September 1, 2020
Russian cybercrime suspect
arrested in $1m ransomware conspiracy
By Paul Ducklin
Here’s a cybercrime conspiracy story with a difference.
When we write about network-wide ransomware attacks where a
whole company is blackmailed in one go, two burning questions immediately come
up:
- How
much money did the crooks demand?
- Did
the victim pay up?
The answers vary, but as you have probably read here on
Naked Security, modern ransomware criminals often use a two-pronged extortion
technique in an attempt to maximise their asking price.
First, the crooks steal a trove of company files that they
threaten to make public or to sell on to other crooks; then they scramble the
data files on all the company’s computers in order to bring business to a halt.
Pay up the blackmail money, say the crooks, and they will
not only “guarantee” that the stolen data will never be passed on to anyone
else, but also provide a decryption program to reconstitute all the scrambled
files so that business operations can resume.
Recent reports include an attack on fitness tracking company
Garmin, which was allegedly
blackmailed for $10m and did pay up, though apparently after
wangling the amount down into the “multi-million” range; and on business travel
company CWT, which faced a similar seven-figure demand and ended up handing
over $4.5m to the criminals to get its business back on the rails.
In contrast, legal firm Grubman Shire Meiselas & Sacks
faced a whopping $42m ransomware extortion demand but faced it down, likening the
crooks to terrorists and refusing
to pay a penny.
More recently, US liquor giant Brown-Forman took a similar
stance, refusing
to deal with criminals after its network was infiltrated.
Read more at https://nakedsecurity.sophos.com/2020/08/27/russian-cybercrime-suspect-arrested-in-1m-ransomware-conspiracy/
Fake Android notifications –
first Google, then Microsoft affected
By Paul Ducklin
If you’re a Google Android user, you may have been pestered
over the past week by popup notifications that you didn’t expect and certainly
didn’t want.
The first mainstream victim seems to have been Google’s own
Hangouts app.
Users all over the world, and therefore at all times of day
(many users complained of being woken up unnecessarily), received spammy
looking messages.
The messages didn’t contain any suggested links or demand
any action from the recipient, so there was no obvious cybercriminal intent.
Indeed, the messages did indeed look like some sort of test
– but by whom, and for what purpose?
The four exclamation points suggested someone of a hackerish
persuasion – perhaps some sort of overcooked “proof of concept” (PoC) aimed at
making a point, sent out by someone who lacked the social grace or the
legalistic sensitivity of knowing when to stop.
Read more at https://nakedsecurity.sophos.com/2020/08/28/fake-android-notifications-first-google-then-microsoft-affected/
“Chrome considered harmful”
– the Law of Unintended Consequences
By Paul Ducklin
An excellent article appeared last week on the APNIC blog.
Researched and written by Matthew Thomas of
Verisign, the article is entitled Chromium’s
impact on root DNS traffic, and it has raised some important issues
amongst the Chromium browser development community relating to a feature in the
browser code that’s known as the Intranet Redirect Detector.
To explain.
APNIC is the Asia
Pacific Network Information Centre, headquartered in Brisbane, Australia,
one of five internet number registries around the world.
These Regional Internet Registries (RIRs) look after global
IP number allocations, maintain definitive internet domain name databases for
their regions, and generally concern themselves with the health of the global
internet.
As you can imagine, anything that upsets the balance of the
internet – from spamming and cybercrime to misconfigured servers and
badly-behaved network software – is of great concern to the RIRs.
The root DNS servers form the heart of the global
Domain Name System, which automatically converts human-friendly server names
such as nakedsecurity.sophos.com into network numbers that computers can use to
send and receive traffic, such as 192.0.66.200 (that was our IP number when I
looked it up today, as shown below).
As you can imagine, any unnecessary load on the root DNS
servers could slow down internet access for all of us, by stretching out the
time taken convert names to numbers, something that our browsers need to do all
the time as we click from link to link online.
Chromium, as you almost
certainly know, is a Google open-source project that produces the software at
the core of many contemporary browsers, notably Google’s own Chrome Browser,
which accounts for the majority of web traffic these days on laptops and mobile
phones alike.
Chromium
is also used in many other browsers, including Vivaldi, Brave and – recently,
at least – Microsoft Edge. (Of today’s mainstream browsers, only Safari and
Firefox aren’t based on a Chromium core.)
Read more at https://nakedsecurity.sophos.com/2020/08/26/chrome-considered-harmful-the-law-of-unintended-consequences/