Cybersecurity Newsletter - Issue 16
Keeping an eye on cyber news and threats
Insurance giants CNA hit with ransomware
Earlier this week CNA were attacked with a variant of the Phoenix CryptoLocker ransomware which resulted in them taking their systems offline including their website.
It is believed that the cybercrime group behind the ransomware is Evil Corp, who are well known in the hacking world. They managed to encrypt 15,000 devices on CNA’s network.
CNA aim to restore data and files from back-ups rather than pay the ransom and are working on workarounds to continue operating and providing customers with a service. They are also conducting an investigation, as are law enforcement.
CNA are unable to say whether customer data has been impacted at this time, or when they will be able to resume full functionality.
You can find more on this here.
Malware targeting Instagram and Facebook business accounts
A new form of malware named CopperStealer is stealing cookies and passwords from browsers and using the credentials to log into business accounts on Instagram and Facebook. Once logged in, the accounts are being used to push malicious adverts and profit from them.
It’s not just Instagram and Facebook though, although they are the primary target, accounts from other platforms are being targeted too such as Amazon, PayPal, Google, Apple and so on.
There’s not much more to say on this one, just keep an eye on your accounts and keep virus protection up to date. It’s also a good reminder of how valuable multi-factor authentication is.
Ziggy ransomware admin now offering refunds
You may remember from one of my previous newsletters I wrote about FonixCrypter releasing a decryption key for their victims, well the creators of Ziggy ransomware did the same thing and are now actually offering refunds to the victims that paid the ransom.
All people need to do is send an email to email@example.com and with proof of the bitcoin transfer and computer ID and they will aim to refund them within two weeks.
The admin stated that they created the ransomware as they lived in a ‘third-world country’ and needed the money, so why the refund? If you follow Bitcoin at all, you will notice that the value has sky-rocketed recently, so even though they are refunding people the original price of the ransom, they have still made a profit from the increase of Bitcoins value. Sure, they could have kept the lot, but maybe they actually have a heart, maybe it was their plan all along, who knows.
Ongoing National Insurance scam
The UK National Fraud & Cyber Crime Reporting Centre (also known as Action Fraud) is warning people about an ongoing phone call scam trying to steal personal details.
The scam consists of an unsolicited phone call alerting potential victims that their National Insurance number has been compromised and to press 1 to continue to speak to an agent. The ‘agent’ then asks the victim to provide personal details to receive a new NI number.
Always be suspicious of any unexpected phone calls with people asking for personal details, it is most likely a scam. A good way of filtering spam calls or identifying the caller before answering is to use an app such as ‘Should I Answer?’ which uses community ratings to determine if a call is safe or if it is a scam call and shows you the rating whenever an unknown number calls you. You can also choose to automatically block numbers that have negatives reviews.
This week’s top tip – Stop filling out ‘chain post’ questionnaires
You know the one’s, you see them on Facebook - ‘just for a bit of fun’ where you answer various questions about the things you’ve done or facts about your life, or you get a score based on which questions you answer yes to. They may seem like a bit of fun, but these are practically ‘cheat sheets’ for hackers; lots of snippets about your life that you could have used as passwords or security questions and used to potentially steal your identity. They are most likely started by hackers to be honest.
Thankfully, you don’t really see them much anymore, but they used to be everywhere. They do still pop up every now and again though so think twice before filling them out and reposting.
That’s all for now, stay safe and see you next week.