While that was going on, here are a few more bits of news that broke.
NAS-ty hole spotted in iSCSI boxes
Another day, another massive data exposure from devices erroneously left wide open to the public internet.
This time, it’s a collection of some 13,500 iSCSI storage devices that were left open to be crawled by Shodan. Researcher “A Shadow” revealed, via a report to ZDnet, that the local storage clusters had been exposed and could have potentially been compromised.
Not all of the devices were left entirely unprotected, however. The report notes that a number of the boxes at least had some password protection.
Now is a good time to check all your attached devices and make sure nothing is left open. We are getting so tired of having to cover these stories.
Albany rocked by ransomware
The city of Albany, best known as the place nobody believes is actually the capital of New York state, has become the latest metropolis to fall victim to a massive ransomware infection.
Earlier this week, city officials reported that nearly all of its services were back online following a ransomware outage that had hit its network.
Among the services that were offline temporarily were orders for marriage certificates as well as birth and death certificates. Fortunately, it appears that the city is recovering well from the incident and no personal information was compromised or data permanently lost.
Should a company fall victim to ransomware, experts recommend that rather than try to pay the demand (which often does not result in full recovery anyway) they look to restore systems from backups, which should be done regularly as a matter of precaution anyway.
Teens in hot water for school WiFi hack
What ever happened to just playing sick?
A pair of teenagers from New Jersey are facing serious criminal charges after they were caught taking down the school’s Wi-Fi network to get out of a test.
The pair of students from Seacaucus High School have been tagged with counts of computer criminal activity and conspiracy after they were found to be responsible for repeated outages of the Wi-Fi network. The reason? Well, according to WBRZ, Seacaucus High relies on an internet-based curriculum for some of its classes, meaning without the WFi network, students could not complete assignments or take tests.
Because of this, the two students found they could effectively get out of tests (and help out other students who asked them for help) by DDoSing the school’s Wi-Fi network.
Unfortunately, the school did not find the scheme so funny, and the pair of unnamed juveniles now face a court date.
The report explores the market for malware that, rather than try to pull details stored on a machine, instead sits on a server and harvests card numbers as they are entered into a company’s payment pages.
Group-IB contends that this market has not been given its due by security researchers and, as a result, criminals have been able to capitalize with massive card heists.
“The threat posed by JS‑sniffers was long under the radar of malware analysts, who deemed it insignificant and unworthy of an in-depth research,” the Moscow-based security house writes.
“However, several incidents have shown the opposite to be true, including: 380,000 victims of a JS‑sniffer that infected the British Airways website and mobile app, the compromise of Ticketmaster users’ payment data, and the recent incident involving the UK website of the international sporting goods giant Fila, which could have led to the theft of payment details of at least 5,600 customers.”
FireEye says FIN6 hack group changing course with new attacks
A cybercrime crew previously only thought to be targeting payment cards has now moved into ransomware.
This from researchers with US threat intel firm FireEye, who made the discovery while responding to an attack on an engineering firm. The researchers eventually were able to attribute the attack to cybercrime operation FIN6, but were puzzled as to why a group that had previously just focused on retail was now going after other business sectors.
“FIN6 has traditionally conducted intrusions targeting payment card data from Point-of-Sale (POS) or eCommerce systems. This incident’s targeting of the engineering industry would be inconsistent with that objective,” FireEye explained.
“However, we have recently identified multiple targeted Ryuk and LockerGoga ransomware incidents showing ties to FIN6, through both Mandiant incident response investigations and FireEye Intelligence research into threats impacting other organizations.”
Just what is causing this pivot isn’t immediately known, though FireEye suggests it may simply be a matter of individual group members carrying out ransom attacks on the side, or that the group as a whole may have decided that ransomware attacks were a more lucrative use of their time than sitting around passively slurping card numbers.
FBI taken to task for slow notifications
The system the FBI uses to let Americans known when they are the victims of cybercrime is falling woefully short of its goals.
This according to a report (PDF) from the DOJ’s Inspector General, whole compiled an audit on the effectiveness of the FBI’s Cyber Guardian notification system.
The investigation noted that among the failings of the program were an epidemic of typographical errors that prevented notices from being sent out, slow and unclear plans for notifying victims and a lack of cooperation with other agencies in compiling and sending out notices.
“The FBI established Cyber Guardian for tracking thee production, dissemination, and disposition of cyber vlctim notifications which can help victims mitigate the damage caused by cyber Intrusions and Iease the potential for Intelligence collection by the FBI,” the report noted. “However, we found that the data In Cyber Guardian was incomplete and unreliable, making the FBI unable to determine whether all victims are being notified.”
Fortunately, the Cyber Guardian program won’t be around much longer. The FBI plans to launch a new, and hopefully more effective, system later this year. ®
Top 5 Threat Hunting Myths