Work from home is the new normal. But have you thought about what could happen when you leave your workspace unattended at home? What happens when you do not adopt the necessary security measures while handling your organization’s critical data? This week’s news headlines shed light on some fascinating updates from the world of cybersecurity that shall make you rethink your online security measures.
Child Plays Around, Posts Gibberish On USSTRATCOM’s Official Twitter Page
A gibberish tweet went out from the official Twitter account of the US Strategic Command. The tweet caused an alarming situation, making the QAnon conspiracy theorists suspecting it to be the symbol of some impending attack. The tweet which read “;l;;gmlxzssaw” caused havoc because US Strategic Command is in charge of the nation’s launch codes for the nuclear arsenal. A Freedom of Information Act (FOIA) was filed by Daily Dot reporter Mikael Thalen, who was then informed that the tweet had no links to any breach.
The tweet was, in fact, the result of the playfulness of the very young child of the US Strategic Command’s telecommuting social media manager. He had left his laptop unattended and the child commandeered with the keyboard. The USSTRATCOM clarified that their ransomware protection tools were in place, and there is no reason for anybody to worry. However, this incident speaks of the stress that employees face due to the additional pressure brought in by the work-from-home situation. If no measures are taken to create a stress-free working environment for employees, then we are sure to witness more cybersecurity negligence and attacks on organizations in the future!
Booking.com Loses Twice Against Cybersecurity
Over 4000 customers had lost their data in a recent attack on the hotel booking platform Booking.com. Besides, 300 people lost their credit card details in the incident. The Amsterdam-based company was supposed to report the security breach to the Dutch data protection authority within 72 hours. But they cared to update the authorities almost a month late. Consequently, the company is in double loss as the Dutch regulator has imposed a fine of €475,000 on Booking.com.
Vice president of the Dutch regulator, Monique Verdier, calls this a severe violation of cybersecurity protocols. Since cyberattacks are inevitable, it is essential to report them on time to reduce the damage, says Verdier.
Kansas Man Indicted for Hacking a Local Water Utility
The US Department of Justice has indicted a 22-year-old resident of Kansas for attempting to disrupt the water processing services and harming the public by hacking into the systems of a local water utility. Wyatt Travnichek had worked for a year with the water utility from January 2018 to January 2019. The Post Rock Rural Water District attack took place on 27th March 2019 when Wyatt shut down the district’s facilities for cleaning and disinfecting the water. The attack’s clear objective was to harm the population of the Ellsworth Rural Water District No. 1.
Since the EPA is very particular about its drinking water systems’ security, strict legal actions await Wyatt. If found guilty, he may have a maximum of 5 years in prison and a fine of up to $250,000 for hacking the computer systems. He may have up to 20 years in prison and a fine of $250,000 for meddling with a public water system. The indictment is a message for all notorious hackers that their acts of sabotaging email security system shall be brutally punished.
Beware of Fake Cybersecurity Companies
Cyber adversaries can be condemned for their evil ways, but their innovations never cease to amaze us. In the latest hacking scheme, North Korean government-backed attackers create fake security companies to launch malware attacks on cybersecurity researchers.
The fake cybersecurity company by the name of ‘SecuriElite’ claims to provide software security assessments, pen tests, and exploits. The threat actors have also created several Twitter and LinkedIn accounts where they claim to be this fake company’s employees. Any unsuspecting user who reaches their website by following the link in any of these fake social media accounts is sure to trigger a browser exploit. The authorities have suspended seven fake LinkedIn profiles and 8 Twitter profiles since the campaign went live on 17th March.
The adversaries aim to build a rapport with cybersecurity researchers using these fake research blogs, cybersecurity websites, and social media accounts. This incident was followed by a revelation from the South Korean cybersecurity firm ENKI that a zero-day exploit has been detected in Internet Explorer. The malicious actors wish to use security researchers as pawns to stay abreast of zero-day research and use the unpatched vulnerabilities to more targeted and severe attacks.
Two Hackers Manipulated Chinese Identity Verification System
Facial recognition is widely used in China for identity verification, but two threat actors have manipulated this security measure in a recent incident. Two hackers in china have conned a government-run identity verification system using an app that converts photos to videos.
They tricked the State Taxation Administration’s identity verification system using high-definition photos of some of the actual employees and converted those to videos. These malicious hackers then used a smartphone that let them bypass the camera during facial authentication and played their concocted videos while the facial recognition test was happening. Once they were in, the attackers issued fake invoices and hoped to be paid. This wasn’t their first time messing with facial recognition systems. Legal actions await this duo for meddling with cybersecurity tools.
Ziggy Ransomware Shuts Down, Refunds to Victims
Can cyber criminals mend their ways and become ethical hackers? Well, the Ziggy ransomware administrator sure has plans of becoming a ransomware hunter. Ziggy reached its end of the operation in February this year. Since then, its administrator has been doing unusual things. They announced that they regret their actions and would publish all decryption keys. The next day (on 7th February), Ziggy released an SQL file with 922 decryption keys and a decryption tool to make things easy for victims. They also provided the source code for a decryptor that operates without an internet connection.
Now the Ziggy administrator has made another announcement and said that they fear the consequences of being caught by law enforcement. That’s why they will return victims all the money they paid as ransom. An email address has been provided (ziggyransomware@secmail.pro) where victims can send payment proofs and computer ID. The money would be credited to their bitcoin wallet in two weeks.
The Ziggy administrator clarified that the refund would be made at the Bitcoin value on the payment day. They further stated that they belonged from a third-world country and had to sell their house to gather the required funds to make the refunds to Ziggy victims.