Risk Radar Free Cyber Newsletter – July 5, 2016

Locky Variant Zepto Debuts with Big Spam Push
A new ransomware called Zepto has been discovered with a big spam campaign to go along with it. Zepto appears to be related to Locky ransomware, Zepto is spread via spam with zip files. The zip file contains a malicious “.js” JavaScript executable. Sounds like a good reason to block email with zip file attachments. Jigsaw ransomware wants to play a game with you. EduCrypt ransomware wants to educate you by encrypting your files. The good thing is you get the decryption key for free.
Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.
How greed could destroy the ransomware racket
You are infected with ransomware and you need your data, what do you do? Many will pay for the data, what happens when the hackers try to double dip and ask for more money. This article makes an interesting case that the greed of ransomware developers will stop victims from paying the ransom.

Zero-Day Warning! Ransomware targets Microsoft Office 365 Users
A zero-day in office 365 is being used to spread ransomware. Spam and phishing emails with malicious file attachments are being used for this attack. Macros are being used to deliver Locky and Dridex ransomware. With good macros security policy and end user training, this zero-day attack can be minimized.

Google Play Hit with Rash of Auto-Rooting Malware
Getting apps outside of the Google Play store is asking for trouble, you are generally safer staying in the Play store and making sure side loading of apps is disabled. While Google does take steps to keep bad apps out of the Play store some get in, researchers have discovered auto rooting apps in the Play store. The bad apps are using a Linux Kernel bug in Linux Kernel version 3.14.5, phones with Android above Lollipop (5.0) should be safe from this attack.
Apple Leaves iOS 10 Beta Kernel Unencrypted: Pros and Cons
In iOS 10 Apple will be unencrypting the kernel, Apple says this will increase OS performance with no security sacrifice. Apple’s security assurances have not stopped the debate on what affect this will have to i0S security. As we can see from the above Android security issue kernel exploits can be a problem.
Zero-day exploit bypasses Windows security features, affects Lenovo ThinkPads
Lenovo ThinkPads have been hit with a zero-day exploit that attacks the Unified Extensible Firmware Interface (UEFI) driver.  This exploit allows the Secure Boot to be disabled, the severity of this attack is limited due to physical access being needed for the attack. Currently, only ThinkPads are known to be affected, it is possible other PC vendors could be affected also.