Tag: Malware

1
Zooming In: “Zoom’s” Significant Privacy and Data Security Risks brought to Light Again (and Again)
2
A phishing pandemic – Part I
3
Don’t let coronavirus get your system infected
4
Is your iPhone spying on you (again)?
5
Surveillance software targets WhatsApp users
6
Ransomware, get your ransomware here, and you too can share in the profits!
7
Step right up and get your malware – no skill required, prices start at $20!
8
2018 Trends in Cyber-crimes so far…
9
Cyber-criminals outspend organisations more than 10 times in bid to find cybersecurity weaknesses – who says cyber-crime doesn’t pay?
10
Research reports say risks to smartphone security aren’t phoney

Zooming In: “Zoom’s” Significant Privacy and Data Security Risks brought to Light Again (and Again)

By Cameron Abbott, Warwick Andersen, Rob Pulham, Allison Wallace and Max Evans

It hasn’t even been 10 days since our previous Blog on Zoom, which highlighted a number of privacy and data security issues prevalent in the use of the popular telecommunications software, and already further privacy issues have been alleged. Let’s put these allegations under the magnifying glass:

Disclosure to Facebook: Even If You don’t have an Account

Firstly, Vice reports that the iOS version of the Zoom app transfers analytics data to Facebook, even if Zoom users don’t have a Facebook account, without disclosing as such in its Privacy Policy.

Read More

A phishing pandemic – Part I

By Cameron Abbott, Michelle Aggromito and Rebecca Gill

It’s upsetting to report, but should come as no surprise, that scammers are seeking to take advantage of organisations during the COVID-19 pandemic.

The Australian Competition and Consumer Commission’s Scamwatch website reports that phishing attacks are on the rise, with scammers impersonating the World Health Organisation and other agencies. Scams include anything from offering victims a vaccine for COVID-19 to investment opportunities created by the pandemic.

Read More

Don’t let coronavirus get your system infected

By Cameron Abbott and Allison Wallace

You’ve all likely seen various news reports and online posts about the coronavirus epidemic – you may have even received email alerts on how you can protect yourself from being infected.

It turns out cyber criminals are using our curiosity to bait us with fake documents purporting to inform us about coronavirus while actually infecting our systems with malware.

Read More

Is your iPhone spying on you (again)?

By Cameron Abbott and Allison Wallace

In the latest installment of this seemingly ongoing tale, Google uncovered (for the second time in a month) security flaws in Apple’s iOS, which put thousands of users at risk of inadvertently installing spyware on their iPhones. For two years.

Read More

Surveillance software targets WhatsApp users

By Cameron Abbott, Rob Pulham and Michelle Aggromito

Unfortunately for all of us, Privacy Awareness Week doesn’t mean a chance to take a break from seemingly endless data breach notifications and social media vulnerabilities.

This week it’s WhatsApp’s turn, with reports that hackers, or as WhatsApp described as “an advanced cyber-actor”, have been able to remotely install surveillance software on phones and other devices of select targets, likely to be lawyers, journalists, activists and human rights defenders. The hackers were able to compromise the devices by using WhatsApp’s call function to ring the devices. The surveillance software was still installed even if the call was not picked up and the call reportedly would disappear from the compromised device’s call log. This means the malware could be installed without any action from the compromised user – and potentially without them even being able to determine that they had been compromised.

Read More

Ransomware, get your ransomware here, and you too can share in the profits!

By Cameron Abbott and Colette Légeret

The expansion of the “service industry” into malware-as-as-service (MaaS), is not the only cyber-attack available online, Bleeping Computer found ransomware-as-a-service (RaaS), that not only uses FilesLocker malware and targets Chinese and American victims, it also offers users a sliding commission pay-scale that rises the more ransomware victims infected.

Bleeping Computer was put on the trail of this RaaS by security researcher, Neutral8✗9eR, who saw it being marketed through a Chinese malware forum on TOR.

Read More

Step right up and get your malware – no skill required, prices start at $20!

By Cameron Abbott and Colette Légeret

It seems that the “service industry” has expanded into cyber-crime without us knowing about it as the Fortinet research team recently discovered. They came across malware-as-a-service schemes available on several Dark Web forums, with one designed as an easy-to-use point of entry for beginner Distributed Denial of Service (DDoS) attackers.

The DDoS kit disguises itself as a legitimate “booter” or “stresser” service and as it is relatively easy to set-up, almost anyone can go into the “DDoS a website for a fee” business. Some of the offerings are incredibly customisable. The research team found one such service that went operational on 17 October 2018 called “Ox-booter” which uses the Bushido botnet for its attacks. Bushido itself is relatively new, having only been identified in September 2018.

Read More

2018 Trends in Cyber-crimes so far…

By Cameron Abbott and Colette Légeret

The first half of 2018 has been busy for cyber-criminals and cyber-security alike. According to Trend Micro, cryptocurrency mining detections have jumped 96% in this six month period compared to the total number detected in 2017.

In that same time, over 20 billion threats were blocked by Trend Micro’s Infrastructure, a few billion threats less than in the first half of 2017. Of these threats, less were “spray and pay” ransomware attacks and breaches, as cyber-criminals are flying under the radar with crypto-jacking, along with fileless, macro and small file malware techniques.

Read More

Cyber-criminals outspend organisations more than 10 times in bid to find cybersecurity weaknesses – who says cyber-crime doesn’t pay?

By Cameron AbbottRob Pulham and Colette Légeret

Cyber attackers are able to search for that one weak link in corporations defences whereas corporates have to create a completely strong chain of defence against every possible scenario.  This asymmetrical fight would you think mean organisations would have to outspend attackers by many multiples.

However, according to software company, Carbon Black, the situation is worse than that because it appears that cyber criminals are outspending corporation!  Cyber-crime is big business, and as such, cyber-criminals are spending an estimated $1 trillion each year on finding weaknesses in the cyber defences of organisations and developing new ways of attacking them, in comparison to the $96 billion spent by organisations in an attempt to secure themselves from these cyber-attacks.

Read More

Research reports say risks to smartphone security aren’t phoney

By Rob Pulham, Warwick Andersen and Sarah Goegan

Beware! Your favourite apps may be putting your phone and data at risk. Reports from Allot and BitSight have examined rising threats to the security of our mobile devices.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.