Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
They say imitation is the sincerest form of flattery. Take the case of CrypMIC—detected by Trend Micro as RANSOM_CRYPMIC—a new ransomware family that mimics CryptXXX in terms of entry point, ransom notes and payment site UIs. CrypMIC’s perpetrators are possibly looking for a quick buck owing to the recent success of CryptXXX.
As cloud services become increasingly adopted by end users, cybercriminals are equally finding ways to abuse them, using them as vectors to host and deliver malware. Conversely, by targeting cloud-based productivity platforms utilized by many enterprises, the malefactors are hoping to victimize users who handle sensitive corporate data.
Steemit, a new social media website that has grown tremendously since its launch two months ago has seen its token cryptocurrency Steem’s value explode over the past week. Understandably, Steemit is getting plenty of attention for the way it incentivizes users who post and vote on its platform. Malicious hackers have taken notice too, with the platform the subject of a cyberattack recently (UCT).
A hacking group going by the name of PoodleCorp has claimed responsibility for a massive DDoS attack which brought down Pokémon Go servers impacting US and European users on Saturday. Users took to social media to complain of being unable to access the game. PoodleCorp took to Twitter claiming responsibility, while also promising a larger scale attack in the near future.
The website of the Library of Congress has been the target of a denial-of-service attack since this weekend, Federal Computer Week reported. DoS attacks, as they are commonly known, often involve disrupting regular website operations, rendering them slow or unavailable to users. Days after the attack began, the website is still displaying a notice warning users that it is still “experiencing technical difficulties.”
Turkey has banned access to the WikiLeaks website, the group announced Wednesday, after the release of a trove of documents purportedly related to the country’s power structure. The documents, which were published Tuesday, contain information from Turkish President Recep Tayyip Erdogan’s ruling AKP party, according to Wikileaks.
The computers and smartphones you’re reading this on are driven by mining. The coal that fires many of the power plants that give you the electricity your smartphone (with the bad battery life) needs comes from mining. Far from being an industry of the past, mining is a keystone industry of today and of the future. It’s just that we don’t realize it’s still there.
If you’re reading this posting, odds are that you or someone you know is the victim of a ransomware attack. We’ve said that we at Trend Micro are here to help you and this post is meant to tell you exactly what we think you should do if you’re looking at a ransomware screen. Most importantly, here’s what you shouldn’t do: pay the ransom.
In an era when costly cyberattacks and data breaches are becoming more common, 401(k) plan advisers are beginning to scrutinize data-security practices at record-keeping firms. According to Sean Deviney, head of the retirement plan department at Provenance Wealth Advisors, “As everything becomes more paperless, and sponsors outsource more of the plan services to the, we’re certainly looking closer at that.”
This entry is the second part of a four-part blog series discussing the different techniques ransomware uses to affect users and organizations. These techniques show that the best way to mitigate the risks brought about by this threat is to implement multiple layers of protection in different aspects of an enterprise network.
A federal judge sentenced the former scouting director of the St. Louis Cardinals to nearly four years in prison Monday for hacking the Houston Astros‘ player-personnel database and email system in an unusual case of high-tech cheating involving two Major League Baseball clubs. Christopher Correa had pleaded guilty in January to five counts of unauthorized access of a protected computer from 2013 to at least 2014.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.