Weekly podcast: CryptXXX evolution, PerezHilton, Kiddicare, and Bangladesh bank investigation

This week, we discuss the evolution of the CryptXXX malware, two malvertising attacks at PerezHilton.com, a data breach at Kiddicare, and evidence that the criminals who stole $81 million from Bangladesh’s central bank had company…

Watch the video version of the podcast on Youtube.


Hello and welcome to the IT Governance podcast for Friday, 13th May. Here are this week’s stories…

We’ve given quite a bit of attention to ransomware over the last few months as various infections have spread via phishing emails and cyber attacks, encrypting unsuspecting users’ files until they cough up a fee for the decryption key – usually payable in Bitcoin. (And no, before you ask, we’re not going to go into the whole is-Craig-Wright-Satoshi-Nakamoto-or-isn’t-he question.) A new strain, CryptXXX, was first detected last month but within a relatively short time, researchers at Kaspersky Lab found a flaw in the ransomware, enabling victims to use a tool to decrypt their files for free. Hurrah.

Now, however, researchers at Proofpoint report that CryptXXX – or however you pronounce it – has been updated. Boo. “CryptXXX is being actively maintained,” Proofpoint says. “The ransomware is now locking the screen and making the infected computer unusable.” Seems like this particular game of Whac-a-Mole is going to keep running. Careful what you click, back up regularly, and make sure your security defences are up to date.

One site found to be spreading CryptXXX – perhaps Crypt-triple-x? I don’t know – was gossip blog PerezHilton.com, which boasts half a million visitors a day. This week, Cyphort Labs reported that PerezHilton was recently hit by two malvertising attacks in less than a week: on 30 April this year the site was redirecting users to the Angler exploit kit, which drops Bedep malware, infecting the victim’s machine with CryptXXX. And on 6 May, PerezHilton was infected again, this time redirecting to a different exploit kit. I should stress that PerezHilton isn’t to blame, here: malvertising infects trusted sites via third-party advertising content. So, whether or not you like celebrity tittle-tattle, you could easily fall victim: indeed, in March, a campaign related to the Angler EK affected several major websites – including msn.com, nytimes.com, bbc.com, aol.com and newsweek.com – by utilising an expired domain that until recently belonged to a legitimate advertising company.

Kiddicare, the British retailer of baby paraphernalia (and if you’ve got children you’ll know the frankly astonishing amount of stuff that that term covers), has suffered a data breach, after a test site populated with real customer information was compromised. Customers’ names, email and home addresses, and phone numbers were affected. No banking information was involved. The test site has since been deleted, and passwords have been reset as a precaution.

Although no sensitive information (such as age, disability, ethnicity and so on) was exposed, affected customers are now at an increased risk of phishing attacks. In a phishing attack, miscreants, rogues and other assorted ne’er-do-wells try to gain your trust by pretending to be legitimate entities, often exploiting stolen personal information to make themselves seem more plausible. If you receive an email or a phone call purporting to be from Kiddicare and asking for financial information, disclose nothing.

And finally, you may remember that last month we discussed an online heist that cost Bangladesh’s central bank $81 million. (This would have been more, but for the cyber criminals’ poor spelling.) Police blamed the bank’s lack of firewalls and the use of second-hand routers at the time. Now, it emerges that the attackers were not alone – Bloomberg reports that FireEye investigators have found that three hacker groups, “including two nation states” (reportedly Pakistan and North Korea), were “inside the bank’s network”. Further information will undoubtedly emerge in the coming weeks, but for now, “the ultimate destination of tens of millions of dollars remains unknown.”

Well, that’s it for this week. I’m not here next week, but my colleague Lewis will be. Until then, remember that you can keep up to date with the latest information security news on our blog. And whatever your cyber security needs – whether regulatory compliance, stakeholder reassurance or just greater business efficiency – IT Governance can help your organisation to protect, comply and thrive. Visit our website for more information: itgovernance.co.uk.