Embed Size (px)
Citation preview
Tuesday, June 18, 2019
In This Issue
Sign In with AppleA Year After GDPR, WhatNow?Shade RansomwareExpands to US TargetsSneaky Adware BombardsAndroid DevicesWas Your LocalGovernment Hit byMalware?
Key Security Tips
Avoid downloading free software.Free software might containviruses, adware, or spyware.
Working remotely can carry somephysical security risks. Use alaptop cable lock for long trainingsessions or conferences.
Email and instant messagingservices can be used to spreadmalware.
Sign In with Apple
Apple is taking their respect for privacy toanother level with their new feature Sign Inwith Apple. Instead of filling out forms,verifying email addresses, and choosing new(often repetitive) passwords, users can usetheir Apple IDs. This not only makes sign upprocesses easier, but also provides an extralayer of privacy.
Although single sign on is not new, Apple's new feature is differentiatingitself by adding some extra protections, such as Face ID and Touch ID,which set it apart from other single sign on options. For examples, unlikeFacebook and Google, Apple will randomly generate an email address onyour behalf, which then forwards communications from companies andinstitutions to your real address.
This new feature also comes with new requirements for app developersutilizing any third-party login service. If the app uses social icons likeGoogle and Facebook, developers will now be required by Apple to add abutton for Sign In with Apple.
"Sign In with Apple will be available for beta testing this summer," thecompany writes. "It will be required as an option for users in apps thatsupport third-party sign-in when it is commercially available later thisyear."
Apple breaks down the benefits of Sign In with Apple into four categories:
Respect for Privacy
Data collection is limited to the user's name and email address, andApple's private email relay lets users receive email even if they prefer tokeep their address private. Apple will not track users as they interact withyour app.
Only use trusted Wi-Fi networkswhen connecting to the internet.Cybercriminals can create fakehotspots that provide free accesspoints from which to steal yourdata.
Security Built In
Every account using Sign In with Apple is automatically protected withtwo-factor authentication. On Apple devices, users are persistently signedin and can re-authenticate anytime with Face ID or Touch ID.
Works Everywhere
Sign In with Apple works on iOS, macOS, tvOS, and watchOS. And itworks in any browser, which means you can deploy it on your website andin versions of your apps running on other platforms.
Anti-Fraud
Sign In with Apple uses on-device machine learning and other informationto provide a new privacy-friendly signal that helps you determine if a newuser is a real person or an account you might want to take another look at.
A Year After GDPR, What Now?
In the beginning of 2018, organizationsscrambled to get their data protection inorder before the European Union's GeneralData Protection Regulation (GDPR) cameinto effect. A year later, organizations are stillworking towards meeting these regulationsand feeling the costs of not meeting them.
According to IAPP's survey, the average spend for organizations was $3million, with some of that accounting for additional costs this year andgoing into the future. Heavier spending was seen in US companies thathad not previously instated privacy regulations prior to GDPR, whereasmany European companies already had regulations in place. One of thehidden costs of GDPR has been the human element, especially in thecases of organizations without an automated process for data flows andcompliance. At this point, it’s difficult to judge what additional costsorganizations have incurred.
Despite the time and money put into GDPR, a report by Thomson Reutersfound that 48% of organizations worldwide are not meeting therequirements. Furthermore, 50% of all organizations around the worldhave been subject to an enforcement action under GDPR. IAPP estimatesthese enforcement actions have resulted in more than $62.4 million infines.
A positive outcome from GDPR has been the increase in data protectionofficers in organizations. IAPP reports 75% of all organizations have anappointed data protection officer, and 45% have more than one. Whilesome organizations are still trying to catch up, others have felt thepressure of GDPR. This has led to a shift in mindset and push to protectconsumers.
With California's CCPA and talks of New York creating its own consumerprivacy regulations, GDPR appears to only be the beginning of a push forconsumer data protection.
Shade Ransomware Expands to US Targets
Shade, a ransomware that’s troubled Russiasince 2014, is starting to cross internationalborders, making its way to other countries,including the US, Canada, Japan, India, andThailand. More recently, analysts found thatthe US has seen the highest number ofattempted attacks since Q1 2019, with thetop targeted industries being high-tech, wholesale and retail, education,and telecommunications.
Shade attacks come in through your inbox and require the user to click alink or open an attachment. In a recent example from February of 2019,Shade infected emails were found carrying a link to an archive, archiveattachment, or attached PDF that linked to an archive, commonly dressedup to look like an invoice or a bill.
The links and attachments link back to a script-based file that is designedto retrieve the Shade executable file. Researchers found that if you'reoperating on a Windows OS, once your computer is infected with Shade,the desktop background will display a message announcing the infectionto the user. The message reads "Attention! All the important files on yourdisks were encrypted. The details can be found in README.txt files whichyou can find on any of your disks." Ten README.txt text files will appearon the infected user's desktop, named README1.txt throughREADME10.txt. All of the files contain the same message instructing theuser to send a code to an email address where they can then makepayments.
