Risk Radar Free Cyber Newsletter – June 28, 2016

Experts Warn Users of New ‘Bart’ Ransomware
Ransomware is back at the top with a new variant called Bart. The authors of Locky and Dridex are back with new ransomware that is charging more money than previous ransomware. Bart operates differently than most ransomware. No C&C server connection is needed for encryption, the encryption key appears to be based on the PC. An email with a zipped fake PDF file is used to spread Bart, the fake PDF file is actually JavaScript. Network admins may want to block zipped email attachments.

CryptXXX is continuing to improve with its latest variant. 4D5A Security gives more detail on Bart and asks if you are ready for a ransomware attack.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.

Analyst: Brexit Cybersecurity Ramifications Could be Significant
The implications of the UK Brexit vote will be far reaching in many areas, information security will be affected also. How the UK will interact with the EU on security issues going forward and foreign info sec workers ability to work in the UK are just two issues. The article goes over some of the initial concerns of the Brexit vote on security.

xDedic Scope May Be Larger Than Originally Thought
The amount of compromised servers may be even larger than first reported. Also the cost of server access is not at low as initially reported. There are still questions about the authenticity of the Pastebin date but server admins should still be reviewing their remote server connections.

Blasphemy! Godless malware preys on nearly 90 percent of Android devices
Godless is a mobile malware that can potentially root Android phones. It is using exploit kit traits to have more effective infection rates. Security researchers expect this exploit kit framework to continue in future Android malware, Lollipop (5.1) and earlier phones are affected. Using a Nexus device or using the latest high end OEM Android devices will give users better security. Using Nexus devices will ensure the user gets monthly security updates from Google.
How to Spot Ingenico Self-Checkout Skimmers
Skimmers are still something to watch for while you are doing your shopping. Brian Krebs has some good information on how to spot fake Ingenico Self-Checkout skimmers. Most users will not be on the lookout for skimmers but security minded types can help out by spotting these skimmers.
So Hey You Should Stop Using Texts for Two-Factor Authentication
Two-factor authentication is a helpful security enhancement for users. It looks like using text messages to receive that second code is a weak link in two-factor authentication. Recent attacks have used this text message weakness. Something the user has like Google Authenticator or an RSA token is much more secure than text messages.