Connect with us

Vulnerabilities

New Form of Ransomware Uses Social Media to Customize Demands

Published

on

A new form of ransomware is reported to have been found that uses a person’s social media and computer files to customize a demand, according to cybersecurity researchers at Proofpoint.

Called ‘Ransoc’ by the researchers because of its connection to social media, they found that the malware was scanning local media filenames and running several routines by interacting with Skype, LinkedIn, and Facebook profiles, infecting the system through Internet Explorer on Windows and Safari on OS X.

What’s interesting about this new type of ransomware is the fact that unlike ransomware such as Locky, which encrypts a person’s files before demanding payment, Ransoc customizes its demands to its victims.

After scanning a person’s computer files and social media to find potentially incriminating evidence, it then sends a penalty notice, threatening victims with court action if the amount isn’t paid.

As it doesn’t encrypt a person’s files, the ransomware relies on a victim’s fear to pay the money straight away.

According to Proofpoint, though, this type of penalty notice threat was widespread during 2012 and 2014; however, since then the focus has been on crypto ransomware and other malware as a way of scamming victims out of their money.

Interestingly, enough, the team at Proofpoint discovered that the penalty notice only appeared if the malware was able to locate incriminating evidence on the computer. If, however, the file name was manually changed no penalty notice was triggered.

Not only that, but the team found that instead of demanding the payment in bitcoin, which is what the vast amount of cybercriminals using malware demand, this one demanded payment with a credit card. Unlike bitcoin, which gives criminals anonymity, the use of a credit card means that law enforcement can potentially trace the money back to the criminals a lot easier.

The fact that this method is used could suggest that the cybercriminals are happy in the belief that the victims have too much to hide to seek out help from the police. To encourage payment, though, the ransom note states that the money will be sent back to the victim if they are not caught again in 180 days.

It’s safe to say that repayment never happens.

All, it seems, is not lost.

According to Proofpoint, the Ransoc only employs a registry autorun key to persist, so rebooting in Safe Mode should allow users to remove the malware.

Featured image from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...





Feedback or Requests?

Cryptocurrencies

Spectre And Meltdown Madness: What It Means For Ethereum

Published

on

To anyone who talks in terms of a cryptocurrency bubble, consider the following fun facts. In the short period of a few days following the bombshell announcement of Meltdown and Spectre, crypto prices responded in the following manner:

Bitcoin +18%

ETH +41%

Litecoin +30%

In my view, this is clear evidence of a market that is responding rationally to information coming from responsible sources. To appreciate what all the noise is about you must appreciate what Meltdown and Spectre are and why they present a danger to the big companies providing cloud storage for the corporate world.

Once this is clear, then you will better appreciate why Ether’s 41%+ short-term price spike left the others in the dust. But first lets dig into the Meltdown and Spectre situation.

The Secret Got Out

 On January 3 the secret about a new class of security vulnerabilities leaked out to the public. Not only was this seriously bad news but the leak also gave hackers advanced notice before anyone could begin to fix the twin problems.

The degree of seriousness is in the fact that almost all major microprocessor chips are vulnerable. This opens the door to hackers stealing information from personal as well as cloud services.

Researchers claim that Meltdown can be fixed with a patch. Shortly thereafter about every major player announced their patch. But there are two issues here. Will the patches fully solve they problem?

Casting A Cloud Over The Cloud

When a corporation becomes a cloud customer, even the largest share machines with other customers. This is the basic flaw in the centralized structure of cloud storage. Contrast this with the decentralized structure of blockchain technology and you begin to appreciate the force behind the sudden price spike in cryptocurrencies that we highlighted above.

Even though security tools and protocols are designed to separate customers date, the recently discovered Meltdown and Spectre flaws still leave serious vulnerabilities.

Meltdown, hackers could rent space on a cloud service, just like any other business customer. Once they were on the service, the flaw would allow them to grab information like passwords from other customers.

Secondly, reports on cloud services like Amazon, Google and Microsoft claim that it creates as much as 30% slower computation speeds. That clearly won’t make for happy customers.

