Risk Radar Free Cyber Newsletter – Mar. 7, 2016

Ransomware developers target Apple customers
Some ransomware developers don’t want Apple users to feel left out, the first ransomware for OS X has been found. The ransomware is installed by a corrupted version of Transmission (a BitTorrent client). Apple has taken steps to shut down this attack, more details are here.
DROWN Flaw Illustrates Dangers of Intentionally Weak Crypto
The new flaw in SSL has some relation to 1990 encryption concerns. The concern over export-grade cryptography caused SSLv2 to be intentionally weakened according to SSL expert Ivan Ristic. The article gives some detail about the Drown flaw and some concerns over weakening current encryption.   Due to the amount of variables and effort required by an adversary, this risk is ranked as moderate by 4D5A Security for likelihood.

Amazon’s bringing encryption back to its Fire tablets
Amazon has gotten into the encryption debate when it removed the encryption option from Fire OS 5 on their Kindle Fire tablets. If encryption was not a hot topic right now this would be a non-story. Amazon says the encryption option was removed because it was not used, they state the removal had nothing to do with the Apple case. That being said Amazon will be putting the encryption option back in with a future update coming this spring.

Five things you need to know about ransomware
Another article gives us some ways to prepare for ransomware attacks. A good point to remember is that end user PC’s are not the only devices at risk, Android devices and Linux servers attacks have been discovered also. Prevention is still the best way to prepare for a ransomware attack, frequent offline backups could save the day. Worst case scenario is you may need to pay the hackers to get your data back.
Skills Shortage, Containerization & Other Cloud Security Concerns
The RSA conference has shown the increase in adoption of cloud computing in enterprises. Security for cloud computing is still being figured out, who is responsible for security and how is security done. The article does a nice job of bringing up concerns regarding the shift to cloud computing for enterprises.
Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid
Wired has done a detailed look into the hack of the Ukraine power grid. It covers the timeline in a detailed fashion. It also looks at who was behind the attack and the potential for future similar attacks.