Risk Radar Free Cyber Newsletter – Apr. 5, 2016

The Apple-FBI Battle Is Over, But the New Crypto Wars Have Just Begun
This Apple vs FBI Battle is over but the war over crypto is just getting started. Encryption is in the public eye, many uses did not even know their smart phones did encryption. The article does a good job of covering the state of current events. There is not a consensus among security professional, here is a pro privacy and pro protection opinion piece from to security professionals. The good thing about this event is a discussion will be had about privacy and protection.
Why Hospitals Are the Perfect Targets for Ransomware
The attacks on hospitals with ransomware keep coming. Hospitals are more likely to pay the ransomware extortion due to what they do, when your product is fixing sick people it is hard to play the waiting game while looking for a fix. The article does a nice job of highlighting the issues hospitals have with ransomware and protective actions that can be done. We can help you implement a security plan to protect against ransomware and other malware.
Petya Ransomware skips the Files and Encrypts your Hard Drive Instead
Who needs to encrypt data files when you can encrypt the whole hard drive. The Petya ransomware likes to do ransomware different by encrypting the Master File Table (MFT) by replacing the Master Boot Record (MBR) with a malicious loader. BleepingComputer does a great breakdown of the Petya ransomware infection. Be proactive by making a backup of a known good MBR today. Simply wiping an MBR may remove some data personalized to your computer(s) whereas a backup includes all known good code. Include the backup of the MBR in your restoration of images/partitions to ensure complete mitigation of all malware types including that of MBR infectors. It’s not enough to simply wipe the partition of a disk anymore.
Millions of Enterprise Users at Risk from Apple iOS Flaw
A man in the middle attack has been found in Apple’s iOS 9 called “SideStepper”. SideStepper can give hackers control of devices, data on devices, and enterprise services. This attack uses enterprise certificates to setup the man in the middle, once this is done the hacker can install malicious apps. Like many current malware the attack starts with phishing. This attack is aimed at enterprise users, not public iOS users.
Beware This Crazy Speeding Ticket Scam
Clever hackers are using a GPS enabled smartphone app to send people in Philadelphia speeding ticket emails. The details of the speeding event are true which makes this scam harder to spot. Three local residents contacted the local police department to verify the speed ticket email. The speeding ticket email is a phish with a link for the user to click to enable malware to be downloaded and run on the computer.
CNBC just made a huge mistake with its password security tool
CNBC was trying improve people’s passwords with an online tool they could put their passwords in for a security evaluation. The problem is the passwords were stored in a Google spreadsheet, to make matters worse they were also sent to 30 third parties. If you tried this tool you may want to get rid of any passwords you entered into the tool.