To protect yourself from Shade attacks, you want to make sure your teamkeeps these email tips top-of-mind:
Validate the sender's email. Before taking a click action, makesure the sender’s email address is valid and recognized.Hover over any links and attachments. Make sure they'redirecting you to a safe destination.Beware of the unexpected. If you're not expecting to receive aninvoice or a bill, that could be a sign that you've received an emailinfected with the Shade ransomware.
Sneaky Adware Bombards Android Devices
Did you recently install a cool app and thennotice pesky ads cluttering your androiddevice… so much so that you can't takecalls, can't level up on your game, or can'tsend out your latest amazing post?
If you answered yes to any of thosequestions, you may have hidden adware taking over your device.
Lookout’s security researchers found 238 applications in Google Play thathad a well obfuscated ad plugin, called BeiTaAd, hiding in the background.With more than 440 million installations, these infected CooTek appsrange from step trackers to fitness workout tips to horoscopes tohealthcare trackers to music to a nifty AI-powered virtual assistantkeyboard.
The initial investigation was in response to user feedback and malcontentover ads being displayed on the device's lock screen, ads triggering videoand audio advertisements even while the phone is asleep, and ads beingdisplayed even outside the app that interfered with the user experience inother applications.
Once the researchers at Lookout found the hidden culprit, they reportedthe malicious functionality to Google. Now, the BeiTaPlugin has beenremoved or updated to versions without the offending adware from all theaffected apps on the Play store as of May 23rd, 2019.
These particular ads start out slow after an affected app is installed, butwithin 24 hours of launching the app, the ads begin to pervasivelybombard your device so that you cannot use other apps. It’s alarming butthis style of persistent, pervasive ad plugins may be the future wave ofmobile adware development since official app stores are increasing theirrestrictions on out-of-app advertisements. Other developers will alsoexecute evasive coding to avoid detection.
So, what can I as a user do to protect myself?
If you have ads over-running your phone right now, delete yourmost recently added app(s). If this is an app you must use,download the latest version.Never use Third-Party app installers.Limit how many apps you download at one time. (Recommend nomore than 2 or 3 at a time.) That way you will easily be able toidentify which app is the infected one.When selecting apps, be sure to read the reviews. If many peopleare reporting issues with ads, try to find a better alternative.Check the size of the app. If it seems overly bloated or will take upmost of your memory space, you may want to research the app tosee if there are any reports of malware or adware.If an app drains your battery, you should remove it and scan yourdevice with an antimalware/antivirus tool.
Was Your Local Government Hit by Malware?
In the ever-evolving, ever-shifting cyberthreat landscape, state and localgovernments have become reliable targetsfor cyber attackers. So far this year, morethan 20 state and local government entitieshave been hit with some form of malware,often ransomware.
Those attacked include Washington, Pennsylvania; Amarillo, Texas;Cleveland Airport, Cleveland, Ohio; Augusta City Center, Augusta, Maine;Stuart, Florida; Imperial County, California; Garfield County, Utah;Greenville, North Carolina; Albany, New York; Jackson County, Georgia;Schools System of Taos, New Mexico; Del Rio, Texas; Atlanta, Georgia;and Leominster, Massachusetts.
So, what happens during these attacks? One recent example is an attackon the city of Baltimore, in which Robbinhood ransomware was used todisrupt everything from real estate transactions to bill payment systems, toemail and telecom services. The attackers demanded money, which cityofficials declined. The Robbinhood ransom note also warned the city notto call the FBI. The note also said the locked data would no longer berecoverable after ten days. "We won't talk more. All we know is MONEY!Hurry up! Tik Tak, Tik Tak, Tik Tak!" the note read. A mysterious tweetappeared a week later that appeared to show sensitive documents,allegedly accessed by the attackers.
What makes local governments targets for cyberattackers? Data stored incity systems makes them attractive targets. According to Chris Kennedy,former government cybersecurity veteran and currently CISO ofcybersecurity firm AttackIQ (via CSO Online), "If you think long-range.state and local governments offer a wealth of information about citizenactivity. You can imagine how cyber criminals would want to takeadvantage of that collection of information for identity theft and things likethat," Gary Hayslip, former CISO for the City of San Diego, California, andnow CISO for security firm Webroot, adds, "Most people don't realizecities have massive amounts of data. It's amazing the different types ofdata that they have. I mean it's just phenomenal. They have everythingfrom permits to people paying their water bills to parking tickets towhatever. People are investing in bonds."
Inspired eLearning | 4630 N Loop 1604 W | Suite 401 | San Antonio, TX 78249
Forward this email to a friend.
© 2019 Inspired eLearning, LLC. All Rights Reserved.All organizations with an active Security Awareness license are granted permission to republish any or all of the content in our Security
Awareness Newsletter, as long as distribution of that content is limited to employees within the organization.