Jerky NetFlix

Virtually everyone reviewing the situation believes individual computer users are the least vulnerable. That may be true. Hackers are in the hunt for the biggest prize and that would be the big three cloud companies. But how do you think families are going to react if their Netflix stalls and buffers every few minutes?

In the final analysis, the Meltdown flaw affects virtually every computer chip fabricated by Intel in use today. You are talking about 90% of the Internet and business world. But Meltdown is just one flaw.

Spectre is the other flaw and this one is the more insidious of the two. There is no known fix. Intel, AMD and others have claimed how complex a project it would be for hackers to breech the Spectre vulnerability. That is pretty hollow comfort. After all, hasn’t the FBI security been breeched. Those guys were supposed to be airtight.

Boom Days For Blockchain

In so many ways, last year marked a tipping point in the spread and acceptance of blockchain technology. The uses for Bitcoin are probably best gauged by its record $20,000 price in December. For Ethereum, it may have been marked by the formation of the Enterprise Ethereum Alliance (EEA) in February and rise to over 300 members at year-end.

No sooner has 2018 begun that the Meltdown and Spectre flaws created unexpected excitement for investors in cryptocurrencies. If I were a software salesman out of work, I would be sending my resume to every crypto company offering to peddle their blockchain. It could be the easiest job since selling web design services in 1995.

The Ethereum platform with its smart contracts is not the only crypto capable of addressing this newly uncovered opportunity created by Meltdown and Spectre. You can safely bet this will attract many players and for good reason, today’s blockchain technology is a long way from fast enough for mass adoption. Blockchain security may be a step or two better in it present form than cloud storage, but it has its security issues as well.

Building the Ethereum Moat

 EEA founder Jeremy Millar is clearly a brand ambassador for Ethereum. He believes that CEOs hear the chatter about blockchain and are pre sold not having a clear picture what can be accomplished or the money saved using this technology. The important thing is for IT departments to have a respected brand to attach to their recommendations.

The EEA seeks to connect and inform and through this pioneering process spread the gospel of Ethereum. So far this is beginning to build a brand franchise for Ethereum.

The EEA is the largest blockchain body and is committed to using open-source Ethereum technology for enterprise blockchain solutions. EEA expects to see great advances in these areas in 2018 with Ethereum technologies.

It also helps when Wall Street banks uncover the potential for billions in savings on the trading desks through the applications of the Ethereum platform.

So, if you though the last year held plenty of excitement, the Meltdown and Spectre flaws promise to make this year every bit as much fun.

Featured image courtesy of Shutterstock.

 

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
14 votes, average: 4.14 out of 514 votes, average: 4.14 out of 514 votes, average: 4.14 out of 514 votes, average: 4.14 out of 514 votes, average: 4.14 out of 5 (14 votes, average: 4.14 out of 5)
You need to be a registered member to rate this.
Loading...

4.4 stars on average, based on 87 rated postsJames Waggoner is a veteran Wall Street analyst and hedge fund manager who has spent the past few years researching the fintech possibilities of cryptocurrencies. He has a special passion for writing about the future of crypto.




Feedback or Requests?

Continue Reading

Breaches

Coders Safeguard Vulnerable Ethereum Wallets Following Security Breach

Published

on

hacker extortion bitcoin

Ethereum suffered large-scale security breaches last week after anonymous hackers targeted vulnerable wallets in the network, resulting in the loss of tens of millions of dollars. However, it didn’t take long for a volunteer group of coders to “rescue” the funds in 500 at-risk wallets before the same attackers could get to them too.

White Hat Group Takes Charge

The so-called White Hat Group showed initiative by “rescuing” the funds using the same techniques the thieves employed to compromise $32 million USD worth of ether from three multi-signature wallets. As of Monday, the White Hat Group of ethical hackers was in possession of $86 million worth of ether and an additional $122 million in tokens.

Tokens are digital assets that are sold during an Initial Coin Offering (ICO) fundraising event. They have proven to be extremely popular.

