Data Security News Headlines 20th June 2017

  1. Web Hosting Company Pays $1 Million to Ransomware Hackers

Ransomware attack is emerging in the world from last few years, once you are infected with ransomware ask to pay ransom to get data back. According to the latest report South Korean web hosting provider has agreed to pay $1 million in bitcoins to hackers after a Linux ransomware infected its 153 servers, encrypting 3,400 business websites and their data, hosted on them. According to a blog post published by NAYANA, the web hosting company, this unfortunate event happened on 10th June when ransomware malware hit its hosting servers and attacker demanded 550 bitcoins. The company later agreed to pay 397.6 bitcoins (around $1.01 million) in three installments to get their files decrypted and the company has already paid two installments to the cyber-criminal. According to the report published by hosting servers were running on Linux kernel 2.6.24.2, researchers believe that Erebus Linux ransomware might have used known vulnerabilities, like DIRTY COW; or a local Linux exploits to take over the root access of the system.

Cyber Security Tips:  The Erebus ransomware is mainly targeting Linux systems, to prevent from these ransomware users and administrators are strongly recommended that keep your servers and systems up-to-date, be aware of phishing think before clicking on links, avoid to open spam mails, keep using reputed and updated antivirus software’s and Backup your data regularly.

  1. Database of Over 198 Million U.S. Voters Left Exposed On Unsecured Server

Information of more than 198 Million United States citizens, that’s over 60% of the US population, was exposed.  According to the report, the data analytics firm, employed by the US Republican National Committee (RNC), who “mistakenly” left sensitive personal details of more than 198 million US voters exposed on an unsecured Amazon S3 server. Chris Vickery, a security researcher at UpGuard, who discovered the exposed database said anyone could have downloaded more than a Terabytes of files containing voter’s data without the need for any password from the Amazon S3 server maintained by DRA. The leaked database contains uniquely identified data on each voter, including their first and last name, date of birth, phone number, home and mailing address, party affiliation, voter registration data, and ethnicity, along with a flag should the person appear on the federal Do-Not-Call registry.

Cyber security Tips:  To prevent from such a data leak, keep your data secure with strong authentication, improve the cyber security of your cloud storage, use secure access and data transfer, check encryption of data storage and use cloud-based cyber security product.

  1. Your anti-virus may remove this malware but it will still remain active

Antivirus software’s are used to remove or detect malware. But what happen if your malware removed malware from your system but it remains active? Yes! According to the latest report, McAfee Labs discovered a malware called Pinkslipbot or Qakbot/QBot targeting banking users in the United States. Now, researchers have noticed that since 2016, a new variant of this malware (also known as Pinkslipbot) with its credential stealing and keylogging capabilities has been using millions of computers as its control servers even if its binaries were removed by the anti-virus security software of those devices. The malware not only steals credentials but also downloads other malware by opening a backdoor on an infected computer. The Pinkslipbot uses the infected device as HTTPS-based proxies to the actual control servers and steals over half-million records every day. The malware uses keyloggers, password stealers, and man-in-the-browser attacks to steal personal and financial data including emails, passwords, social security numbers (SSN), credit card numbers, and digital certificates and online account credentials, etc.

Cyber Security Tips: McAfee Labs has released a free utility tool which detects Pinkslipbot control server proxy infections and removes malicious port mappings for the user. Users should refrain from downloading files from unknown emails, do not install third-party apps or software and change the default login and password of their Internet of Things (IoT) devices.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: