Risk Radar Free Cyber Newsletter – Apr 25, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

Locky ransomware is back, this time via Necurs
Locky ransomware is back in the spotlight. After seeing a drop off in 2016 Locky has picked up again due to the Necurs botnet. The new attack is similar to the recent Dridex campaign which uses a word doc embedded in a PDF file. This technique is used to avoid detection from sandboxes.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.

NSA’s DoublePulsar Kernel Exploit In Use Internet-Wide
Some Windows server exploits live on for years, like Conficker which is around 10 years old. The DoublePulsar exploit may have the same staying power. Like Conficker, DoublePulsar has been patched by Microsoft. Remote code execution is possible from the DoublePulsar attack. If you use Windows server make sure you are using a recent version that is fully patched.
Hard Target: Fileless Malware
Ransomware was the exploit with the fastest growth rate in 2017. We don’t know if fileless attacks will take over ransomware, but we are seeing a big increase in 2017 fileless attacks. Computer memory and native windows tools are used to do the attack, when the attack is done no evidence is left behind on the hard drive. Mitigation of these fileless attacks will take a new approach to PC security.
Employees Are Sharing Confidential Info at Alarming Rates
For business owners’ employees could be the biggest danger to your confidential data. Employees are confused at what they should share and should not share. The need to get work done is winning out over data security. Business’ need to present a clear security plan to their employees regarding confidential data. It should be an annual training event.
LinkedIn Apologizes After Privacy Snafu
The latest LinkedIn iOS update had a feature that should have been opt in. The new feature prompted users to connect with nearby people in Bluetooth range. Microsoft has responded that this feature will be changed to opt in with more controls for the user.
20 Linksys Router Models Vulnerable To Attack
Multiple Linksys routers models have vulnerabilities that allow data to be pulled from the router network. IOActive has shown that 7,000 routers could be effected, they think as many as 100,000 could be effected. Linksys is working on an fw upgrade to fix these issues. For now Linksys recommends turning off the guest network setting, enable auto updates, and change default admin passwords.