This has been a busy week with the first Mac OS X ransomware, dubbed KeRanger; security tools that are supposed to protect devices are being used as wormholes to take over devices and not to mention, a cancer center data breach that included sensitive data of 2.2 million patients and employees.  

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 


Ransomware

The first ransomware termed KeRanger targeting Mac OS X was discovered by Palo Alto researchers.

why is this signficant?

  • Ransomware infects local hard drives and shared networks and then communicates with its C2 server to download TOR configurations. In the next step, it uploads encrypted files to present the infected user with the encrypted data files.
  • The ransomware was signed with a legitimate application development certificate which Apple has already revoked. Additionally, Apple has updated its built-in AV signature base.  
  • In terms of sophistication, this Mac OSX ransomware is much less stealthy than those infecting Windows. While Windows-ransomware need to skirt the security mechanisms that Microsoft places, these security measures simply do not exist in Mac making it much easier to install ransomware.

**enSilo customers are protected from KeRanger ransomware. Deep dive into enSilo's Mac OS X solution here**

Read the full story on TechCrunch

Vulnerabilities 

Intel patched a critical vulnerability in McAfee that allowed attackers the ability to disable the antivirus protection.

why is this signficant?

  • It took 15 months to patch this vulnerability that is in a McAfee VirusScan add-on feature "to protect it from local Windows admin users that might accidentally alter its normal mode of operation."
  • This is not the first time an AV is used as a channel to disable mitigations. Just a few months ago, enSilo researchers discovered a critical vulnerability in various security tools, including AVG, Kaspersky Lab and Intel McAfee which enabled a threat actor to directly compromise the underlying Windows OS. 
  • Last week at RSA 2016, Roy Katmor presented on this very subject in his talk "Security tool is an attacker’s dream come true".  Roy presented live demos, reviewed incidents of backdoors in security tools, tools turned into ad platforms and vulnerabilities revealed within. A copy of his presentation slides appears here - https://www.rsaconference.com/events/us16/agenda/sessions/2802/security-tools-an-attackers-dream-come-true

Read the fully story on Softpedia

Breaches

21st Century Oncology Holdings , a cancer treatment center in Florida informed 2.2 million patients and employees of a data breach that may have obtained their sensitive data.

why is this signficant?

  • The FBI informed the cancer clinic on November 13, 2015 of the cyberattack and breach.  It seems as though the cyber perpetrators infiltrated a key database in early October 2015 and the FBI wanted a thorough investigation prior to the March 4, 2016 announcement.
  • The sensitive data that was obtained can be sold on the dark web, so the cancer clinic is offering a year of credit monitoring.  Unfortunately, medical information never expires making this offer completely futile.
  • This data breach demonstrates the dramatic effect of how times are changing and cyber criminals are focusing on core services in the healthcare arena.  2015 was dubbed by the Washington Post as “The Year of the Healthcare Hack”. It looks like 2016 is not falling behind. 

Read the full story on ZDNet