Security Roundup - 2017-06-29

Posted on  by , and

The leading news this week is, unfortunately, the latest big ‘ransomware’ outbreak. PetrWrap ransomware attacked computers worldwide using a mix of techniques inherited from WannaCry (leveraging EternalBlue) associated to credentials stealing. The malware started spreading in Ukraine as an “update” of a software called M.E.Doc and soon started to infect computers of the same network using legitimate credentials stolen from the memory of the infected machines. Security professionals indicate that the ‘recovery code’ is just random, and with no communication back to a C&C, meaning that it is likely that any encrypted files are actually not recoverable.

HackerOne has published a “Hacker Powered Security Report”, breaking down insights from more than 50K resolved vulnerabilities across 800 bug bounty programs. Some interesting statistics, including:

  • Some companies spending almost $1M a year on bug bounty payouts.
  • 40% of companies running bug bounty programs are NOT tech companies.
  • The most common vulnerabilities differ by industy, with healthcare having more SQL injections, finance having more authentication based problems, and gaming having higher levels of information disclosure.
  • Resolution rates differ per industry, with eCommerce remediating in an average of 31 days, and Telecom industries being the worst at an average 91 days.

Read the entire report for more facts like pay rates, and insight into the hackers that contribute to these programs.

Joining it is this year’s “Cost of a Data Breach” report by the Ponemon Institute. Some interesting statistics:

  • Reported costs of a breach are down for the first time in several years, by 10%.
  • This does not hold true for the US, where costs continue to climb by 10%.
  • The value of an individual record appears to be decreasing, potentially linked to the vast volume of data that has been leaked in the last year.
  • The probability of a covered organization having a breach increased by 2% YoY.
  • Mean Time To Investigate and Mean Time To Contain are down ~5%.

Be sure to read the entire report for what all goes into the cost of a breach, as well as insights across industries and countries and how costs are calculated.

Apple’s Mac has a long-standing reputation of being malware resistant, but a new report released by McAfee found that the number of malware infections on Mac devices is increasing. Q1 2017 yielded more malware infections on Macs than any other quarter to date. While it appears that the majority of malware affecting Macs is adware, and that more serious threats are still targeting Windows-powered devices, Mac users should remain wary of suspicious links and messages.

Speed cameras in Australia fell ill this week, resulting in them repeatedly rebooting. These cameras were not connected to the internet, but a technician accidentally spread some malware as part of a routine software upgrade, due to an infected USB stick. The same lack of internet connection ensured that no other systems were infected, meaning the overall damage was limited.

Ethical hackers were able to infiltrate Virgin Media’s Super Hub 2 router and use it to gain control of connected household devices, including security cameras, smart locks, and IP cameras. Virgin advised 800,000 Superhub users to change the default password provided on the router as well as their network password to protect against potential hacks. This is another reminder that connected devices can have benefits, but many also have vulnerabilities and little in the way of security measures.

Malware of days past followup:

The death of the Locky ransomware may have been exaggerated, as ransomware campaigns fall back to Locky after the quick defanging of Jaff. Interestingly, this version may only work on Windows XP, indicating that the authors may have been hasty on pushing this variant out.

The recently report on Fireball may be slightly exagerated. While Checkpoint previously claimed 250 million infected devices, but Microsoft puts claims at closer to 40 million, having been tracking Fireball since 2015. 40 million is still a lot of infected machines, but nowhere near the threat of the original estimate. CheckPoint and Microsoft are continuing to work together on analysis.

bugbounties internetofthings malware ransomware reports