Resources updates, 23rd March 2018

Updates to Anti-Social Media

Updates to Specific Ransomware Families and Types

  • Catalin Cimpanu for Bleeping Computer: City of Atlanta IT Systems Hit by SamSam Ransomware
  • An older article (January) but well worth reading: SamSam – The Evolution Continues Netting Over $325,000 in 4 Weeks
  • ESET on the Atlanta ransomware attack City of Atlanta computers held hostage in ransomware attack
  • My response (not used) to a request for comment: “Lately, quite a few comparatively new security issues have tended to overshadow ransomware in the media: cryptojacking, vulnerabilities relating to hardware and firmware, even privacy issues relating to social media (and especially Facebook). Yet this incident is a salutary reminder that ransomware has not gone away just because it isn’t talked about so much, and there are some examples for which there is still no decryptor available except by the ‘goodwill’ of the criminals. As long as some of the bad guys are making money out of it, the attacks will continue. It should, therefore, still be a priority for organizations and individuals to ensure that their data and systems are safely backed up and that ransomware can’t reach the backups as well as the original files.”
  • Thomas Claburn for The Register: City of Atlanta’s IT gear thoroughly pwned by ransomware – “nasty Data gone with the wind as attacker goes full Sherman”

In other news… Richard Chirgwin, for the Register: ‘R2D2’ stops disk-wipe malware before it executes evil commands – ‘Reactive Redundancy for Data Destruction Protection’ stops the likes of Shamoon and Stonedrill before they hit ‘erase’. Summarizes research from Purdue university.

Updates to Meltdown/Spectre – Related Resources (Microsoft/Windows section)

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Mac Virus

  • V3: Apple to fix iOS11 bug that enables Siri to read hidden notifications – “Bug means Siri can be asked to read aloud all your hidden notifications” (Yes, it’s more on that Siri silliness.)

Updates to Chain Mail Check


22nd March Resources Update

Cryptocurrency/Crypto-mining News and Resources

Anti-Social Media

Mac Virus

Facebook Fallout

Added to the ANTI-SOCIAL MEDIA page today:

  • For Tech Beacon, Richi Jennings does a good job (as usual) of finding ‘bloggy bits’ relating to the Facebook/Cambridge Analytica mess: No ‘likes’ for Facebook’s API leak, but it’s not a data breach—and not news. And no, the fact that Facebook collects and shares too much information isn’t exactly news. Nor, come to that, the fact that Facebook has itself engaged in some experimental social engineering though I’m guessing that fewer people are or ever were aware of those particular experiments. I think I’ll probably come back to that…
  • A comment to Richi’s announcement of that Tech Beacon article – ironically, on Facebook – brought my attention to this article by Kalev Leetaru for Forbes:

    The Problem Isn’t Cambridge Analytica: It’s Facebook. The article makes some excellent points. For instance:

    • “In 2014 academic researchers at Cornell and Facebook published research in which they had manipulated the emotions of three quarters of a million users … the research had been fully approved by Facebook and Cornell, with ethical review by Cornell’s IRB.” Yes, that’s one of the experiments I was thinking of.
    • “A central theme of the rhetoric and coverage of Cambridge Analytica is that it somehow violated accepted societal norms over the use of Facebook data … referring to it in the cybersecurity parlance of a data “breach.” In fact, this could not be further from the truth in our modern “surveillance economy.”
  • Taylor Lorenz for The Daily Beast: Mark Zuckerberg Swears He’ll Protect Your Data—Next Time – “The Facebook chief promised users that he would do more to ensure that their online lives weren’t put up for sale. One small problem: that’s kind of Facebook’s business model.”
  • Matthew Yglesias, for Vox (that’s the news site, not the music equipment manufacturer), comments on The case against Facebook – “It’s not just about privacy; its core function makes people lonely and sad.” Well, you could argue with that tagline. FB does have a useful function in terms, for instance, of connecting with friends far away. If you keep the Big Picture in mind, you sometimes forget that there are valid reasons why people are prepared to compromise their data by using Facebook (if they think about it at all). Still, there are plenty of very valid points in the article:
    • “…according to Craig Silverman’s path-breaking analysis for BuzzFeed, the 20 highest-performing fake news stories of the closing days of the 2016 campaign did better on Facebook than the 20 highest-performing real ones.”
    • “By turning news consumption and news discovery into a performative social process, Facebook turns itself into a confirmation bias machine — a machine that can best be fed through deliberate engineering….Meanwhile, Facebook is destroying the business model for outlets that make real news.”
  • Kurt Wismer makes a good point about the get-me-out-of-here trend in The problem with #DeleteFacebook. “…a movement to abandon Facebook is going to open up a lot of opportunities for fraud all at once.” He suggests disabling rather than deleting an account. (Actually, I have a similar strategy regarding LinkedIn: I’m not job-hunting any more, but I don’t want to make misuse of my name too easy.)
  • While Brian X. Chen points out for the New York Times: Want to #DeleteFacebook? You Can Try. A few pertinent points here, too:
    • “Keep in mind that Facebook isn’t the only company capable of collecting your information. One big culprit: Web trackers, like cookies embedded into websites and their ads. They are everywhere, and they follow your activities from site to site.”
    • “…you may be better off tweaking your privacy settings on the site.”
  • Help Net Security: Facebook’s trust crisis: Has it harmed democracy?  – “Facebook is losing the faith of the Americans people, according to the Digital Citizens Alliance.


