Risk Radar Free Cyber Newsletter – Oct 11, 2016

NHS attacked by ransomware ‘dozens’ of times
National Health Service hospitals have been seeing ransomware attacks in the UK. The most common attack vector is with phishing email. As many as 28 NHS trusts have been attacked in the last year. According to NHS none of the victims have paid the ransom.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.

When DVRs Attack: A Post IoT Attack Analysis
Researchers are looking through the aftermath of the recent massive DDoS attacks. A trivial web authentication bypass vulnerability allowed IoT devices like DVRs and IP based cameras to be used in the DDoS attacks. Security practices are minimal to non-existent on many IoT devices, it is expected the use of IoT devices in attacks will continue to grow.

Top five email phishing attack lures revealed and how to prevent them
Since most of ransomware and other malware is spread through email this is some good information to know. Proofpoint has compiled a list of the top 5 email temptations used to get people to click. This knowledge is great for educating your organization against phishing emails, there are also some network security tips in the article.

StrongPity APT Emerges with Trojanized Crypto-tools
The group StrongPity APT is targeting know crypto tools like TrueCypt, the goal is to provide trojanized versions of the crypto tools. Once these trojanized versions are installed the victim is completely insecure while having the illusion of security. The group StrongPity APT appears to be determined and well-funded.
Remote switch-on enlists Mac webcams as spies
An attack on OS X webcams has been found by security researcher Graham Cluley. It is possible that a video chat could be covertly recorded. One of the security researches that demonstrated this attack is offering a free tool that alerts OS X users to malicious use of their webcams.
Signal, the Cypherpunk App of Choice, Adds Disappearing Messages
If you are in the need of a secure messaging app Signal may be the one. It is adding features while keeping the core of what it does strong, its core is strong end point encryption for secure messaging. Signal technology is also be used in secure Facebook messaging and the new messaging app Allo from Google.