cyberespionage-blackenergy.jpg

It's the first week of 2016 and the industry has already witnessed three newly discovered ransomware and the continuous cyberespionage threat through malware that caused a power outage during Christmas.   

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 


Ransomware

Three newly discovered ransomware: Ransom32 - the first ransomware written in Javascript; CryptoJoker that disguises itself within a pdf file; a third verison of the Linux ransomware termed LinuxEncoder.

Why is this signficant?

  1. Ransomware32 is coded entirely in Javascript, making this the first discovered ransomware of this type.  Although Ransom32 is currently targeting Windows devices, it has the potential of being easily adapted to Linux and Mac OS X given it is written in Javascript.
  2. The authors of Ransomware32 put in place an interesting Ransomware as a Service (Raas) model. In this model, affiliates distribute the ransomware and 25% of the affiliate’s profits are sent to the developers.
  3. CryptoJoker’s targets 30 file extensions, deleting shadow volume copies.  At this time, there is not an encryption key and doesn’t look like there will be in the foreseeable future.
  4. As its name suggest, LinuxEncoder runs on Linux servers. First, server-infecting malware have more impact given the sensitivity of these platforms. Second, whereas a PC typically involves user behavior in contamination, a server will typically involve other means of infection.
  5. LinuxEncoder contains an encryption flaw allowing researchers to decrypt hostage files. Knowing that developers of malware are diehard determined to make a profit, this will drive them to develop a hardier ransomware in the future. 
** Customers of enSilo are protected against the malicious encryption of ransomware**

Read more about Ransom32, CryptoJoker, LinuxEncoder

Cyberespionage

BlackEnergy cyberespionage group, more recently in the news under suspicions of hacking the electric power grid in Ukraine, is adding disk wiper and SSH backdoor to its destructive toolbox.

Why is this signficant?

  1. BlackEnergy, aka Sandworm, exploits a design vulnerability in Microsoft Windows making it difficult for anti-exploitation tools to block it.             
  2. Design flaws within applications/software are ways that threat actors use the vulnerabilities as a backdoor to infiltrate a device/network.  Leveraging design vulnerabilities is one of the many ways that an attacker can infiltrate its target. 
**Customers of enSilo are protected against BlackEnergy** 

Read the full story on CSOOnline

Data Protection

Companies, especially healthcare related companies, could be penalized in the future for exfiltrated data from a breach in their server, so much that their company could not survive.  

Why is this signficant?

  1. Healthcare-related organizations, in particular, store a wealth of sensitive information: from the typical payment and contact information stored by entities in other industries and patients’ medical records, to research data such as drug innovation. 
  2. Could the future of protecting data be to minimally collect it in the first place? Unfortunately, such a solution is difficult, if not impossible in today’s world of “proliferation of data”.
  3. A recent study showed that 62 percent of IT professionals interviewed felt that following up on a data breach was more costly than investing in a stronger security platform.

Read the full story on Kernel Mag