Tens of millions of dollars worth of ether and tokens have already been returned to their owners. The White Hat Group says it will issue full refunds by the end of July.

Blockchain-based trading platform Coindash was also breached last week, resulting in the loss of more than $7 million worth of ether.

Security Breaches Nothing New in Crypto World

For all its benefits, cryptocurrency has been vulnerable to several high-profile security breaches. Last summer, Hong Kong-based Bitfinex was the target of a major attack that resulted in the theft of around $70 million worth of bitcoins. In response, the exchange announced a controversial plans to “socialize” its losses among all users. Each Bitfinex trader was docked 36% as a result.

Bitcoin prices declined sharply following the attack, stopping what had been a blistering summer of gains.

Ethereum Enterprise Alliance

For anyone doubting the potential of the ether, take a look at the list of companies participating in the Enterprise Ethereum Alliance (EEA). The EEA is a forum that connects Fortune 500 companies, startups and academics with ethereum subject matter experts.  The EEA is made up of multinational banks and some of the world’s biggest technology companies.

The forum has made cyber security a top priority, according to a May 22 press release. In the release, companies like Infosys, Mitsubishi UFJ Financial Group, Synechron and others expressed their intent to contribute to the future of ethereum’s security.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 498 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.




Feedback or Requests?

Continue Reading

Eavesdropping

Are Children Losing Their Childhood to Smart Toys?

Published

on

Smart toys are on the rise, but while they may have the ability to enhance a child’s play, do they also pose a threat by spying on what children are doing?

In an article from the New Scientist, the issue of privacy is looked into. More specifically, the privacy of children.

Nowadays, it seems it’s no longer a case of simply playing with Ken and Barbie as the imagination of a child takes over. As the article reports, various companies have been looking into how they can capture the imagination of children. One play item, in particular, is the Barbie Hello Dreamhouse and Hello Barbie.

Created by the American toy-company Mattel, Inc., Barbie has been in existence since 1959. Designed by businesswoman Ruth Handler, Barbie has maintained its popularity with children up to the present day for nearly 60 years.

But, in a bid to keep up with technological advances in the 21st century, Mattel, Inc., has created the Barbie Hello Dreamhouse, a pink-and-white smart house for the world’s most popular doll. Apparently, the Hello Barbie is reported to be able to talk to a child on a number of topics ranging – as the New Scientist states – ‘from fashion and family to dreams and paddleboarding.’

Nothing wrong with that, you might think.

Except for the fact that when a child presses Barbie’s buckle to talk to her, every word the child makes is then transmitted to a Mattel-owned server farm where it is analyzed so that a suitable reply can be sent back to the child.

Sending Details to Third Parties

Shockingly, the information that was being stored was also being sent on to third parties, which, naturally, ensued a backlash.

According to Josh Golin, executive director of the Campaign for a Commercial-Free Childhood (CCFC), who launched a social media campaign #HellNoBarbie, he said that:

It just struck us as such as invasion of children’s privacy.

Open to Hackers

Children, in their innocence, don’t realize that what they are telling their dolls may now be listened to by others. This can also include hackers.

Even though toys may seem above anything else, they can just as easily become a target for hackers too.

In 2015, Chinese company VTech was targeted by hackers. Reports stated that nearly five million parents and more than 200,000 children had their information stolen after a hacker breached the servers of the toy company.

As such privacy activists have objected not only because of the concern from others listening in or the vulnerability that toys can pose, but also because it can take away the nature of a child’s play.

Taking Away the Child’s Imagination

Of course, if you walk into someone’s house, the chances are that you will find a vast array of smart technology around. Consider digital assistants such as Siri, Alexa, and Allo to name a few.

Toys, however, don’t need to be smart, do they?

After all, when it comes to child’s play that’s when a child learns how to figure out skills while playing out a fantasy world that only they see in their eyes. By playing with toys that are already preprogramed with answers seems to only hinder a child’s play rather than broaden it.

Featured image from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...





Feedback or Requests?

Continue Reading

5 of 15 Seats Available

Learn more here.

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending