Risk Radar Free Cyber Newsletter – Sept 28, 2016

MarsJoke Ransomware Targets .EDU, .GOV Agencies
A new ransomware is targeting state and local agencies, a large scale email campaign has been discovered that delivers MarsJoke. MarsJoke does not use the macro based document attack that Locky is using, it depends on well-crafted spam emails that get the victim to download a file that installs the ransomware.

Locky does not want to be out done, so it still has waves of never ending spam going out.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.

Researchers Find ‘Severe’ Password Security Hole with iOS 10 Backups
The security of backups in iOS 10 has been weakened compared to iOS 9. Security researchers have discovered that security checks have been skipped in the iOS 10 backup, this enables the backup password to be cracked much faster. Apple is aware of this security issue, they are working on a fix now.

Powerful DDoS attacks leveraging IoT devices hit several companies
A series of record setting DDoS attacks have happened in the last week. Brian Krebs and other companies have been attacked with this DDoS. The use of a large number of infected IoT devices is what makes this DDoS attack new and interesting.  The DDoS attack is a non-amplified attack, the use of infected IoT devices makes this attack a game changer. Akamai has said the attack on Brian Krebs site was twice as large as any DDoS attack they have seen.

Yahoo breach leaves 500 million accounts compromised
Yahoo has acknowledged that a breach in 2014 has compromised as many as 500 million accounts. More sensitive information like unprotected passwords and credit card information has not been compromised according to Yahoo. Yahoo recommends user to check out their online accounts, a password change and enabling of two-factor authentication may need to be done.
FBI ransomware alert: Don’t pay; report, defend against attacks
The FBI has issued an alert urging ransomware victims to report the attacks to the government and to not pay the ransom if at all possible. The government is looking to get more information on ransomware attacks, thus enabling a better defense of ransomware to be put together.
Malware Evades Detection with Novel Technique
There is a new strain of document based malware that hides itself from security researchers. Virtual machines are used to run malware safely, the VM enable researchers to safely study the malware. This new strain of macro based malware docs check for other document files in the PC before it attacks, it also checks for known IP address’ that security researchers use.