December's Latest Security Threats

Craig Pollack | Dec 04, 2015

Topics: Cybersecurity

December's Top Security Threats

And the hits just keep on coming...

As you can imagine, being a Managed Service Provider can be a full time job just staying up on all of these threats - let alone actively protecting our clients from them on a daily basis.

Here's a quick list of some of the latest breaches and hacks going on these days:

Reader’s Digest's Website has Been Attacking Visitors for Days

Last week it was found that an active hacking campaign was forcing Reader's Digest and many other websites to host malicious code that could surreptitiously infect visitors with malware and linger for days or weeks before being cleaned up.

Reader's Digest has been infected since last week with code originating with Angler, an off-the-shelf hack-by-numbers exploit kit that saves professional criminals the hassle of developing their own attack scripts, researchers from antivirus provider Malwarebytes said.

After it was announced that the site was infected, Reader's Digest released the following statement:

"We became aware of the malware attack last week and have been working with our security provider, technology partners and platform provider to investigate the issue and perform extensive security checks on our website. At this point, we are addressing all known vulnerabilities of the site. We take security very seriously and are taking every step to ensure the integrity of our site. We are working to resolve this issue as quickly as possible and hope to have the site running normally very shortly."

Nuclear Exploit Kit Spreading Cryptowall 4.0 Ransomware

SANS said that until recently, Cryptowall 4.0 has been moved almost exclusively via malicious spam and phishing emails. They reported that this is the first time Cryptowall 4.0 has been infecting machines via an exploit kit. They’re not moving from spam. We’ll still see CryptoWall 4.0 from malicious spam, even as we start seeing it more from exploit kits. This is just version 4.0 spreading and replacing version 3. Some criminal groups focus on malicious spam. Other groups use exploit kits. 

Cryptowall 4.0 surfaced earlier in November with updates that increase the difficulty of recovering files from compromised computers. Researchers at Bleeping Computer said the biggest change is that the ransomware now encrypts file names, in addition to data. The attackers also updated the ransom note victims are presented with to include mocking language that congratulates the victim for becoming part of the Cryptowall community.

Microsoft Removes Trust for eDellroot Certificates

In the wake of last week’s eDellroot fiasco, Microsoft announced Monday that it revoked support for the self-signed, trusted root certificates that were found on some Dell computers. In a security advisory published on Monday, the company acknowledged that in order to prevent fraud, it removed trust for the Dell-issued unconstrained digital certificates and has updated its Certificate Trust List (CTL).

Word came last week, shortly before Thanksgiving, that several models of Dell computers were shipped with a preinstalled root certificate and private key that corresponds to the certificate. As is to be expected, many were concerned the certificates could be used to issue other certificates to spoof content, spoof domains, carry out phishing attacks, or man-in-the-middle attacks.

Hacked Toymaker Leaked Gigabytes’ Worth of Data on Kids

VTech, the hacked maker of electronic toys and apps that leaked the data of 4.8 million customers, including hundreds of thousands of children, exposed gigabytes' worth of pictures and chat histories on the same compromised servers, according to an article published on Motherboard, the website that first broke news of the breach.

The news website said a hacker who asked to remain anonymous was able to download almost 200 gigabytes' worth of photos of both parents and children who had registered with the site. It's not clear why VTech stored the data on its servers in the first place the article reported.

Moody's Warns Cyber Risks Could Impact Credit Ratings

Credit rating agency Moody's Corp. warns that cyber defenses as well as breach detection, prevention and response will be higher priorities in its analysis of the creditworthiness of companies across all sectors, including healthcare and financial services.

"Moody's views material cyber threats in a similar vein as other extraordinary event risks, such as a natural disaster, with any subsequent credit impact depending on the duration and severity of the event," according to a new report from Moody's Investors Services. As the threat of cyberattacks continues to rise across all sectors, "the implications could start taking a higher priority in credit analysis," the credit ratings company says. 


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.