This post was originally published here by (ISC)² Management.
Not surprisingly, WannaCry remained top of mind last week. We’re sure you’re doing everything you can to patch your environment and prevent similar ransomware attacks in the future. Here are some WannaCry headlines (and other security news) that caught our eye last week.
WannaCry Rolls On
According to the Dark Reading article WannaCry’s ‘Kill Switch’ May Have Been a Sandbox-Evasion Tool, researchers early last week were looking into the “kill switch” and consensus seemed to be building that it was a poorly constructed VM analysis/sandbox evasion technique.
WIRED went a bit deeper with their assessment The WannaCry Ransomware Hackers Made Some Real Amateur Mistakes. They concluded:
An attack of this magnitude involving so many missteps raises plenty of questions while delivering a sobering reminder: If actual cybercriminal professionals improved on the group’s methods, the results could be even graver.
Want to learn how fast WannaCry can spread? BleepingComputer’s reporting shows has aggressive and fast this ransomware can propagate to vulnerable machines:
During one of those infections, WannaCry infected the honeypot in a mere three minutes after it was reset, showing the aggressive nature of the ransomware’s scanning module, which helps it spread to new victims…Furthermore, three minutes is about the same amount of time IoT malware will infect a vulnerable home router left connected to the Internet without patches.
Security vendor Check Point created an infection map for anyone curious about the latest global distribution of WannaCry here.
House of Mouse Hacked?
Disney has reportedly been targeted by cyber-extortionists who have pirated a copy of the Pirates of the Caribbean: Dead Men Tell No Tales, threatening to release the movie online if a ransom is not paid. Netflix was similarly targeted when a third-party production company was reportedly compromised and leading to episodes of the Orange is the New Black being were leaked online. Infosecurity Magazine reported on it here.
CNBC reported on May 20:
Thus far, Disney has refused to cooperate, raising the possibility that “Pirates” could hit the Internet before its planned release date.
No Jailbroken Phones on Your Network. Are You Sure?
Dark Reading recently covered findings from mobile security vendor Lookout. According to the article:
A jailbroken iPhone or a rooted Android phone that connects to the corporate network is one of the greatest fears of CISOs and other security team members, according to a new study. Their fears are not unfounded. Mobile security firm Lookout Security found five in every 1,000 Android devices in enterprises were rooted, while one in every 1,000 iPhones device was jailbroken.
DocuSign Phishing Campaign
According to Krebs on Security:
DocuSign, a major provider of electronic signature technology, acknowledged today that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems.
Check out Krebs’ write-up to learn more and see a screen shot of a very convincing phishing sample.
560 Million Passwords Now Easier to Get
Reports emerged last week of a giant trove of new stolen passwords has surfaced online. According to CNet:
…while this database is composed largely of passwords from a variety of sources, many of them years old, its newfound accessibility — and conglomeration into a single collection — is cause for concern.