Issue 58 - Week of Mar 27th

1.       Mattel nearly loses $3M to a classic phishing scam: A finance executive with the maker of children’s toys - Mattel, fell victim to a phishing scam and wired a cool $3 million to Chinese hackers. The phishing email was unremarkable and came directly from their new CEO, or so the executive thought. She was wrong. She wired the money and within few hours during a discussion with CEO she realized the scam. Luckily the transfer took place on a bank holiday, with cooperation from Chinese authorities, Mattel was able to reclaim the wired cash, before the hackers could have claimed it on the next working day. Other recent Phishing attacks have targeted W-2 data.

2.       MedStar Hospital forced to turn patients away after virus attack: Last week the hospital was hit by ransomware, the hospital responded quickly by taking the infected IT systems offline to avoid further corrupting its network infrastructure. The Baltimore Sun reported a ransom of $18,500 was sought. MedStar declined to comment. FBI is currently investigating the incident. Recently, a Cancer Hospital reported a breach while a hospital in Germany was held to ransom by cyber-attackers but they did not pay-up and a LA Hospital that went thru a similar attack paid $17k.

3.       Magento becomes fresh target for KimcilWare ransomware: Magento is an e-commerce platform - that is used by over 200,000 companies worldwide. A strain of ransomware called KimcilWare is being used in campaigns against Magento websites. The malware is installed via a script which encrypts all data and can be spotted through the .kimcilware extension, which is added to all locked files. A new index.html file displays a ransom note, alongside a readme file, which demands a ransom of $140 to unlock the e-commerce store. There is no cure for the Infection and Infected users should consider reverting to backups to wipe clean the infection.

4.       New ransomware encrypts the whole hard drive: While most ransomware focuses on infecting systems in order to lock files, a new breed called Petya goes further – by completely removing access to hard drives and operating systems. Phishing emails are being sent to targeted firms (mostly HR departments) containing Dropbox links to applications which install Petya on systems. Once installed Petya forces a reboot and loads the Malicious code, which under the guise of system tool check disk (CHKDSK) -runs a 'scan'. As this fake scan proceeds, Petya is encrypting the Master File Table on the drive. The ransom price is 0.9 BTC ($370). Regular backup and good web security solutions are a must to combat Ransomware.

5.       Apple v/s FBI: Last week, the FBI announced that the third party had helped it unlock the iPhone, and the Department of Justice dropped the case. Apple got some kudos from consumers for standing its ground against the government. Apple is expected to tighten security even more with its next iPhone software, likely to be announced in June and available in September.

6.       Bangladesh Heist update: Last week - a Chinese casino junket operator returned $4.63 million of the $81 million that hackers stole from the Bangladesh central bank's account in the US Federal Reserve Bank and laundered in Manila's casinos. Earlier, $20 million transfer was rejected by a receiving bank in Sri Lanka because the beneficiary's name was misspelled.

7.       Prepare to be hacked if you don't use a password for VNC: By choosing to use no authentication to secure VNC connection, users are sending out a 'please hack me' invitation. A hacker created a script that cycles through internet IP addresses and tries to connect to unsecured servers through a web-based VNC viewer. If the script finds an available connection without any authentication, it will connect and grab a screenshot, otherwise the script will kill the session and move to a different IP address. The hacker now has about 23GB of screenshots and some of them have been posted to VNC Roulette. Some of the Images are mundane like people browsing Facebook, doing their online banking, reading email, shopping etc., while other images feature SCADA systems and sensitive data.

8.       Security flaw in Apple lets malicious apps in: Despite new security features in iOS 9, businesses still need to be alert to employees being duped into installing malicious configuration profiles on their iPhones. Apple offers enterprise certificates to allow businesses to distribute apps outside the App Store and it allows any app installed by the MDM to be trusted. MDM is third party to Apple and vulnerable to a man-in-the-middle attack. Researchers have shown how an attacker can hijack and imitate MDM commands that iOS trusts, including the ability to install enterprise apps over the air.

9.       6 Charged for hacking lottery terminals to produce more winning tickets: Police have arrested and charged six people with crimes linked to hacking Connecticut state lottery terminals in order to produce more winning tickets than usual. Prosecutors say all the six suspects are either owners or employees of retail stores that produced a much higher number of winning tickets than the state average. The hack appears to have exploited some software weaknesses in lottery terminals that not only caused ticket requests to be delayed but also allowed operators to know ahead of time whether a given request would produce a winning ticket.

10.   Tech companies play April Fool's Day pranks: On April 1st every year - Internet gets its funny bone and is filled with viral pranks from tech companies, this year Google, Samsung, Kayak all had their pranks. One of Google's prank "Introducing the self-driving bicycle in the Netherlands" was well received. Google said the self-driving bicycle would enable safe navigation through the city for Amsterdam residents, and it furthers Google’s ambition to improve urban mobility with technology.