GrandCrab Grabs More Than $600,000 In Ransom Payments

While ransomware attacks have seen a slight decline since 2017, they have become far more sophisticated. One of the more prolific is GandCrab. It surfaced in January of this year. Not only is it prolific, it is also noted for how its “authors have managed to keep one step ahead of defenders.” In the span of three months, according to darkreading.com, “the malware had infected over 50,000 systems and netted its operators over $600,000 in ransom payments.” As darkreading.com points out, “One of the other unusual aspects of GandCrab is the way it’s delivered or, in this case, the ways in which it’s delivered.” https://www.darkreading.com/attacks-breaches/gandcrab-ransomware-goes-agile/d/d-id/1331336?ngAction=register&ngAsset=389473

In addition, the Scarab ransomware that surfaced in 2017  is still creating havoc in the business world. It is changing tactics which include, according to securityweek.com, “seeking to frighten victims into rapid payment by threatening to permanently delete files every day that the ransom remains unpaid. “ https://www.securityweek.com/malware-activity-slows-attacks-more-sophisticated-report

As ransomware attacks are experiencing a minor decline, crypto-mining is on the rise. And there’s a shift that is taking place from the personal to the business sector.

While bitcoin remains the most frequently demanded payment mechanism for ransomware, there has been some recent diversification into other cryptocurrencies. GandCrab, for example, demands payment in Dash which requires lower transaction fees and provides a little more anonymity.

https://www.securityweek.com/malware-activity-slows-attacks-more-sophisticated-report

The need for cybersecurity has never been greater and will only increase as the criminal attackers get more and more sophisticated. Call our offices to set up a consultation. We now offer the most advanced level of cyber security, the new EUgrc Compliance Suite(https://www.eugrc.com/)

 

 

 

 

 

 

Fitness App Scammers Pinpoint Where Users Work And Live

Technology is becoming more and more important to the everyday lives of millions as we count on it to keep track of our every step, let us know when we are sleeping deeply, how fast our hearts beat at any given moment, ad infinitum. What we tend to ignore is that scammers can hack and track every move too. That means they can find out exactly where you live and work.

Point in case comes from a recent article posted on Naked Security which elaborates on the efforts of a Dutch news site that was tipped off about a flawed tracking app by a Finnish fitness wearables company that was highly hackable.  The app has been shut down, however before that happened,  the news site did more research and found out that they could “pinpoint highly sensitive military and intelligence operatives and quickly find out where they live.” https://nakedsecurity.sophos.com/2018/07/10/privates-on-parade-fitness-tracker-app-reveals-sensitive-user-details/

Iconic Details

Here are the details as posted. “The flaw lay in the way that Polar Flow displayed the details of users’ workouts over several years and allowed people to search for them. The web app displayed icons in a geographic area of the visitor’s choicer, indicating exactly where someone had worked out. Clicking on an icon revealed the details that the person had registered in the app along with all their other workout locations. The researchers could use that information to find workout routes that began and ended at the same residential address to pinpoint where they lived.” https://nakedsecurity.sophos.com/2018/07/10/privates-on-parade-fitness-tracker-app-reveals-sensitive-user-details/

Overrides Privacy Feature And Fake Names

As the article points out, “They also used this technique to identify workouts near sensitive sites such as military bases, detention centers, intelligence offices and nuclear weapons sites. They could then identify employees by name and search their other workouts to find their homes. Even when people had marked themselves private in the app or registered with a fake name, the reporters were still able to find their identities. Polar Flow still exposed a unique identifying number, and allowed public searches using that ID. The app revealed all their logged activity to anyone who searched, enabling the reporters to quickly track down the private individual’s home address. From there, a quick public record search revealed their real name.” https://nakedsecurity.sophos.com/2018/07/10/privates-on-parade-fitness-tracker-app-reveals-sensitive-user-details/ 

Individual Efforts

Technology is exciting and helpful, yet it exposes anyone who uses it for personal reasons to the exploits of the criminally minded. Privacy is an exponentially growing issue in technology. It is something that everyone must be aware of in every sector of society. Those of us in the cybersecurity world are working to keep the corporate environments safe – those businesses that manage much personal financial information have been the major source of identity theft. Now, though, the private sector is becoming an even easier way for the criminals to not only grab important financial information, but exact home and business addresses. Companies are working to overcome these flaws and, we in the cybersecurity world are working to make it more difficult and eventually impossible for hackers to do their nefarious business. In the meantime, it’s up to every individual to protect their private information as best they can.