Risk Radar Free Cyber Newsletter – Sept 6, 2016

Cry Ransomware Uses UDP, Imgur, Google Maps
Ransomware developers are a creative bunch; they are using UDP, Imgur, and Google Maps for Cry ransomware. The ransomware is using the fake government agency ploy to hook the victims. The specific details of the Cry ransomware attack are still being researched at this time.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.

Global Smartphone Malware Jumps 98% Over Six Months
It should be no surprise that Smartphone malware continues to increase. Android accounts for the majority of malware increase; phones connected to Windows are next with i0S being coming in last. For the Android user the Nexus phones (soon to be Pixel) are a great option due timely OS updates and security patches.

Google shuts down a potentially big bug and patches Quadrooter, while Apple has patched Trident.
Researcher: It’s Official, 69 Million Dropbox Accounts Leaked
The Dropbox accounts breach in 2012 just keep growing, it has been verified that more than 60 million accounts have been made public. If you received an email from Dropbox to change your password you may want to set up the two-factor authentication while you change the password.

Linux rootkit, named for Pokémon’s Umbreon, targets Linux
A Linux root kit named after Umbreon from Pokemon has been discovered by Trend Micro. The root kit has to be manually installed on the device or server. This should limit the spread of the root kit, but if infected the root kit is very effective at bypassing security and setting up a back door in the device.
This Malware Can Transfer Data via USB Emissions from Air-Gapped Computers
There is another attack on air-gapped computers, this time using existing modified USB devices. The modified USB device enables the computers USB internal data bus to be used as the transmitter. The attacker needs to be 3 to 5 meters from the computer to receive the data from the air-gapped computer.
Google’s Clever Plan to Stop Aspiring ISIS Recruits
Google is using an adwords/keyword style approach to dissuade people from joining ISIS. Base on known search terms and phrases Google is intentionally feeding the person searching on ISIS adds that link to anti-ISIS information. It is basically a redirect method that hopes to minimize the chance of people joining ISIS.