Risk Radar Free Cyber Newsletter – Sept 13, 2016

New RAA ransomware variant performs own encryption, attacks businesses
A new version of RAA ransomware has been found with some big upgrades. The new version has incorporated a Trojan to steal victim information while encrypting the victim’s files. RAA is also able to perform offline encryption. RAA is currently targeting Russian-speaking countries, the main targets are corporations.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.

DHS Urges Vigilance in Protecting Networking Gear
The DHS has issued a warning to network operators to protect and secure their networking gear. The ShadowBroker dump of the Equation Group exploits has most likely led to this warning being issued. The main theme of the alert is than networking gear can’t just be setup and forgotten, network gear needs to check for security issues and patched when needed. Network gear can be an easy place for attackers to enter the network and pivot to targets in the network.
Judge Rules Use of FBI Malware Is A ‘Search’
A judge in Texas has ruled that the FBI’s use of malware in one of the Playpen child porn cases is a search, meaning the FBI needed to get a warrant to search the defendants computer. Some of the other Playpen cases have not ruled this way. It will be interesting to see what happens as these cases move through the higher courts.
Fallout Over OPM Breach Report Begins
The Office of Personnel Management (OPM) breach report has the finger pointing and blaming going in Washington at a high level. The breach report is very critical of the OPM, it states the lack of security and old computer hardware/software led to this massive breach. The refuting of the report is breaking down on political lines. Hopefully, when all the fallout and political recriminations are done the security of our government will have improved.
Generic OS X Malware Detection Method Explained
A researcher has come up with an interesting way to look for malware on OS X. The method is based on analyzing system signal calls. This analysis shows patterns of malware that can be used to detect malware in OS X. If this system is effective it could be a good thing for OS X users going forward. While OS X is still not the malware target that Windows is, malware targeted at OS X has been increasing.
Secret Service Warns of ‘Periscope’ Skimmers
A new skimmer device has been found on an ATM in Connecticut. Periscope skimmer connects directly to the ATM circuit board. It is battery operated and can store up to 32,000 card numbers. The Periscope skimmer can’t be seen from the outside of the ATM, the skimmer is installed under the top cover of the ATM. A key is needed to open the top cover of the ATM