In The Know - Cyber Security Update - Week of June 19th 2017

Posted by Eric Brown on Jun 26, 2017 8:30:59 AM
1.  Google will stop scanning its 1.2+ billion Gmail account inboxes for ad personalization

Google aims to align its free consumer email service (Gmail) with its G Suite business class offering.  This includes no longer using Gmail inboxes as input for ad personalization.  Google claims that this change will bring Gmail ads in line with the way ads are personalized for other Google products.  While inboxes may no longer be directly scanned for ad personalization, Google likely has other ways to gather this information.

Users can update their settings to change the way personal information is used, including disabling ad personalization. 

https://blog.google/products/gmail/g-suite-gains-traction-in-the-enterprise-g-suites-gmail-and-consumer-gmail-to-more-closely-align/

2.  A carefully crafted phishing email scams NY State Judge out of $1M

A NY state Justice recently fell victim to a targeted phishing attack.  While conducting a real estate transaction, the Justice received a phishing email by criminals posing as her real estate attorney.  She followed the instructions in the email and wired money to the specified account.  The money was quickly transferred to a different account in a Chinese bank and has not been recoverable.

http://www.nydailynews.com/new-york/state-supreme-court-judge-loses-1m-real-estate-email-scam-article-1.3263091

3.  A South Korean hosting provider pays $1M ransomware demand

Nayana, the compromised provider, has negotiated the payment down from $1.6M into a three tiered payment of close to $1M in Bitcoin.  According to Nayana the servers were encrypted by Erebus Linux ransomware. 

Trend Micro indicates that the infection vector came through vulnerabilities exposed in older version of Linux and Apache.  Nayana’s website uses Apache version 1.3.36 and PHP version 5.1.4, both of which were released back in 2006.

153 Linux servers were impacted which store the information of over 3,400 customers.

Excerpt of the Ransom Note:

-------

My boss tell me, you buy many machine, give you a good price 550 BTC
If you do not have enough money, you need make a loan

You company have 40+ employees, every employee’s annual salary $ 30,000
all employees 30,000 * 40 = $ 1,200,000
all server 550BTC = $ 1,620,000

If you can not pay that, you should go bankrupt.
But you need to face your child, wife, customers and employees.
Also, you will lose your reputation, business.
You will get many more lawsuits.

-----

Trend Micro:

http://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-linux-ransomware/

Nayana Negotiations (may require a browser that offers language translation):

http://www.nayana.com/bbs/set_view.php?b_name=notice&w_no=963

4.  When good Sys admins go bad – Hosting provider Verelox suffers catastrophic data loss by revenge wipe

A fired ex-employee who apparently wasn’t properly de-authorized caused a major outage for Dutch hosting provider Verelox.  Verelox offers hosted solutions in France, the Netherlands, Canada and the US with a 99.95% uptime (that’s an annual downtime of 4h 22m 58.5s).

Verelox took the rest of its network offline to focus on recovering data and promises compensation for customers who wish to remain with them.

https://www.bleepingcomputer.com/news/security/ex-admin-deletes-all-customer-data-and-wipes-servers-of-dutch-hosting-provider/

5.  2016 US Defense Department’s inspector general investigation of the NSA’s insider threat program shows lack of a detailed strategy to implement “secure the net” efforts

The Inspector General identified vulnerabilities in internal controls at NSA’s laboratories in Texas, North Carolina, Utah and Washington, D.C

The report says the agency was falling short of where it needed to be in managing personnel with privileged access to its data and systems.  The inspector general found that the agency was unable to say how many privileged users and officials were empowered to transfer data. Those lists were kept in spreadsheets that had become corrupted and were no longer available.

https://www.nytimes.com/2017/06/16/us/politics/nsa-data-edward-snowden.html

Topics: Education

About this blog

Welcome to the Cyber Advisors Blog.  Please take a moment to read through our content.  If you would like more information on any of these topics, simply reach out to us via contact information below.  If you find our content valuable, please subscribe.  

 

 
 
Would you like to hear from us? Click Below!
Learn More

Subscribe Here!

Recent Posts

Posts by Tag

See all