David Harley

Resource updates 21st March 2018

Additions to the new Anti-Social Media page:

Additions to Meltdown/Spectre – Related Resources

New information/resource page: [anti-]social media

[This article is itself the first entry on the new page Anti-Social Media.]

Like many others, I’ve been at least partially assimilated by the social media Cookie Monster. Once upon a time I opened accounts on sites like Facebook and Twitter, so as to find out about their implications for security. (Like many others in the security profession, I suspect.) They also quickly became integrated into my armoury as a means of exchanging and disseminating information, whether it’s a matter of hard data or work-oriented PR. And when friends, colleagues and fellow musicians (some people, of course, are members of two or all three of those sets!) found me on those platforms, it would have been churlish not to have accepted invitations to link up there. (Besides, you can’t tell as much about Facebook’s workings, for instance, if you don’t actually have any Facebook friends…)

However, I’ve always borne in mind the wider implications of membership of such platforms (sociological, psychological, and security-specific), and have often written on those topics. (I’ll probably look back at some of those posts and see if any of them are worth flagging here.) But with the excitement over the Cambridge Analytica, it’s self-proclaimed success at social engineering, and its alleged misuse of data harvested from social media, I can’t help but notice that people who’ve previously expressed no interest in privacy and security have started to voice concern. So I’m going to use this page to flag some news and resources of interest. Starting with a minor deluge of advice from various quarters:

David Harley

Resource updates 20th March 2018

[Update to Ransomware Resources page, also posted to Chain Mail Check]

If I had a separate category for ‘miscellaneous extortion’ this might belong there. Included here because it isn’t just a hoax, but one that centres on extortion, though it looks as if the point is to embarrass/harass the apparent sender of the extortion email (the Michigan company VELT)  rather than actually make a direct profit from extortion. The company’s CEO told the BBC that the attacker was probably a Minecraft player who had been banned from using the Veltpvp server, by way of revenge.

[Updates to Cryptocurrency/Crypto-mining News and Resources]

[Update to Tech support scams resource page]

Sophos: Fake Amazon ad ranks top on Google search results. “Yep, not for the first time, Google’s been snookered into serving a scam tech support ad posing as an Amazon ad.”

[MacVirus news]

(1) Commenting on Symantec’s warning of a new Fakebank Android variant, Graham Cluley reports: This Android malware redirects calls you make to your bank to go to scammers instead – “MALWARE HELPS SCAMMERS TRICK YOU INTO THINKING YOU’RE SPEAKING TO YOUR BANK.”

The Fakebank malware is only targeting South Korea, right now, but Graham rightly suggests that the same gambit is likely to be re-used elsewhere.

(2) Apple has dealt a major blow to users of supercookies with a security improvement in Safari.

David Harley

Decryption for Polsk, Vortex, Flotera

Catalin Cimpanu for Bleeping Computer: Author of Polski, Vortex, and Flotera Ransomware Families Arrested in Poland.

“Authorities were able to recover data from the suspect’s laptop and remote servers, including encryption keys. Polish police are now encouraging victims of the Polski, Vortex, and Flotera ransomware families to file official complaints with local authorities so they can receive a decryption key for their files.”

Added to the Specific Ransomware Families and Types page.

David Harley

17th March 2018 resources and article updates

Specific Ransomware Families and Types

Cryptocurrency/Crypto-mining News and Resources

Mac Virus (now linked from this portal): Android antics and MacOS malware

David Harley

17th March 2018 resources and article updates

Specific Ransomware Families and Types

Cryptocurrency/Crypto-mining News and Resources

Mac Virus (now linked from AVIEN portal): Android antics and MacOS malware

David Harley

16th March 2018 resources updates

Added to the AMD section of the Meltdown/Spectre resource page, which for administrative reasons has now been moved here

Added to the Intel section:

John Leyden waxes satirical at Intel’s expense in The Register: Intel: Our next chips won’t have data leak flaws we told you totally not to worry about – “Meltdown, Spectre-free CPUs coming this year, allegedly”

Added to the Microsoft/Windows section:

Richard Chirgwin for The Register: Microsoft starts buying speculative execution exploits – “Adds bug bounty class for Meltdown and Spectre attacks on Windows and Azure”

David Harley