Last Week In Blockchain and CyberSecurity News - August 20, 2019

Ransomware Strike Takes Down 23 Texas Local Government Agencies

Last week, Texas was hit with the largest coordinated ransomware attack seen against multiple governments. On August 16, a single entity targeted 23 local government organizations in Texas with ransomware. The origins of the attack are currently unknown but are being investigated by the DIR, Texas Military Department, and other Texas authorities.  

The specific ransomware strain is also unknown as details regarding the attack have not been released as a security precaution. This year has seen a substantial increase in ransomware attacks against businesses and governments - up 365 percent from last year.  

In the first six months of 2019, there have been 22 ransomware attacks on various government entities (city, county, and state). The financial damage from these attacks have been significant as well; Baltimore has already faced $18 million in revenue losses and costs of recovering from its attack in May.  

Read more here

Facebook Records User Audio, Sparking Privacy Questions

Facebook recently admitted that it has been transcribing users’ audio chats on its messenger platform, putting the tech giant’s data-handling practices under scrutiny yet again. To make matters worse, they’ve been paying hundreds of outside contractors to complete this task. 

In response, Facebook stated that users have a choice as to whether their voice chats are transcribed, saying that they “only access users’ microphone if the user has given our app permission and if they are actively using a specific feature that requires audio (like voice messaging features).”  

Earlier this week, Facebook claimed they would halt the program to review its privacy implications. Many are upset with Facebook’s lack of transparency citing that information of how long Facebook stores the audio transcriptions, and how they obtain it, is non-existent. Using a vague design and ambiguous language, companies like Facebook have been able to virtually do as they please with your data.  

Facebook is not the only company that has run into these types of privacy issues. Amazon, Apple, and Google have all experienced their troubles regarding audio clips and the contractors that analyze them.  

Read more here

700,000 Choice Hotels Records Leaked in Data Breach, Ransom Demanded

An insecure database containing Choice Hotels data was found publicly available with no password or authentication protection, leaving a total of 5.6 million records exposed for anyone to view. Choice Hotels has stated a large portion of the records was test information; however, they did confirm 700,000 records were genuine. The data includes information such as names, email addresses, and phone numbers. 

The researcher who discovered the unprotected database, Bob Diachenko, also uncovered a ransom note that claimed that “700,000 records had been stolen and backed up elsewhere and demanded 0.4 Bitcoin (BTC), approximately $4,000 at the time of writing, from the owners.”  

There has been no evidence linking sensitive information to the data breach; however, the information that was stolen could be used in tailored phishing campaigns.   

Get more information here

New Cryptojacking Malware Uses an Interesting Trick to Remain Hidden

Researchers discovered a new high-performance Monero cryptocurrency miner which employs numerous evasion techniques to avoid discovery. In its infection stage, depending on the OS’s bit type, the “malware will choose a different execution path and launch different processes.” Once that process is completed, the malware injects a UPX-obfuscated version of the miner to Notepad, Explorer, or another application depending on the execution path. 

Once the malware is installed on the system, the cryptominer begins to use resources to mine Monero. As an evasion tactic, it terminates the mining process every time the Task Manager is opened, decreasing its chance of being discovered. Once the Task Manager is closed, the crypto miner resumes its malicious activity.   

The cryptominer is built to be persistent and will keep regular contact with its command and control server to presumably listen for instructions from the attacker. 

Read more here

Kaspersky Antivirus Flaw Exposes Users to Cross-Site Tracking Online

A vulnerability in the Kaspersky Antivirus software exposes unique identifiers associated with customers that have visited any website within the past 4 years.  

The vulnerability, CVE-2019-8286, may have allowed those websites or third-party services to track an individual's activity even if third-party cookies were blocked or erased. Security researcher Ronald Eikenberg states that the vulnerability derives in the way a “URL scanning module integrated into the antivirus software, called Kaspersky URL Advisor, works.”  

Eikenberg further describes the vulnerability, stating that “[b]y default, Kaspersky Internet security solution injects a remotely-hosted JavaScript file directly into the HTML code of every web page you visit—for all web browsers, even in incognito mode—in an attempt to check if the page belongs to the list of suspicious and phishing web addresses.” 

Many antiviruses employ a similar tactic to monitor web pages for malicious content; however, Eikenberg found that the URL of the JavaScript file contains a string that is unique to every Kaspersky user (like a UUID) that can be used by websites or other third-party services.  

Kaspersky has fixed the security issue and classified the vulnerability as a User Data disclosure.    

Read more here