Erich’s “What in the (cyber security) world is going on?” 12-29-16 edition

2016 Isn’t done with us yet

Screw 2016. That’s kind of what I’m feeling. I’m about tired of people passing away this year. The latest celebs are George Michael, Carrie Fisher, Richard Adams and Debbie Reynolds were all lost this week. Even closer to home is the wife of a person I have a lot of respect for, Jack Daniel, who lost his wife of 37 years on Tuesday. I cannot begin to imagine the pain and sadness the close friends and family of all of these people are feeling. I am praying for their peace as they go through these tough times.

I’m going to do something a little crazy

I’m going to run for a spot on the (ISC)2 Board of Directors in 2017. I worked for them for a couple of years as an advocate for the membership, among other things, and I still feel strongly about trying to help folks that carry the CISSP and other (ISC)2 certs so I’m going to make a run at it. I will need 500 emailed petitions be on the election slate. If you are an (ISC)2 member, please check out this link and help me out. It only takes a minute. Thanks

Disk-Killer Malware Adds Ransomware Feature And Charges 220 Bitcoins

Ouch! Your machine is infected by an email attachment. Now it encrypts the snot out of it, and exfiltrates data. I made a call earlier that I expected to see this sort of behavior, but I didn’t expect this kind of price tag. The back story is fascinating as it has evolved from ICS and SCADA attacks. This is worth reading.

 

Makes my neck hurt looking at it

Android ransomware hits a Smart TV

So, this poor souls family got hit with ransomware on their TV and are not happy about it. It seems LG won’t give him the process for a factory reset, and there is some talk about a charge for support. It’s an old set, still running Android, and it would almost certainly need to be sideloaded or rooted to install a 3rd party .apk. I’m not sure what I think about this as they say, “they downloaded an app to watch a movie. Halfway thru movie, tv froze. Now boots to this”. Now, call me crazy, but I have to wonder if the app was something called “Codec.apk” or something similar, and perhaps if the movie they were watching was um… not from trusted channels. Fact is kids, if you DL pirated movies, you might just be opening yourself up to something like this. Not sure if LG has a way for a user to fix this if it really encrypted the file system. Factory reset doesn’t help if the source is encrypted. Just sayin. I do wish there was more info out there, but I think we have heard the last of this.

New iTunes Phishing Emails on the Rise

Watch out for iTunes invoices bearing… attachments or links. If you get an email saying you paid $45 for the Netflix app or $25 for a song (not even a Kanye song is worth that!), don’t click the link. Instead, go directly to iTunes (no really, this link is legit, I promise!) and check your account from there.

How does she have that many followers and I only have about 150?

A Britney Spears Twitter account was hacked

It was an account controlled by her record label and has about 614,000 followers. Since the hackers did this at about 5:00am Eastern Time, nobody seemed to notice. I’m guessing most of the people that still listen to here were still sleeping off a bender at that time of day. Since all of the hacked tweets were gone by 9am, it practically didn’t happen.

Bitcoin hit over $930

That’s a lot for a unicorn/vapor cyber currency. Maybe I’m just old, but I’m not even sure how I feel about this, but I’m done talking about this imaginary money.


Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army 2nd Regional Cyber Center-Western Hemisphere.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.