Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
In a span of one to two weeks, three new open source ransomware strains have emerged, which are based on Hidden Tear and EDA2. These new ransomware families specifically look for files related to web servers and databases, which could suggest that they are targeting businesses. Both Hidden Tear and EDA2 are considered as the first open source ransomware created for educational purposes.
Three and a half years ago, The New York Times announced that their network had been breached in a targeted attack. Today, CNN is reporting another breach of The New York Times, among other press outlets. CNN’s report says that investigators are attributing these attacks to Russian sources, possibly in conjunction with the recent attacks against the Democratic National Committee (DNC).
In his predictions for 2016, our Chief Technology Officer (CTO), Raimund Genes, said that 2016 would be the year for online extortion. Today, with the release of our security roundup for the first half of 2016, we can say that Raimund’s prediction has been on the mark. In the first half of 2016, the ransomware threat has marked an unprecedented surge in the prevalence and success of online extortion.
Emails have become the battleground for the first half of the year in terms of security. It is the number one infection vector that have ushered in 2016’s biggest threats so far—ransomware and business email compromise (BEC). Ransomware infections normally start via email. Based on our findings, 71% of the known ransomware families’ delivery method is through spam.
This past July, we published a blog post on a new illegal gambling system known as “French Dark Bets (FDB).” FDB is run and hosted by one of the biggest French underground marketplace, the French Dark Net (FDN). This betting system runs entirely on Bitcoins (BTC), which makes it easy for cybercriminals to inject and collect money through this platform.
Since Direct Recording Electronic voting machines first came into vogue in the U.S. in 2002, a team of cyber-academics (known as the Princeton Group) has been busy demonstrating how easy it is to hack these machines, to remind American citizens just how cyber-vulnerable the voting process is. From their first successful hack into a DRE 15 years ago, they surmised that it was just a matter of time.
China is taking a more inclusive tack in imposing cybersecurity standards on foreign technology companies, allowing them to join a key government committee in an effort to ease foreign concerns over planned domestically-set controls. The committee under the government’s powerful cyberspace administration is in charge of defining cybersecurity standards.
Singapore is working on how to implement a policy to cut off web access for public servants as a defense against potential cyberattack – a move closely watched by critics who say it marks a retreat for a technologically advanced city-state that has trademarked the term “smart nation.”
Three illuminated road signs were hacked overnight, city officials said, and warnings about road work changed to mild obscenities. Portland spokeswoman Jessica Grondin said the message boards on Brighton Avenue and Frost and Capisic streets, alerting drivers to road construction near Capisic Pond, were accessed sometime early Wednesday morning.
A 4th grader’s project on cyber security proves people will click on anything. With a little help from his dad, who works in cyber security, Evan programmed his own mobile WiFi hot spot to see how many people would click on his terms and conditions. In August, before starting fifth grade, Evan Robertson was invited to speak at DEF CON in Las Vegas, one of the largest hacking conferences in the world.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.