This week ransomware and malvertisement joined forces and injected their maliciousness in a never seen before campaign hitting the New York Times, BBC, MSN, AOL, giving a newly published ransomware report's title more credit than ever before, 2016 The Year Ransomware Holds America Hostage, Palo Alto researchers tapped into a new variant of malware that was seen more than 15 years that they dubbed PowerSniff and American Express has disclosed of a breach that they experienced back in 2013.   

.  

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 


Ransomware

The Institute for Critical Infrastructure Technology has published a report, 2016 The Year Ransomware Holds America Hostage.

why is this signficant?



  • Ransomware is a threat that is here to stay.  "One reason that ransomware is so effective is that the cybersecurity field is not entirely prepared for its resurgence. "  
  • This report goes over the evolution of ransomware, the many variations, the wide variety of targets and  the different adaptions that the writers have moved to.
  • The report is right to state that organizations now need to assume compromise. Some offered mitigations include AVs, user behaviorial analytics, and reputational-based protections. Unfortunately, such tools are either ineffective in face of varying ransomware or inundate security teams with alerts.
  • This report discusses the variants of the ransomware, but no one could ever predict that ransomware would join forces with malvertisements to spread to a plethora of news websites.

    Get the full report here 

/** See how enSilo's real-time data containment platform protects against the malicious encryption of ransomware in an accurate and signatureless manner here **/

 

Malware 

Palo Alto researchers discovered a new type of malware and dubbing it, PowerSniff.  PowerSniff  takes advantage of Microsoft's PowerShell.

why is this signficant?

  • After receiving a Word document containing malicious macros, these documents are being received by the victims in a spear phishing manner that taps into Microsoft's PowerShell scripts sending the malware directly to the memory of the computer.
  • It seems as though malware writers are showing that users haven't learned anything in over 15 years.  The malware writers are using old tricks with new twists. This new twist of not creating a file and being directly injected into the memory has a more lasting effect. 
  • he malware took extra precautions as it performed internal checks to figure out what security systems were in place and avoided running on hosts in the healthcare industry and at research institutions.

Read the full story on Computer World

/** enSilo customers are protected out-of-the-box from PowerSniff **/

Breaches

American Express issued a warning to their customers for a third party breach that occurred December 7, 2013.

why is this signficant?

  • This breach is being reported over two years ago from when it first occurred.  Which raises a lot of questions.  Why did they wait to disclose this information and warn their customers?  One can only suspect that the breach went undetected and that American Express wants to have the least tarnished reputation from the outcome.
  • American Express chose not to disclose any details including not naming the third-party that was breached.  This is not a very responsible way to publicize this information as one the most trusted brands of credit cards.  Let's hope for American Express that the black cards haven't been used as weapons against the company

Read the full story on CSO Online