More ransomware gangs now using DDoS attacks, more data thefts and an ADT technician admits spying on women
Welcome to Cyber Security Today. It’s Monday January 25th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
There’s a new ransomware tactic going around: Launching distributed denial of service (DDoS) attacks against websites, then demanding organizations pay up to get decryption keys for scrambled data or the attack will continue. Denial of service attacks are like someone knocking on a door for hours. The door is a website. Too many knocks and the website crashes, and the organization has trouble doing business. Last fall the Bleeping Computer news service said two ransomware gangs started using this strategy. Now, it says, a third gang is doing it.
Organizations used to ignore ransomware attacks by restoring data from backups. Then gangs began stealing data in addition to encrypting it, as extra leverage: Pay for decryption keys to unscramble the data or you’ll be embarrassed by the release of the stolen data. The distributed denial of service attack is a variation of this threat.
Organizations should consider adding denial of service defences to their cybersecurity strategies. Typically these services blunt denial of service attacks by spreading the huge wave of knocks across the Internet.
Separately a security firm called Radware warned last week that other gangs continue to launch denial of service extortion attacks against websites and demand bitcoin to stop. These gangs don’t use ransomware. Their weapon is the denial of service attack alone.
Where do denial of service attacks come from? They come from huge numbers of internet-connected devices like computers that are unknowingly infected and chained together into a botnet that a crook can weaponize. Then the power of thousands or tens of thousands of devices are fired at a web site. Those devices usually get infected because they haven’t got the latest security updates installed, or they haven’t been configured right. Last week a security vendor called Netscout warned that Windows computers that haven’t properly secured their Remote Desktop Protocol capabilities are open to being used for these attacks. Properly configured, Remote Desktop Protocol — known as RDP — safely allows employees and IT administrators remote access to a computer. But Netscout says by its count there are 33,000 improperly configured RDP servers around that are being used for denial of service attacks. Network administrators should take a close look at their Windows servers to make sure they’re not inadvertently helping criminals.
On Friday I told you a threat actor called ShinyHunters had posted for free huge amounts of stolen data from several websites. This person or group has done it again. The ZDNet news service reports a database of millions of users of the Meet Mindful dating site has been posted for free for use by other hackers. The list includes real names, email addresses, Facebook user IDs and, for those foolish enough to list them, birth dates and body details. As the story points out, information stolen from a dating site could be used for sextortion. Some may see a dating site as a place where you have to be honest and enter real details about yourself. That’s a risk you take. As for security, why wasn’t the subscriber list encrypted to protect subscribers from data theft?
And the Bleeping Computer news service reports that ShinyHunters has posted the database of millions of customers of menswear retailer Bonobos to a hacker forum where it can be downloaded for free. The story says someone copied the database from a cloud backup. It includes customers’ addresses, phone numbers and partial credit card numbers. Bonobos is owned by Walmart. Bonobos now requires customers to change their passwords.
More data theft news: A hacker appears to have received $22,000 in Bitcoin after putting up for sale database supposed to be of subscribers to the MyFreeCams.com adult chat and streaming site. According to the CyberNews news service, MyFreeCams has asked users to reset their passwords. However, because the site deals with intimate chats and images users could be open to blackmail if hackers get to content before passwords are changed.
Finally, here’s a creepy story: A Texas man who installed home surveillance cameras for security company ADT has admitted using the system to spy on women for four years. The ADT system allows homeowners to remotely access the video feed so they can check on their residences when they are away. For installation purposes he added his email address to the account so he could log in and confirm the system was working. But ADT policy is that access has to be removed after installation. Instead he kept his access so he could log in at night and watch women. He was caught when several customers spotted an unapproved email address in their app’s configuration panel. He’ll be sentenced later. If you want security cameras inside your house, make sure they don’t point to the bedrooms. And be careful what you wear.
That’s it for today. Links to details about these stories can be found in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at cybersecurity professionals.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.