This week we discuss the Locky/FakeGlobe ransomware campaign, the moral quandary facing cyber criminals, and the worst celebrities to search for online – from a security point of view, that is
Hello and welcome to the IT Governance podcast for Friday, 22 September 2017. Here are this week’s stories.
Ransomware is a constantly evolving and pervasive threat – and, as we saw earlier in the year with the spread of WannaCry and NotPetya, capable of causing widespread damage and disruption with the minimum of effort. By way of illustration, only this week, FedEx Corp said that the NotPetya outbreak at its TNT division in June had cost it at least $300 million.
Now, Trend Micro has identified a new phishing campaign that takes the unusual step of distributing two different ransomware payloads – a new variant of Locky and the ransomware FakeGlobe – in rotation.
Hundreds of thousands of phishing emails, purporting to be invoices, have been sent to potential victims in more than 70 countries. The emails have a link and an attachment, both of which lead to ransomware being downloaded onto victims’ machines via malicious scripts.
According to Trend Micro, “the spam email might deliver Locky one hour, and then FakeGlobe the next. This makes re-infection a distinct possibility, as victims infected with one ransomware are still vulnerable to the next one in the rotation”. This could result in victims having to pay twice or, worse, losing their data permanently – through a single mistake.
Still, it seems that using – or not using – ransomware is a moral issue for some cyber criminals. According to a blog published jointly by Flashpoint and Anomali this week, there was a noticeable shift in attitude towards ransomware on some deep and dark web forums from 2014 to 2016 – particularly after a ransomware incident at Hollywood Presbyterian Medical Center in Los Angeles in February 2016.
According to the blog: “news of the attack against Hollywood Presbyterian was coldly received by Eastern European cybercriminals, many of whom regarded the incident as reckless and unacceptable. While some in the community supported the attack, the majority condemned the unknown assailants, which created an ethical divide in the underground”.
One forum user said: “from the bottom of my heart, I sincerely wish that the mothers of all ransomware distributors end up in the hospital, and that the computer responsible for the resuscitation machine gets infected with [the ransomware]…”
The WannaCry outbreak this May provoked further discussion, with some users suggesting that ransomware operators should be banned from the forum altogether. One said: “we are digging our own grave. Of course, banning this work on the forum doesn’t stop this type of business, but as a minimum we can use community disapproval to make it more difficult to enter into it” – an opinion that 48.5% of responses supported.
Finally, McAfee has released its 11th annual Most Dangerous Celebrities Study, which “reveals which celebrities generate the most ‘dangerous’ search results, and create the biggest risk for users browsing the web”. So, which celeb search is most likely to yield malicious websites in the results? This year’s top ten are… Avril Lavigne, Bruno Mars, Carly Rae Jepsen, Zayn Malik, Celine Dion, Calvin Harris, Justin Bieber, Diddy, Katy Perry and Beyoncé.
Gary Davis, chief consumer security evangelist at McAfee, said: “Consumers often prioritize their convenience over security by engaging in risky behavior like clicking on suspicious links that promise the latest content from celebrities. It’s imperative that they slow down and consider the risks associated with searching for downloadable content. Thinking before clicking goes a long way to stay safe online.”
I don’t know about you, but the only time I’ve searched for some of those names was about ten minutes ago to find out who on earth they were.
Well, that’s it for this week. Until next time you can keep up with the latest information security news on our blog.
Whatever your information security needs – whether regulatory compliance, stakeholder reassurance or just greater business efficiency – IT Governance can help your organisation to protect, comply and thrive. Visit our website for more information: itgovernance.co.uk.