A week in security (September 18 – September 24)

Credit to Author: Malwarebytes Labs| Date: Mon, 25 Sep 2017 16:24:17 +0000

Last week, we kept you updated on our blog about the infected versions of CCleaner that were offered as downloads on the official servers.

Elsewhere:

The pain caused by the Equifax breach was analyzed in depth by the NY Times.
And just as easily Equifax was fooled again. They referred users to a parody site like phishers might have used. Luckily this time it was run by a security researcher.
A new twist in ransomware was provided by “nRansomware”, a program that locks up your computer and only releases it after you send in 10 nude pictures.
The rise in the number of phishing sites has been huge. Almost 1.5 million new phishing sites pop up every month

A group of extortionists has been sending out threats to perform DDOS attacks on companies unless they pay a set amount in BitCoin. The perpetrators are claiming to be affiliated with Anonymous or Lizard Squad.
An absent-minded security staffer accidentally leaked Adobe’s private PGP key onto the internet.
The ProxyM IoT botnet has turned from DDOS to spam. A device infected with ProxyM sends on average about 400 emails per day. Campaigns so far have promoted adult hookup sites.
The U.S. Securities and Exchange Commission (SEC) has revealed that attackers might have used data they stole in a security breach for illicit insider trading.
Viacom exposed a vast array of internal access credentials and critical data that could be used to cause immense harm to the multinational corporation’s business operations.

Stay safe!

Malwarebytes Labs Team