Cybersecurity Alerts: Weekly Update for November 13th
Get an update on this week’s cybersecurity threats.
The newest and most threatening version of CryptoWall, called 4.0, has returned. CryptoWall is a type of ransomware that infects a victim’s computer and encrypts the victim’s documents, making it impossible for them to be accessed. In order to restore access,the victim is forced to pay the attacker a fee, typically in Bitcoin currency. CryptoWall 4.0 is suspected to have been developed in Russia and uses advanced encryption algorithms that make it significantly more aggressive than earlier versions. CryptoWall 4.0 is not detected by traditional antivirus software. Because CryptoWall 4.0 erases restore points, it is not possible for the victim to restore their computer back to an uninfected state after the attack occurs.
This week, security researchers have tracked an increase in malvertising attacks that use the Magnitude exploit kit (Magnitude EK) to drop ransomware. Malvertising is the use of online advertising to spread malware, and injects malware infected advertisements throughout legitimate advertising networks. Magnitude EK, like other exploit kits, enables web based criminals to automate their business by targeting vulnerable software with a previously determined list of exploits. Once this software has been targeted, Magnitude EK works by infecting the compromised system with malware. Researchers have attributed this recent increase in attacks to the latest Adobe Flash Player vulnerability (CVE-2015-7645), as Magnitude EK leverages this vulnerability to perform its crimes.
CVE-2015-7645 is a critical vulnerability identified by Adobe that impacts Adobe Flash Player 220.127.116.11 and earlier versions for Windows, Macintosh and Linux. The vulnerability could allow hackers to take control of the affected system, in addition to causing a system crash.
Cherry Picker POS Malware was first identified in 2011, but has stayed largely undetected by traditional antivirus tools because it uses advanced methods to stay hidden. Cherry Picker works by injecting a legitimate file onto a POS system. Once inside the system, Cherry Picker works from the inside to scrape credit and debit card data. Due to its blend of simple and advanced attack methods, Cherry Picker Malware has been very successful at stealing financial data from online POS systems.
Just identified by security researchers, Linux.Encoder.1 is a crypto-ransomware that infects Linux web servers by exploiting unpatched instances of Magneto CMS and WordPress, two very commonly used content management systems. In order to stay protected, it is essential that web administrators perform timely updates and apply the necessary patches to their CMS installations. This current version of the ransomware is flawed, but researchers warn that the criminals responsible for creating the ransomware will likely fix the flaws in the future, turning Linux.Encoder.1 into a more serious threat.
The Internet of Things (IoT), which refers to the vast network of connected devices that can collect and exchange data, is growing exponentially. Because IPv4 addresses have been exhausted, IPv6 has been introduced to address this problem and replace IPv4. However, while IPv6 will help accommodate the growth of connected devices, internet security is not necessarily keeping pace. Researchers suspect that IPv6 could pave the way for an increase in distributed denial- of- service (DDoS) attacks. DDoS attacks occur when internet criminals use infected hosts to control connected devices remotely. In a DDoS attack, the target is flooded with malicious traffic, restricting or disabling service for legitimate traffic and crashing the target’s network.