Anti-social media part umpteen

BBC: Children ‘blackmailed’ for sexual images in online video chats. “A surge in the use of video chats and live-streaming among children is leaving them vulnerable to abuse, the NSPCC has warned, calling for a social network regulator to be introduced.”

---

Graham Cluley: Facebook Portal isn’t designed to be as private as you might hope – Graham says “I doubt I’m alone in the world in thinking that allowing Facebook, of all companies, into your home with a microphone and a video camera is a pretty terrible idea.” Indeed he isn’t… And this story is not reassuring, with FB’s weaselly partial backtracking on the assertion that it would not collect data for targeted advertising.

---

I’m not the biggest fan of SANS and its newsletters. (That would be SANS…) But the Top Of The News section in its October 19th 2018 Newsbites newsletter includes a number of links relevant to election interference and social media that you might find worth reading.

David Harley

Would the last security guru to leave Facebook please turn out the lights?

Veteran (in the nicest possible way) security commentator Graham Cluley is no longer maintaining his Facebook page, saying: ‘For years I’ve been uncomfortable with Facebook, and called them out for their exploitation of a userbase which is mostly unaware of how their personal information is being exploited … Quitting Facebook is hard enough for many people, I don’t want to give anybody another reason to stay.’ In his article An apology to my Facebook followers he does, of course, point out all the other ways in which his opinions and advice (always worth reading) can be followed. 

And he has a point: while my own Facebook audience is much smaller and probably more specialized, I’m considering (again) doing the same thing. (Which would also have the advantage of reducing the number of places where I have to flag my own posts, he said selfishly.) But if the entire security community heads for the exit, that might not be a Good Thing for all the people who rarely use anything but Facebook and who might actually be benefiting occasionally from sound security comment published there. 

(And no, I’m absolutely not trying to say that Graham – or the rest of us – shouldn’t leave.)

David Harley

Social media and privacy

• [April 7th 2018] The Guardian: Christopher Wylie: Why I broke the Facebook data story – and what should happen now – “The whistleblower at the centre of the Cambridge Analytica storm asks if Britain will now address the hard issues which it has raised”
• [April 4th 2018] Daring Fireball quoting New York Times and Washington Post: FACEBOOK SHARPLY INCREASES ESTIMATE OF HOW MANY USERS’ INFORMATION WAS HARVESTED BY CAMBRIDGE ANALYTICA (the Post comment relates to the more recent profile scraping story, but it does tie in).
• [April 6th 2018] Graham Cluley:
  

  Facebook’s secret plan to access hospital patient records – “PRIVACY IS THE FIRST CASUALTY.” Graham rightly notes that this is not the first such case, as Google “attempted similar hook-ups with the UK’s National Health Service, with controversial results“.

  David Harley

17th March 2018 resources and article updates

Specific Ransomware Families and Types

• Checkpoint: The GandCrab Ransomware Mindset
• Kaspersky: GANDCRAB RANSOMWARE CROOKS TAKE AGILE DEVELOPMENT APPROACH

Cryptocurrency/Crypto-mining News and Resources

• PETER KÁLNAI and MICHAL POSLUŠNÝ for ESET (posted 14th March): Dangerous malware stealing bitcoin hosted on Download.com for years
• McAfee: McAfee Researchers Analyze Dark Side of Cryptocurrency Craze: Its Effect on Cybercrime
• Patrick Wardle: A Surreptitious Cryptocurrency Miner in the Mac App Store? > a free calender app possesses more than meets the eye!
• Graham Cluley: Calendar 2 app pulled from Mac App Store after cryptomining controversy – “APPLE APPROVED MISBEHAVING CRYPTOMINING FEATURE.”

Mac Virus (now linked from this portal): Android antics and MacOS malware

David Harley

Support Scamming by the Numbers

Hacked web pages redirecting to tech support scam pages. Info from Jérôme Segura for Malwarebytes: The numeric tech support scam campaign

David Bisson for Graham Cluley’s blog: Compromised websites redirecting tech support scam hosted on numeric domains – Wait, there’s a malvertising vector, as well?!

