Tag Archives: Leakware

Security News for the Week Ending November 29, 2019

The Problem with Big Data is, Well, That it is Big

On October 16th researchers revealed that they had found an exposed database with 4 billion records covering 1.2 billion people.  The first database contained information on 1.5 billion unique people (note these numbers do not exactly match) including work phone numbers and mobile phone numbers.  The second database contains hundreds of millions of scraped profiles from LinkedIn.  The data appears to be linked to “data enrichment” firms, People Data Labs and Oxy.io, but the firms say that the server doesn’t belong to them.  They did not say that the data did not originate from them.  Likely, the server belongs to one of their customers.  The good news is that the databases do not contain passwords or credit cards, but still there is a lot of data there.  The term data enrichment is an expression for “we aggregate data from a bunch of sources and put it all together, so if all YOU have, for example is a person’s email, we can tell you how much they make, how many kids they have and the roads they travel on to work, etc…”  Source: Computer Weekly.


California DMV Made > $50 Million Last Year Selling Your Data

First the law requires you to provide all kinds of information to the DMV.  Then the DMV sells that information to anyone who’s check clears.  And they do not need to ask your permission.  In theory the law restricts who they sell your data too, but there are a lot of exceptions. One example was a private investigator who bought the information and gave it to his stalker client who killed the person.  Another is data brokers like Lexis/Nexus.  Maybe the law should be changed, but in the meantime the DMV loves the cash.  Source: Vice


Another Public Leakware Attack

As I said in my November 19, 2019 post titled “Argh – They Have a Name for it Now – Leakware“, leakware is becoming more popular.  Now we have a case of the security and building facilities firm Allied Universal ($7 billion in revenue, 200,000 employees).  Allied was breached and the hackers want money.  To make a point, they leaked 700 megabytes of data.  They say that they have 4 GB+ more to leak and they will give it to Wikileaks.  They posted the sample data to Bleeping Computer’s forum, which took it down and also to a Russian crime forum who was not so supportive.  The hackers initially wanted $2 million.  Not they want $4 million; Allied offered $50k.    A bit of a gap.  Allied says that they take security seriously but didn’t say what they planned to do to protect the stolen data.  If these hackers are Russian, there really isn’t much they can do other than to negotiate.  They have brought in security experts after the breach.  While it is useful to close the barn door once the horses are gone and the barn is burned to the ground, that probably won’t make much difference to the customers who’s data was compromised.  Stay tuned for lawsuits.  Assuming this trend continues, we need to create different defenses for ransomware.  Source: Bleeping Computer

That Thanksgiving e-Card – Yup, Its Malware

With the holiday season starting, the purveyors of malware  are in the holiday spirit too.  They are sending out millions of MALICIOUS, INFECTED e-greeting cards.

Open the card and you, too, will be infected.  In one campaign, the malware is the emotet password stealing trojan.

Open that card and all of your passwords will be sent to Russia or China or some other friendly place.

When I get one of these cards, I send the person who sent it a note thanking them, but telling them that, in an unfortunate sign of the times, it is too risky to open it.

Then I hit the delete key.  Source: Bleeping Computer

Argh – They Have a Name for it Now – Leakware

As I have been saying for a while, hackers are good at evolving.

As we see more and more ransomware attacks, a lot of the people are opting not to pay the ransom and instead deal with reconstructing their infrastructure and losing data (like police losing digital evidence and having to let crooks go).

So the hackers are in the process of evolving.

The City of Johannesburg, South Africa was hit with a ransomware attack and the attacker said that if they didn’t pay the ransom, the hackers would sell/publish the data.  We are beginning to see more of this.

The city didn’t pay and we don’t know if the hackers sold the data.  It is possible that it was a bluff and they didn’t have the data.  Only time will tell.

But from a hacker’s standpoint, that is likely the next evolution of ransomware and they have given it a name – LEAKWARE.

The premise is that good backups don’t help.  Disaster recovery plans don’t help.  Business continuity plans do not make a difference.

If I was a hacker and was contemplating a Leakware attack, I would go after high value targets.  Examples include banks, mortgage companies, big pharma and  law firms.  Also anyone with a lot of personal data like HR departments, sensitive data, financial data or intellectual property.   Especially service providers (law firms, accounting firms, contract HR and similar companies fit into this category).  These are companies that might go out of business if their customer’s data was published, hence they are very likely to pay a Leakware ransom.

The only solution to this is to do your best to protect your infrastructure.  There are a number of ways to do this – better employee training, logging with 24×7 alerting, segmentation and many others.   It takes work.  It costs money, but maybe not a fortune.  What it takes is making protecting your network a priority.

Source: Government Computer News