Risk Radar Free Cyber Newsletter – Mar. 29, 2016

Surprise Ransomware Spreading Via TeamViewer
It should not be a surprise that ransomware developers are getting better at what they do. How can I spread my malware even more effectively over a corporate network? Team Viewer is used by 90%+ of the Fortune 500s, yes this will work. This attack is very similar to the Backoff malware that was used to steal Point of Sale (PoS) data. Ransomware developers are using the benefits of the cloud just everyone else.
Data on 1.5 Million Verizon Enterprise Customers Up for Sale
Verizon has fixed a vulnerability that lead to a data breach on 1.5 million customers. Verizon has said only basic customer information has been stolen. The seller that Brian Krebs found on an underground cybercrime forum seems to indicate the data is more interesting. At this point it is not known how the attack was accomplished.

Ransomware – Part 2
Here is part two of Dr. Peter Stephenson’s deep dive into ransomware. The focus is on TeslaCrypt 3.0, he starts with a PCAP file in Network Miner. Once the domain name is found the hunt is on, Peter continues his breakdown of TeslaCrypt 3.0 in the rest of the article. It is a good read if you are curious about the details of ransomware.

Microsoft Launches Macro-Blocker for Office
Microsoft is arming enterprise administrators with a tool to defend against macro delivered malware. With Macro-Blocker (works with Office 2016) the administrator can selectively scope macro use to specific work flows. Macros outside of these specific workflows can’t be enabled by the end user. Macro-Blocker can be controlled with group policy and configured for specific applications.
Badlock — Unpatched Windows-Samba Vulnerability Affects All Versions of Windows
If you use Windows or a Samba file server April 12, 2016 is a date to remember. A patch will be released on this day for the crucial security bug. After the patch is released the Windows and Samba teams expect the bug to be exploited in the wild.
Way to Go, FCC. Now Manufacturers Are Locking Down Routers
Not everybody uses third-party firmware on their routers, but for those that do this could be a bad trend. TP-Link has begun locking down their routers based on an understanding of the FCC’s new regulations on Wi-Fi devices. Even the FCC says this is not what they are trying to do but it may be easier for manufactures lock down the whole router instead of just the radio module. DD-WRT and other third party firmware may be on the way out if other router manufactures follow TP-Link’s lead.