The following is this week’s sample of ThreatScape® Media Highlights – an email roundup of security headlines augmented by insights and analysis from iSIGHT Partners. Our cyber threat intelligence clients receive this update daily.
Wednesday, 28 October 2015
FBI RECOMMENDS THAT VICTIMS OF RANSOMWARE PAY UP
FROM THE MEDIA
The FBI is advising organizations that fall victim to mainstream ransomware to pay the ransom. The FBI advised that Cryptolocker, Cryptowall and others similar prominent ransomware possess strong encryption that is typically impossible for the FBI to defeat. The FBI did note that the continued success of these ransomware variants has lowered ransom amounts. Due to the high level of individuals willing to pay the ransoms, malware developers are said to be less likely to charge extreme amounts.
Read the Story: SC Magazine
iSIGHT PARTNERS ANALYST COMMENT
In cases where critical information is only being stored on a single device, it can make sense to pay a ransom. Properly implemented, robust encryption is infeasible to defeat. This is why redundancy in the storage of critical information is imperative. If backups are maintained, machines can simply be reimaged rather than spending potentially significant resources in attempted to defeat the encryption. Thus, while paying a ransom might be the only feasible way to recover critical information, an enterprise with appropriate backup policies should not need to pay a ransom, and thus encourage additional ransomware operations.
RELATED iSIGHT PARTNERS REPORTS
15-00007094 (Overview of Ransomware History and Current Trends), 27 July 2015
15-00010740 (ORX-Locker: Ransomware-as-a-Service Offerings Uniquely Poised to Capitalize on Underground Marketplace Economy), 14 Oct. 2015
15-00010242 (Notable Developments in Cyber Crime Tools During August 2015), 5 Oct. 2015
BOY, 15, ARRESTED IN NORTHERN IRELAND OVER TALKTALK CYBER ATTACK
FROM THE MEDIA
Law enforcement officials in Northern Ireland have arrested a 15-year-old boy in connection with the recent cyber attack on TalkTalk. The boy was arrested on suspicion of offences under the Computer Misuse Act. TalkTalk is a phone and broadband provider that fell victim to a massive cyber attack and compromise of customer data.
Read the Story: The Guardian
iSIGHT PARTNERS ANALYST COMMENT
It is possible that further releases of TalkTalk data are forthcoming despite the arrest of a boy allegedly connected to the incident. On Oct. 25, 2015, an actor using the pseudonym “J1N-1337” posted a message entitled “Message from TalkTalk Hackers 2” to a popular paste site. The message threatened to release the “Full MySQL Database” in 48 hours if TalkTalk did not allow its customers to “Leave Free.” TalkTalk has said that for customers who wish to end their contracts, it will only waive termination fees for those customers who have had money stolen from them. There is limited evidence to suggest that original message posted by “Muhammed Rises” on Oct. 22, 2015 and the message posted by “J1N-1337” on Oct. 25, 2015 are connected.
RELATED iSIGHT PARTNERS REPORTS
15-00011860 (TalkTalk Suffers Data Breach; Alleged Attackers Claim Islamist Extremist Motivation), 23 Oct. 2015
15-00005504 (Following Russian Use of ISIS as False Front for Cyber Attacks, Similar State-Sponsored and Institutionalized Hacktivism Likely), 22 June 2015
AUSTRALIA DROPS DOWN CYBER SECURITY RANKINGS
FROM THE MEDIA
Australia has fallen behind Japan, South Korea and Singapore in a list of the top twenty nations ranked by cyber maturity. In 2014, Australia sat in third place just below the US and the UK. The findings were released in an annual Australian Strategic Policy Institute (ASPI) report. The ASPI found that Australia has a limited, clear national policy for cyber development.
Read the Story: IT News
iSIGHT PARTNERS ANALYST COMMENT
We expect Australia will rise in these rankings following the reportedly upcoming release of an updated national cyber security policy. We continue to see widespread targeting of Australian and Asia-Pacific interests, so the release of a national policy may provide valuable resources, such as baseline standards and best practices for responding to cyber incidents, to targeted organizations, especially organizations with relatively small security teams and budgets.
RELATED iSIGHT PARTNERS REPORTS
15-00011548 (APEC Economic Leaders’ Summit Used in JJDoor Operations), 26 Oct. 2015
15-00011386 (Vendor of ‘Mazar’ Android Malware Lists Available Injects Targeting Banks in Europe and Australia), 20 Oct. 2015
15-00010262 (Cyber Crime Group Observed Cashing out Compromised Bank Accounts in Poland, Australia and Italy), 6 Oct. 2015
WHATSAPP COLLECTS USERS PHONE NUMBERS AND CALL DURATIONs
FROM THE MEDIA
Researchers with the University of New Haven’s Cyber Forensics Research and Education Group discovered that the WhatsApp voice calling feature collected phone call details. After a forensic investigation of the app, the researchers discovered that the app collected caller’s phone numbers and phone call durations.
Read the Story: Tech Worm
iSIGHT PARTNERS ANALYST COMMENT
Collection of users’ metadata without their consent may undermine user privacy, as call metadata can be used to identify individuals and their relationships to the individuals they call. We have noted adversary targeting of WhatsApp users, but we expect any adversary interest in the collection of metadata will be limited to state-affiliated actors due to the limited use of metadata for criminal schemes.
RELATED iSIGHT PARTNERS REPORTS
15-00008842 (India Shutdown of Gujarat Mobile Internet Services Backed by Legislation), 27 Aug. 2015
Intel-1258201 (Mobile Malware Leveraged Against Hong Kong Pro-Democracy Protesters), 8 Oct. 2014
Intel-1007372 (WhatsApp Conversation-Stealing Application Demonstrates Further WhatsApp Insecurity), 12 Dec. 2013
The post ThreatScape Media Highlights Update – Week Of October 28th appeared first on iSIGHT Partners.
