Cyber Security News Update – Week 51 of 2019
Quick Answer
Week 51, 2019 cyber news: AOL phishing emails resurface, threatening account closure to deliver malware or harvest credentials; a Chase Bank phishing wave uses urgency and a real-looking Chase logo; the KeyWe smart lock ships with insecure app-to-lock communication letting attackers steal keys; an 8-year-olds Ring camera was hijacked four days after install; Snatch ransomware reboots Windows into Safe Mode to encrypt files where most security tools dont run; Ryuk ransomware hits New Orleans and Pensacola; Cheyenne Regional Medical Center reports a phishing breach.
Did you think AOL was dead? Well it isn’t. And it’s being used to scam people with phishing emails. According to Scamicide, there is “a phishing email presently circulating that attempts to lure you into clicking on a link in order to continue using your AOL account. If you click on the link two things can occur and both are bad. Either you will end up providing personal information to an identity thief or you will. merely by clicking on the link, download dangerous malware such as ransomware on to your phone, computer or other device.” Not good.
Chase Bank Scam
It’s never surprising when an email scam involves a major bank. This week’s target: Chase Bank. From Scamicide, “Chase is a popular target for this type of phishing email because it is one of the largest banks in the United States. Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond. As phishing emails go, this one is pretty good. It looks legitimate and the version appearing in your email comes with a legitimate appearing Chase logo.”
Phishing Phrontier
Maybe hooking every possible electronic device up to the internet isn’t such a good idea after all. First, news comes of a “smart lock” that can be exploited by hackers to steal the key and unlock the door.
“The product is the KeyWe Smart Lock, a remote-controlled entry device primarily used in private dwellings. Users can open and close doors via an app on their mobile phones.” Unfortunately, the “communication between the lock and the controlling app is not so secure.”
Ring Camera Hacked
Next comes the frightening news of someone harassing an 8 year old in her own bedroom through a compromised Ring camera. “The Ring camera was only up for four days in the girls’ room before the family says someone found a way to manipulate it, turning the security device into a room of horror. The mysterious voice taunted her 8-year-old with music and encouraged destructive behavior before her dad came in the room ending the terror.”
Here’s a good rule of thumb: if it’s connected to the internet, expect it to be hacked and act accordingly.
Windows Safe Mode Hack
Under the “incredibly annoying” category comes a new sophisticated exploit by hackers that makes it even harder to stop malware. Windows machines come with something called “Safe Mode.” It’s a troubleshooting mode in which most of the functionality of Windows is temporarily suspended so that you can troubleshoot a problem. Hackers know that and have now created an exploit to take advantage of that.
“Dubbed Snatch, the malware runs itself in an elevated permissions mode, sets registry keys that instruct Windows to run it following a Safe Mode reboot, then reboots the computer and starts encrypting the disk while it’s running in Safe Mode. Forcing Safe Mode is a clever strategy because most software, including security programs, do not run in that environment” This is just another example of why cloud-based security software is an essential part of a secure computing environment.
Body Count
Things aint that easy in the Big Easy after a ransomware attack. According to an article on SC Magazine, “The mayor of New Orleans Friday declared a state of emergency after the city detected what is now believed to be a Ryuk ransomware attack.”
“In this latest incident, New Orleans officials began taking systems offline after noticing suspicious activity, including phishing attempts, last Friday at 5 a.m. The city remains actively involved in recovery efforts related to the cybersecurity incident last Friday and individual agencies and departments will be impacted in various ways.”
Pensacola Cyber Attack
In keeping with a theme, “Pensacola officials confirmed that an ongoing cyberattack that began early Saturday morning is a ransomware attack. The city realized it was under attack Saturday morning not even 24 hours after a Saudi airman shot and killed three members of the U.S. military at the Pensacola Naval Air Station.”
Pensacola joins a dubious list of Florida cities to be hit by ransomware earlier this year including Lake City and Riviera Beach. Hey, if you’re a city in Florida, you should get yourself protected from phishing attacks by using the best email security service—the leading cause of ransomware.
Cheyenne Regional Medical Center Phishing Attack
Finally, it wouldn’t be a week if we didn’t report on phishing attacks against the medical community. Patients at Cheyenne Regional Medical Center were notified this week that their patient information may have been compromised as the result of a phishing attack.
Not to be outdone, Sunrise Community Health and Katherine Show Bethea Hospital both reported that email accounts were compromised as a result of phishing attacks. Hey, if you’re a medical facility you should get yourself protected from phishing attacks by using phishing protection service—the leading cause of compromised email accounts.
And that’s the week that was.
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.