Inside Security - December 13th, 2019

Inside Security (Dec 13th, 2019)

Subscribe | View in browser

1. Overall malware threats soared 523 percent, reaching 2.6 million this year, according to the latest stats from Kaspersky Lab. Malware varieties grew 13.7 percent, primarily fueled by a 187 percent growth in web skimmers used to steal credit card information. In addition, the number of new backdoors increased by 134 percent, reaching 7.6 million in 2019. The number of new banking trojans jumped 61 percent in 2019, while the number of attempts to install miners on victims' computers declined by 59 percent. KASPERSKY/ TWITTER

2. Attackers could exploit critical vulnerabilities in Siemens' distributed control system for power plants to launch denial of service or arbitrary code execution attacks. Researchers from various companies identified more than 50 vulnerabilities in the SPPA-T3000 application server and MS3000 migration server that control fossil fuel and renewable energy power plants, according to a security advisory from Siemens. To exploit these weaknesses, attackers would need access to either the Application or Automation Highway, which should not be exposed if users have followed the recommended system configuration. Siemens said it is working on updates to fix the vulnerabilities and advised users to take a number of mitigation steps in the meantime, including using the SPPA-T3000 firewall to restrict access to the Application Highway. -- SECURITY WEEK

3. Hackers have been able to gain access into Ring camera security systems in four states -- Mississippi, Georgia, Florida, and Texas. The hackers used their access to demand ransom in Bitcoin, insult families using racial slurs, and encourage kids to destroy things in the home. In one incident, a hacker gained access to a ring camera and threatened to "terminate" the home's occupants if they didn't pay a 50 Bitcoin ransom. Ring responded that it had no evidence of hackers gaining unauthorized access to or compromising Ring's systems or network. Rather, Ring blamed the incidents on credential stuffing in which username and passwords leaked from other sources were used to log in to the Ring users' accounts. Ring said it "took appropriate actions to promptly block bad actors from known affected Ring accounts and affected users have been contacted." -- ABC NEWS

4. Cybercriminals behind the REvil ransomware, also known as Sodinokibi, are threatening to publish data stolen from a U.S. data center provider as an added incentive to pay ransom. UNKN, the public-facing spokesperson for the group, claimed that it stole files from CyrusOne before encrypting the provider's data. UNKN said that the REvil group will publish the data or sell it to a competitor unless CyrusOne pays the ransom. A similar threat was made when the group behind the Maze ransomware threatened to release files stolen from Allied Universal. When the company didn't pay the ransom, the data was published on a hacking forum. -- BLEEPING COMPUTER

5. Microsoft will not update its Microsoft Security Essentials (MSE) free antivirus program for Windows 7 when the operating system reaches end-of-support on Jan. 14 next year. This will be the case even if companies purchase Windows 7 Extend Security Updates for an additional three years. Microsoft explained that it does not consider MSE a core component of Windows 7. Microsoft gradually phased out MSE when it began using Windows Defender as the default antivirus tool in Windows 8 and Windows 10. -- ZDNET

6. Snatch malware is able to encrypt Windows machines in Safe Mode in order to avoid detection by endpoint security tools. Snatch is hybrid data theft-ransomware malware that "runs itself in an elevated permissions mode, sets registry keys that instructs Windows to run it following a Safe Mode reboot, then reboots the computer and starts encrypting the disk while it's running in Safe Mode," explained Sophos researcher Andrew Brandt in a blog post. The Snatch Group, which developed the hybrid malware, has been active since last summer, targeting U.S., Canadian, and European organizations. -- SC MAGAZINE

7. The City of Waco, Texas, confirmed that hackers were able to breach its Click2Gov portal for water bill payments, deploy malware, and steal credit card data between Aug. 30 and Oct. 14. Waco and many other cities and municipalities use Click2Gov and other third-party payment software to allow residents to pay bills and fines. This is not the first time the Click2Gov platform has been breached. There have been multiple reports of breaches in which credit card data was stolen and then sold on the dark web. Click2Gov maker CentralSquare Technologies responded that only a limited number of customers have reported data breaches, and the vulnerability that was exploited has been fixed. -- TRIPWIRE

8. The U.S. House has passed the 2020 defense authorization bill with an amendment designed to strengthen cybersecurity of the U.S. power grid. The amendment, originally introduced as the Securing Energy Infrastructure Act, would set up a two-year pilot program within the Energy Department's national laboratories to identify vulnerabilities in the power grid and develop solutions, such as using analog backup systems, to isolate attacks. It would also direct the national laboratories to develop a national strategy for protecting the U.S. power grid. -- SECURITY WEEK

9. ProtonVPN said that a vulnerability in the OpenVPN protocol identified earlier this month by security researchers enables attackers to actively probe, or guess, what IP and port a TCP connection is linked to. However, the vulnerability cannot be used to conduct mass surveillance. The vulnerability could be used by an attacker who controls the WiFi or LAN a user is connected to, but this would be a difficult attack and grant minimal access to the attacker. ProtonVPN said that VPN services have trouble patching the vulnerability because it affects VPN connections by exploiting the operating system. The developers of Android, iOS, and macOS are working on measures to mitigate the risks, and ProtonVPN is developing a fix for its Linux client. -- PROTONVPN

10. Beginning early next year, Mozilla will require all developers of Firefox add-ons to enable two-factor authentication (2FA) for their (AMO) accounts. "This is intended to help prevent malicious actors from taking control of legitimate add-ons and their users," explained Caitlin Neiman, add-ons community manager at Mozilla, in a blog post. An attacker could use a compromised Firefox add-on to steal passwords, spy on users' browsing habits, or redirect users to malicious pages or sites. -- ZDNET

Fred Donovan is a professional writer, editor, and content specialist with decades of experience, most recently in the areas of information technology and cybersecurity. He has written for such publications as, FierceITSecurity, InfoSecurity Magazine, Report on Patient Privacy, TechGenix, and NetDefense. Fred has a B.A. from Harvard University in government and an M.S. in national security from Georgetown University.

Copyright © 2020, All rights reserved.

Our mailing address is:
767 Bryant St. #203
San Francisco, CA 94107

Did someone forward this email to you? Head over to to get your very own free subscription!

You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.

Subscribe to Inside Security