Erich’s “What in the (cyber security) world is going on?” 03-02-17 edition

OK, this is a VERY packed edition of the weekly wrap up of security stuff.

Amazon S3 went down for a while

There was a collective cry of pain and the echoing sound of SLAs being violated when Amazon’s S3 service went down. To top it off, their dashboard showed that all things were warm and fuzzy for quite some time. The official word was,  that the outage is due to “high error rates with S3 in US-EAST-1,”. By “high error rates”, they meant all hell was breaking loose somewhere. This prompted a lot of fun on the Twitters as folks weren’t so happy about things being up in flames around them. Imagine that.


Cloudpets leaked a bunch of data because they are idiots

 I’m a bit peeved at this since my youngest daughter (and therefore me) has one of these. Luckily we didn’t do much with it, but for those that have, recordings and info was leaked due to poor security. It even seems they were warned about in advance. This really does make sad because the little buggers are adorable and are a great idea for those who travel a lot, or are deployed.


Android Ransomware Wants Victims To Speak The Unlock Code

Lockdroid is throwing out a new twist. What could possibly go wrong here? Think about how often you have been annoyed by trying to get a machine to understand your voice. Imagine that after you have been ransomed. You are really screwed if you are Scottish (language warning)!


Torrent spread macOS ransomware spotted in the wild. Decryption doesn’t work even if you pay

It looks like this Mac ransomware is spreading by posing as a software license crack in torrents. The bad news is, even if you pay, the dev doesn’t have the key to decrypt the files. Another lesson to stay away from illegitimate software.


Spora Ransomware Chat Logs posted

This is an interesting read if you want to see what happens with the Spora ransomware chat help. Looks like no chance to negotiate price, but you can get some time.


Cloudbleed strikes: If You Use Any Of These Sites, Reset Your Password Now

Cloudflare had a memory leak, so if you went to any of the 5 million sites impacted between 09-22-2016 and 2-18-2017, your passwords, private messages, API keys, and other sensitive data may have been leaked. The list of affected sites is here.




American Senior Communities Falls For A W2 Scam. 17,000 Employees Affected

Really Monarch? Twice by the same employee?

The scam happened in mid-January, but they didn’t realize it until employees started having trouble filing returns in mid-February. This is the third Central Indiana employer in less than a month to fall for W2 scams. Monarch Beverage Co. and Scotty’s Brewhouse also fell for it, with the employee at Monarch having done the same thing last year.

Sometimes I just want to shake people until they get it and put training and procedures in place to stop this sort of thing. It’s really not that hard or expensive to implement.

W2 scams are no joke and really mess with the employees. Please be careful when handling this sort of info.


Do You Know What Your Cyber Insurance Really Covers?

This is just a reminder to be aware of what is and isn’t covered by your cyber insurance. I highly recommend that you speak with an agent and do a review of the coverages BEFORE it hits the fan. I recently learned that while notification can be the most expensive part of a breach, it’s often not covered by default in the policy. To add to that, cyber insurance is still in its infancy, so coverage is rarely standardized. Don’t blame the insurance companies for this as it’s a very new type of risk, it’s your job to know, with their help, what you are paying for.

Take for example the P.F. Chang’s breach
. The $1.7 million cost of defense against customer lawsuits were covered, but the roughly $2 million in fees and fines imposed by credit card issuers to pay for notifications to cardholders, reissuance of credit cards, and other costs was not. It really pays to know what coverage you have.


Maine Credit Union Members Victims Of ATM Skimmer

Downeast Federal Credit Union found a skimmer on an ATM after several members called to report fraudulent charges. A skimmer was found on the ATM at the credit union’s Lincolnville Avenue branch. The Belfast Police Department has checked all Downeast FCU ATM machines and found no additional skimmers.



Ransomware recovery time is longer and more expensive than most think

Here are some pretty ugly numbers and a look in to why I am so obsessed with helping people avoid infection. The sad part is, you can protect yourself pretty well with basic “security 101” stuff like  segmenting the network, “least privilege” access, weapons-grade backups and quality awareness training/simulated phishing. You don’t need to burn money to protect yourself.

  • 85 percent of those infected had systems forced offline for at least a week
  • 1/3rd of cases resulted in data being inaccessible for a month or more
  • 15 percent found that their data was completely unrecoverable
  • 63 percent of orgs have no official ransomware policy in place
  • About 50 percent of victims paid more than £3000 ($3700) in ransom
  • SMBs usually paid  between £500 ($621) and £1500 ($1864)


Roxana Police Department is done cleaning up after ransomware attacks

I swear, small town police departments can’t wait to get hit by ransomware. I keep seeing it over and over again. In this case, “the work of sophisticated hackers who seek out vulnerabilities in digital networks, enter computer systems and encrypt important data…” (a.k.a. a piece of malware sent in a phishing email) was inconvenient rather than crippling. Based on the article and the lack of desire to share any info, along with the sensationalizing of the attack above, I’d say they are pretty embarrassed about it.


Madison, WI Requires “Unique Locking Devices” On Gas Pumps Due To Skimmers

I can’t say that I like a lot of government involvement and additional regulations, but I appreciate that they are trying to stop the issue. It’s far too easy for folks to install skimmers and while this doesn’t solve the issue or counter skimmer overlays, it does take a step to help. Locally here in Florida, I have seen attendants at more than one Speedway station checking the pumps daily and putting on tamper seals. I have told them I appreciated the effort.





VISA warns for Flokibot Spear Phishing Infections

So, it looks like a new malware variant identified as “Flokibot” is hitting the Caribbean and LATAM. The malware is focused on point-of-sale (PoS) devices and, like so many other types of malware, is being spread predominantly by phishing email. I will be personally volunteering to go look at this threat, especially in the Caribbean, on behalf of my company. It may take a while to investigate. You know, weeks, maybe months…

Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army 2nd Regional Cyber Center-Western Hemisphere.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.