Cyber Security News Update 7/15/2017
With new malware hitting the internet, and Australia reporting that it’s being constantly probed and attacked it’s time for another week in review for Cyber Security.
US based cybersecurity group Crowdstrike has identified several groups that roam the internet, attacking cyber infrastructure. Crowdstrike is the same group that identified the Russian hackers who were behind the hacking of the DNC email servers. In their view, political campaigns tend to skimp on their cybersecurity, making it easy for extra-national actors to try and interfere with them. Crowdstrike works as a protection agency, and has recently finished a round of crowdfunding, they’ve started working at the behest of the Australian government. The theft of NSA tools and attack programs has brought cybersecurity into sharp focus in the past months, governments are now scrambling to get their security together. Crowdstrike has reported that Russia, Iran and China all prowl around Australian services and servers, looking for a way in.
Source: Australian companies under ‘constant’ cyber attack, says security company Crowdstrike
WordPress is an extremely popular website service, offering a variety of customization options and layouts. It’s adaptable nature is why it’s so popular, it can be used for extremely professional sites and amateur ones. Its popularity is why its always being attacked by hackers, and why WordPress pushes out security updates as often as it does. The newest hack looks for WordPress sites with unfinished settings, and an incomplete setup. Using a particular URL, it’s possible to skip past the creator and finish the installation for them. This means the hacker can set themselves as Admin, using their servers and settings. They’d sit in your website, drawing traffic to wherever they’d like or they could simply lock you out of your own website. Completing site setup as quickly as possible is the key to defeating this tactic, but be warned: Completing the setup too slowly means that a quick enough hacker could still jump ahead of you as you work.
Source: ATTACKERS USING AUTOMATED SCANS TO TAKEOVER WORDPRESS INSTALLS
Two new malware programs have been released into the wild, NemucodAES and Kovter. These two programs come together in a .zip file bundle, which is delivered to its targets via spam email. Your spam filter is your first line of defense against this sort of attack. Only open emails if you know the sender, this goes doubly so for anything marked as spam. These attacks are aimed at Windows computers, so if you’re running a different OS then you should not be a target. NemucodAES is a type of malware that has been prevalent in the news lately, it encrypts a device and demands a ransom to release your files. Thankfully, a decryption code has already been developed, so you can free your device without giving in to the ransom demand. Kovter on the other hand is a much harder program to deal with. Once it infiltrates your device it becomes very hard to remove or even detect in the first place. Kovter sniffs out your personal information, it watches everything you do and records it. A potential way to spot it would be to watch your web traffic on a systems monitor, you may see a spike in data being sent to an unrecognized address. Kovter also grants access to hackers to remotely control your PC, or it can download more malware or unwanted programs to your computer on its own.
Source: NEMUCODAES RANSOMWARE, KOVTER CLICK-FRAUD MALWARE SPREADING IN SAME CAMPAIGNS
Max is a Legal Assistant and author residing in the Philadelphia area He has been writing for AskCyberSecurity.com since early 2017.