David Harley

Patcher/Filezip/Filecoder – data recovery and naming

Because of time issues, I added the malware ESET calls OSX/Filecoder.E to the Specific Ransomware Families and Types page but didn’t give it an article of its own here. Since there is important news (to potential victims) from Malwarebytes and Sophos, I’m repairing that omission here.

• MARC-ETIENNE M.LÉVEILLÉ for ESET: New crypto-ransomware hits macOS – malware that calls itself ‘Patcher’, detected by ESET as OSX/Filecoder.E [22nd February 2017]
• Thomas Reed for Malwarebytes: Mac ransomware on piracy sites – Malwarebytes calls it OSX.Findzip.[23rd February 2017]
• Thomas Reed’s follow-up: Decrypting after a Findzip ransomware infection. Very useful work on recovering data (the gang behind the ransomware will take your money, but can’t provide you with a way of decrypting it). [February 28th 2017]
• Paul Ducklin for Sophos: ‘Filecode’ ransomware attacks your Mac – how to recover for free [28th February 2017]
• Commentary by Graham Cluley: How to recover from the FileCoder ransomware on your Mac – Buggy ransomware didn’t offer a method of recovery even if you paid the extortionists. Until now. [March 1st 2017]

Note that both Reed and Cluley sometimes refer to the malware as FileCoder. This is potentially misleading: while ESET, which first uncovered the thing, detects it as OSX/Filecoder.E, the term ‘Filecoder’ is used generically by the company to denote crypto-ransomware, so you/we need to use the full name ‘OSX/Filecoder.E’ to distinguish it from other, unrelated ransomware families.

David Harley

Ransomware targeting schools

Action Fraud warns that:

Fraudsters are posing [as] government officials in order to trick people into installing ransomware which encrypts files on victim’s computers [by] …cold calling education establishments claiming to be from the “Department of Education”. They then ask to be given the personal email and/or phone number of the head teacher/financial administrator.*

They claim that they need to email guidance to the person in authority because of sensitive comment. However, the attachment contains ransomware.

* Contains public sector information licensed under the Open Government Licence v3.0.

Commentary by Graham Cluley for BitDefender: Schools warned about cold-calling ransomware attacks

David Harley

 

Support scammer targeting TalkTalk customer (again)

There have been suspicions before that TalkTalk customers have been targeted by tech support scammers who know more about their intended victims (and their issues with TalkTalk) than they should. I’ve alluded to them in some articles on this site.

I don’t, of course, know the facts behind those suspicions, but I note that Graham Cluley has encountered another curious incident – I won’t say coincidence…

Brand new TalkTalk customer is targeted by phone scammer – A problem at TalkTalk? Say it ain’t so.

David Harley

Reporting cybercrime

I haven’t checked the links yet, but Yasin Soliman’s article for Graham Cluley’s site looks really useful. How to report a cybercrime – Who you gonna call? includes a table with contact points in the US appropriate to several categories: I’m guessing that followers of this blog will find the links for ‘Internet fraud and SPAM’ particularly relevant. There are also links to agencies in other parts of the world.

The trouble with compiling such lists of links (which I’ve done many times over the years, in a variety of contexts) is that the links change over time, not only because web pages get changed around, but because agencies (like security companies) are renamed or replaced, or disappear altogether. Right now, though, this looks like an excellent resource.

David Harley

Ransomware and a rumoured Apple ID breach

For CSO Online, Steve Ragan describes how Ransom demands are written in Russian via the Find my iPhone service. Here’s how he describes the attack:

It starts with a compromised Apple ID. From there, the attacker uses Find My iPhone and places the victim’s device into lost mode. At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it.

Thomas Reed also described a similar attack a few months back using iCloud’s ‘Find My Mac’.

Ragan also mentions ‘a rumor concerning “rumblings of a massive (40 million) data breach at Apple.”‘ I’ve seen no confirmation of that anywhere, but it’s certainly a good time to check that your AppleID credentials are in good shape.

Commentary by Graham Cluley here. You might want to consider taking up his suggestion of  enabling two-step verification on your Apple ID account, too.

David Harley