Free Ticket To Ride
"You Hacked, ALL Data Encrypted."
That was part of a message that reportedly appeared on thousands of Windows systems used by the San Francisco Municipal Transportation Agency, better known as Muni, in recent days, after they were locked by ransomware and 100 bitcoins - currently worth $73,000 - demanded in exchange for a decryption key.
The attack, which compromised more than 2,000 Muni payment and scheduling systems, began unfolding by Nov. 25 - during the busy Thanksgiving and Black Friday shopping period - reports San Francisco Examiner. As a result, officials ordered Muni subway fare gates to be opened - and all light-rail rides were free - as IT personnel worked to scrub the ransomware from affected systems.
Apple silently uploads iPhone call logs to iCloud Drive
Researcher at the Russia proactive software firm Elcomsoft found that iPhones silently upload call logs to iCloud.
Apple automatically uploads iPhone call logs to Apple's remote servers where the data may be stored on Apple servers for months with no option for the end user entirely disable the feature on their device, according to a Nov. 17 press release.
The feature is available on all devices running on iOS 9.x and 10.x and there is no official way to disable to feature other than to disable the iCloud Drive functionality. Elcomsoft researched that disabling the feature would greatly affect the usability of the device since Apple delivers a number of features via iCloud Drive.
An individual's communication history can reveal a lot about a user life including sexual preferences, medical issues, infidelities, illegal activities, business dealings, and more, Tripwire Cybersecurity Researcher Craig Young told SC Media.
UPMC security chief warns that many cloud computing vendors lack ability to appropriately secure health data
John Houston calls on cloud providers to be more transparent about their security offerings and to support standards such as HITRUST.
When security professionals at the University of Pittsburgh Medical Center were evaluating a cloud services vendor they managed to circumvent a particular vendor’s security. And when that cloud provider said “no you haven’t” UPMC’s IT team gave the vendor a customer’s data back.
The same thing happened on a second test and even a third.
“After the third time of not being able to secure their application they finally said, ‘listen, we’re a small company, we only have three developers and they don’t really understand security,’” according to John Houston, UPMC vice president of security and privacy and associate counsel.
Locky Ransomware Steps Up Attack Methods
There is still no way to decrypt the virus, first discovered in March. It's now spreading via Facebook messenger.
In February, Locky was found in the wild, wreaking havoc on networks. And despite the drop in the frequency of ransomware attacks in recent months and increase of decryption tools for strains like Crysis, Locky is upping the ante on its attack method.
It masks the virus as an email from valid companies and a subject line designed to encourage the reader to both read the email and open the zip attachment, according to Derek Knight of UK-company My Online Security.
More specifically, Locky hackers disguise the virus as a complaint from an internet service provider that SPAM is coming from the user's computer.
Another recent attack vector for Locky is Facebook Messenger. A new report from CSO shows how the malware is able to evade whitelisting on Facebook by mimicking an image.
There is still no way to decrypt Locky ransomware. And the only way to recover files is through a viable backup.
US Navy Suffers Data Breach
The US Navy announced today that the personal data of 130,000 of its enlisted men was accessed after a contractor's laptop was breached back in October.
HP Enterprise Services notified the US Navy of the breach, saying that one of the Navy's laptops operated by their employee supporting a Navy contract was "compromised."
Data accessed includes the names and Social Security numbers of 134,386 current and former Sailors.
"The Navy takes this incident extremely seriously - this is a matter of trust for our Sailors," chief of naval personnel Vice Admiral Robert Burke said in a statement. "We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach."
The Navy Criminal Investigative Service is handling the investigation, and has no evidence to suggest misuse of the information that was compromised.
New Mirai Worm Knocks 900K Germans Offline
More than 900,000 customers of German ISP Deutsche Telekom (DT) were knocked offline this week after their Internet routers got infected by a new variant of a computer worm known as Mirai. The malware wriggled inside the routers via a newly discovered vulnerability in a feature that allows ISPs to remotely upgrade the firmware on the devices. But the new Mirai malware turns that feature off once it infests a device, complicating DT’s cleanup and restoration efforts.
Security experts say the multi-day outage is a sign of things to come as cyber criminals continue to aggressively scour the Internet of Things (IoT) for vulnerable and poorly-secured routers, Internet-connected cameras and digital video recorders (DVRs). One enslaved, the IoT devices can be used and rented out for a variety of purposes — from conducting massive denial-of-service attacks capable of knocking large Web sites offline to helping cybercriminals stay anonymous online.
An internet-wide scan conducted by Shodan.io suggests there may be as many as five million devices vulnerable to the exploit that caused problems for so many DT customers this week.
Questions About Managed Services
The computer industry has changed over the past few years from one where Technicians charge you by the hour for the work they do, to one where you are charged by the month for a predefined list of services. This monthly “fee for service” arrangement has been dubbed Managed Services and an IT company doing business under this model is referred to as a MSP (Managed Service Provider).
This business model offers both the Client and the MSP a lot of benefits. Under an “All You Can Eat” program, all of your IT problems are covered by the monthly fee.
Back in the “old” days, when you discovered you had a computer problem you called a computer guy and hoped that he or she would answer the phone and then actually show up to fix the problem. Because you did not have a “partnership” with this person, there is no compelling reason for them to hurry to your office and work at your pace.
Additionally, the computer guy is not on your network regularly performing maintenance because he is not getting paid to do that preventative stuff. This means that he has no real knowledge of your software and hardware which translates into more down time and more billable time that you pay for while the diagnosis is taking place. In reality, the longer the repair takes the more money the IT person makes.
From a Client perspective Managed Services means that means that you can budget for monthly IT expenses without any surprises.
Depending on the program, you may still be responsible for Moves of equipment, Additions to the hardware, Changes to Internet service or Security Related subscriptions. Other high-end programs may include these items.
With a Managed Services contract, you have now incentivized the computer guy to respond quickly and become familiar with your network because the quicker he solves your problem, the more profitable he is.
From the MSP perspective, revenue becomes more predictable thereby allowing the MSP to invest in staffing and new technologies to better support your network. This model also allows the MSP to become intimately familiar with your network which means things can get fixed faster.
For more info, call me:
Talking is free…..
Hank Wagner
757-333-3299 x232
hank.wagner@computernetworksinc.com
Phishing
Phishing (sounds like fishing) is a method of infecting a computer network with a virus or ransomware by sending an email to a user on the network. The emails are crafted by the criminals to trick your users into opening an attachment or clicking a link which starts the download process.
Never click on a link in an email or open an attachment unless you are certain of the source.
