Important Ransomware Lessons:

1 - "Prevention is better than cure"
2 - Backups help with recovery but, won't prevent a data breach. 

We now have NetWalker - “ransomware-as-a-service” (RaaS) - Threatens to publish victims’ data on the internet if ransoms are not paid.  Attackers send poisoned emails are sent that appear related to the Coronavirus crisis. It  can also masqueraded as the legitimate password management app Sticky Password.

https://www.tripwire.com/state-of-security/featured/netwalker-ransomware-what-need-know/

Salted Passwords are good. but, if old algorithms like MD5 then it is no use

In case of Mathway, the storage mechanism for the passwords is PHPASS, which gets salted MD5. Allan says " if I wanted to crack these passwords,I could do so on a rig that computes millions of MD5 hashes a second. With more secure cryptographic hashes, such as bcrypt or scrypt, it is much slower to compute the hash."

https://www.scmagazine.com/home/security-news/mathway-breach-latest-caper-for-shiny-hunters/

Android user check if your device vendor has a fix for bug StrandHogg 2.0 (CVE-2020-0096)- Similar to previously discovered StrandHogg but more dangerous and more difficult to detect. Attackers can access SMS messages and photos, swipe login credentials, track GPS movements, record phone conversations, access the camera and microphone, and review contact lists and phone logs.

https://www.scmagazine.com/home/security-news/vulnerabilities/strandhogg-2-0-bug-enables-android-app-hijacking-poses-patching-challenge/

ATM Skimmers - This one has three bad news

1 - ATM Skimmers (nothing new)
2 - ATM vendor wanted to install it
3 - The vendor enjoyed legal protection from a top anti-corruption official in the Mexican attorney general’s office.

https://krebsonsecurity.com/2020/05/report-atm-skimmer-gang-had-protection-from-mexican-attorney-generals-office/

Few ransomware stats to help manage your business risk

: 1 - Criminals succeeded in encrypting the data in 73% of these attacks.
2 - 59% of attacks involved data in the public cloud.
3- One in five organizations has a major hole in their cyber security insurance.
4 - The average cost to rectify the impacts is US$732,520 for those who do not pay the ransom, rising to US$1,448,458 for those who pay.

Good news - 56% got data back via backups than by paying the ransom .


https://news.sophos.com/en-us/2020/05/12/the-state-of-ransomware-2020/?cmp=26105

iPhone Spyware called "Hide UI" used by law enforcement, can track a suspect's passcode when it's entered into a phone. In order for this feature to work, law enforcement officials must install the covert software and then set up a scenario to put a seized device back into the hands of the suspect

https://www.nbcnews.com/tech/security/iphone-spyware-lets-cops-log-suspects-passcodes-when-cracking-doesn-n1209296

Apple products - Price Up & Quality down. wonder why? - “Apple has a poor history of paying hackers or recognizing when payment for work should occur,” said researcher Jake Davis.

https://www.cyberscoop.com/ios-zero-day-zerodium-high-supply/

Don't fall for this scam - Fake warning "someone using your Internet address has been caught viewing child pornography" - Message claims to have been sent from Microsoft Support, and says the recipient’s Windows license will be suspended unless they call an “MS Support” number to reinstate the license, the goal is to trick callers into giving fraudsters direct access to their PCs.

https://krebsonsecurity.com/2020/05/tech-support-scam-uses-child-porn-warning/

Attention Samsung fans - Vendor has released a security update for its smartphones. It includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014 (yes, the vulnerability existed for last 6 years)

https://www.tripwire.com/state-of-security/security-data-protection/six-years-samsung-smartphone-users-risk-critical-security-bug-patch-now/

How many of us are ready for this ? - LockBit Ransomware-as-a-Service (RaaS) - It is a WORM. Have we enabled a simple rule that blocks incoming connections on our "Host based firewalls"? (Remember it is packaged free with windows )

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-self-spreads-to-quickly-encrypt-225-systems/