Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Avast_Blog_Security News: Ransomware attackers wish victims happy holidays, offer dis
#1
Bug 
Quote:
[Image: TVDumYE.png]

Plus more news bytes from the week, including California's new privacy law and some new sextortion scam tactics

In a new case of social engineering, certain ransomware attackers sent their victims holiday notes wishing them a merry Christmas and offering a limited-time discount on their ransom demands. The Maze ransomware group, which claimed responsibility for the December attack against the City of Pensacola, told Bleeping Computer that they were slashing their million-dollar demand from the Florida city to $500,000, as part of a “New Year celebration.” They also stated that they offered a 25% discount to their other ransomware victims for payments received between Christmas and New Year’s Eve. Another group – those behind the Sodinokibi ransomware attacks – sent its victims holiday messages that did not offer a discount, but did encourage quick payments in the spirit of the new year, writing, “Merry Christmas and Happy Holidays everyone! You have a great opportunity to enter the new year, leaving all the bad in the outgoing year. I advise you to write to us as soon as possible and not waste your precious time that you can spend with your family.” The note goes on to urge the victims to negotiate and pay their ransoms as soon as possible.

Did some security research run amok in 2019?

When a security researcher found an exposed Boeing server online, his analysis of the Boeing firmware was that a savvy hacker could gain access to the avionics networks of Boeing’s planes. Boeing has responded by refuting the statement. Another researcher, working on his PhD, discovered a way to remotely hack into volume controls on various devices and make them emit high-intensity sounds that could damage speakers and human ears. Read more on Dark Reading.

This week’s quote

“This cloak-and-dagger world of mostly military and government agencies working in complete secrecy is not the world we live in today… Nowadays we even have smart devices that can communicate with each other. This new digital landscape brings risks as well as opportunities.” – Elizabeth Bruton, curator of technology and engineering at the Science Museum. Read about her curation of TOP SECRET: From Cyphers To Cybersecurity

Cyberattack impacts US Coast Guard

The U.S. Coast Guard issued a bulletin in December that a ransomware attack had crippled one of their regulated facilities, causing its primary operations to be suspended for over 30 hours. The bulletin reported that when an employee clicked on a phishing email, ransomware burrowed into the facility’s system, disrupting the entire IT network which stretched beyond the footprint of the facility alone. It also compromised camera access systems, physical access systems, and critical process control monitoring systems.

This week’s stat

According to state estimates, California’s new privacy law will protect over $12 billion worth of personal information used for advertising in California each year.

California’s version of the GDPR now in effect

The California Consumer Privacy Act (CCPA) took effect on the first day of 2020, allowing residents to better control the personal data that social media sites, banks, credit agencies, and other organizations collect on them. TechCrunch reported that many companies – particularly those that voted against the law – are not ready for its new rules and regulations. As a result, the information clauses that allow consumers to opt out of data collection have been buried in each company’s privacy policies, making it difficult for users to find them. To help address the issue, one researcher is assembling a detailed list called the California Privacy Directory, which explains how to opt out of each company’s data collection.

Microsoft sues hacking group linked to North Korea

Thallium, a hacking group with ties to North Korea, is being sued by Microsoft under the complaint that the group impersonates Microsoft in phishing campaigns aiming to net usernames and passwords. The complaint alleges that Thallium has been targeting users associated with nuclear proliferation including government employees, human rights activists, university staff members, and more. The phishing emails are designed to look like official Microsoft messages, falsely alerting victims that there is a problem with their account, and urging them to enter usernames and passwords to “fix” the issue. Read more on Bloomberg Law.

Sextortion scammers use new tricks

As a way to get around spam filters, sextortion scammers have begun using a couple of new tricks that evade detection. Sextortion has become a widespread cyber ruse where attackers fraudulently claim that they have video of the victim watching adult videos online. The attackers threaten to share the video with all the victim’s contacts unless the victim pays an extortion demand. Many spam filters have learned to recognize and block these emails, so attackers have started splitting their bitcoin addresses in half and sending the emails in foreign languages, imploring the user in English to “Use Google Translate.” These tactics obfuscate the emails’ intent, keeping common spam filters from catching them. Read more on Bleeping Computer.
...
Continue Reading
[-] The following 3 users say Thank You to harlan4096 for this post:
  • dhruv2193, dinosaur07, ismail
Reply
#2
Haha!! Cybercriminals offering discounts!!! looks like they also Even they know how to market  Big Grin
[-] The following 2 users say Thank You to dhruv2193 for this post:
  • harlan4096, ismail
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>