Steganography Makes Leaps into Industrial Cyberattacks
Researchers have been following a new trend of incorporating multiple levels of steganography into cyber attacks that are focusing mainly on large industries. The attacks themselves are highly specified for the victim, including a language localization script to only execute if the local OS is in the right language, and using macros to launch malicious PowerShell scripts that stay hidden from the victim’s view and require no additional input. The scripts, when executed, communicate with imgur.com or other image hosting sites and grab pictures that have malicious code hidden within the pixels, that eventually drops an encrypting payload.
Honda Shuts Plants After Ransomware Attack
Several Honda plants around the world have recently closed due to a ransomware attack that has targeted several manufacturing systems. The shutdown came only hours after a new Snake ransomware sample was uploaded to Virus Total and was seen attempting to contact an internal site belonging to Honda. Currently, officials for Honda are still working to determine exactly what parts of their systems were affected and if any personally identifiable information was compromised.
Two Decades of Police Records Leaked
A massive data dump has been discovered to contain upwards of 269GB of stolen police records dating back nearly 24 years and covering some 200 departments and police organizations across the world. In what is being called ‘BlueLeaks’, researchers have been able to identify highly sensitive personal information from bank account numbers to Social Security Numbers for thousands of officers and suspects. It is still being debated if the breach started with the software developer Netsential, who is readily denying any data breach, or through another entry point.
REvil Ransomware Searches for Point-of-Sale Software
One of the most prolific ransomware variants has made a recent change that focuses more on identifying Point-of-Sale software on infected systems before it steals any valuable data and encrypts the remainder of the system. In the initial malware campaign, eight firms across several industries were targeted, all with starting ransoms of $50,000 in Monero cryptocurrency, which doubled to $100,000 after an initial 3-hour timeframe expired. While food and service targets were profitable, for healthcare victims, they began looking for Point-of-Sale software to improve their ill-gained profits.
Florence, Alabama Pays Ransom Demand
In the last week, officials for Florence, Alabama have been working to negotiate with the authors of the DoppelPaymer ransomware attack that took down the city’s email systems. Though the initial ransom amount was 38 Bitcoins, or the equivalent of $378,000, the security team that was brought in was able to drop the demand to 30 Bitcoins, or $291,000, which the city has decided to pay. It is still unclear exactly what information may have been stolen or accessed, the Mayor of Florence concluded that it was best to just pay the ransom and hope their information is returned and their systems are decrypted.