A New Year a new ransomware strain, Nissan mobile apps exposed and an unusual phishing scam
Welcome to Cyber Security Today. It’s Friday January 8th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
A new ransomware strain has been discovered. It’s been dubbed Babuk by the man who discovered it, a third-year computer science student at Georgia Tech named Chuong Dong. He calls it “pretty standard ransomware,” that, like others, uses multi-threading encryption and takes advantage of Windows Restart Manager. For those who don’t know, Restart Manager enables all but critical applications and services to be shut down and restarted. This ransomware copies and steals corporate data, then scrambles data and deletes backups that are connected to the network. Like other recent ransomware gangs, Babuk threatens to post copied data to the dark web for criminals to buy unless the victim firm pays for decryption keys.
Another one of those oopsy incidents: The source code of mobile apps and internal tools developed by car maker Nissan North America could have been seen by anyone after an employee made a big mistake. According to the ZDNet news service, the staffer was using the open-source Git development platform for working on the apps, but didn’t change the server’s default username and password. Like many platforms, the default for both was the easily-guessed word “admin.” Many developers use the Git platform and its tools while developing apps. That’s OK, but they’ve got to change the default password on the instances they start.
Cybercriminals often tie their phishing campaigns to whatever’s hot in the news. They usually do it by changing the both the email subject line and the title of a malicious attachment, but keeping much of the message in the text of the email the same. One group, however, got lazy. Recently distributing email messages with the subject line “Good Loan Offer,” they didn’t bother changing the name of the attachment, which was “Trump Sex Scandal.” Or maybe it was deliberate.
The discovery was made by security firm Trustwave. The text of the message is consistent with a supposedly lucrative investment loan offer. If the unsolicited offer for an investment isn’t enough to raise suspicions, the attachment with a name that has nothing to do with a loan should have most recipients hitting the delete button fast. If they click on the supposed Trump video, as part of the scam a warning pops up telling the victim that remote access software is about to be installed. You can’t fault these hackers for honesty. People foolish enough to click on the “OK, I know what I am doing” button to go ahead with the download deserve what they get.
Finally, IT administrators whose organizations use Fortinet’s FortiWeb web application firewall need to install the latest security patches. Vulnerabilities could be used to access their networks and to launch denial of service attacks on unwitting victims.
That’s it for this morning. This afternoon you can download the Week In Review edition, where I’ll recap top stories and have a discussion about the latest ransomware trend with Dinah Davis, vice-president of research and development at Arctic Wolf.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.