gopalakrishnan
The healthcare industry is notorious for massive data breaches, and the UK’s National Health Service is no exception. In recent years the service has suffered attacks that cost as much as $115 million. Despite the attacks, the NHS still has some work to do to better defend itself. Experts say that initiatives need to be put into place to protect patient data. Javvad Malik, security advocate at KnowBe4 told SC Magazine UK: “Fixing such a large infrastructure is no easy task and it's not an issue that can be resolved simply by throwing money at the problem.” He continues to say that the cybersecurity, or lack-thereof, within the NHS is a cultural issue that has to be solved through continued training and dedication to the safety of client information. By taking these key pieces of advice and investing in the right resources and people, the NHS and other healthcare institutions can detect potential attacks before it is too late.
4. Who’s Behind the GandCrab Ransomware? by Brian Krebs
As we've previously shared here, GandCrab, the most popular ransomware service for cybercriminals last year,has been terminated by the founders following alleged earnings of over $2 billion in ransom payments. The malware was so successful because of the dedication of the authors, who constantly updated the code in order to avoid antivirus and security defenses. The criminals left a note after their retirement in which they bragged, saying “We are a living proof that you can do evil and get off scot-free.” Following the attackers' self-imposed retirement, KrebsOnSecurity's Brian Krebs ran his own investigation with the help of cyber intelligence firms Intel471, Hold Security, and 4IQ into who the culprit could be. They quickly discovered that neither Russia nor any nations previously part of the Soviet Union were struck by GandCrab, hinting that the founder may be based in Russia, and looking to avoid getting in trouble with local law enforcement. The investigation is still underway with signs pointing to an online profile under the name of Igor Vladimirovich Prokopenko, from Magnitogorsk, Russia, as the potential creator.
5. 160,000 resumes on Chinese recruitment site Zhilian allegedly exposed and leaked by Cyrus Lee
Zhilian Zhaopin, a top job recruiting website in China, recently had over 160,000 clients’ personal data exposed after an internal leak in June, 2018. The stolen information, which consisted of personal resumes, was sold for 5 yen (70 US cents) each on the e-commerce site Taobao. Two staff members at Zhilian’s Shanghai bureau were arrested two months later after it was revealed that they had given corporate passwords and certification to a hacker with the last name “Zheng”. After being given access, Zheng obtained all of the data necessary linked to personal accounts and illegally sold it for a huge profit. Since the data breach last year, Zhilian has reformed its security regulations to better educate employees on the dangers of external and internal threats. Zhilian isn't the only job search site to have been compromised; 590 million resumes have been stolen from job searching sites and companies since the beginning of 2019.