The FBI's Internet Crime Complaint Center (IC3) has received an increasing number of complaints from businesses reporting extortion campaigns via email, an alert said Friday. Typically, a victim business will receive an email threatening Distributed Denial of Service (DDoS) attacks to its website unless a ransom -- that varies in size, but is usually demanded in Bitcoin -- is paid, IC3 said. Victims that don’t pay the ransom receive a follow-up email threatening that the price of the ransom will increase if the victim doesn’t pay in a certain time frame, it said. Some businesses implemented DDoS mitigation services as a precaution, it said. Those that experienced a DDoS attack reported the attacks “consisted primarily of Simple [Service] Discovery Protocol (SSDP) and Network Time Protocol (NTP) reflection/amplification attacks, with an occasional SYN-flood and, more recently, [WordPress] XML-RPC reflection/amplification attack,” it said. The attacks often last one to two hours, “with 30 to 35 gigabytes as the physical limit,” it said. Based on information given to IC3, the FBI believes multiple individuals are involved in these extortion campaigns and believes the attacks will expand to online industries and other targeted sectors that are susceptible to financial loss if offline for a period of time, it said. IC3 recommends not opening emails or attachments from unknown individuals, not communicating with those who send threatening emails, and if an attack occurs, utilize DDoS mitigation services.
It’s a mistake to assume toll-free numbers that pop up in search engine results are legitimate customer service lines for a company, wrote FTC consumer education division intern Preston Reisig in a blog post Friday. “Some are run by scammers out to hijack your credit card number or install malware on your computer,” he said. By using company names and URLs that look “confusingly similar to national shopping outlets and big box stores,” scammers try to get consumers to reveal credit card numbers, Reisig said. Recent tech support scams involve scammers claiming to spot a security problem on the computer that they will fix for a fee, he said. To stay away from these scams, never assume phone numbers appearing in early search results are valid, Reisig said. “Scammers may even use a variation on the real company’s name in their web address, which is why the presence of a familiar-sounding URL is no guarantee the phone number and website are genuine,” he said. The best place to find contact information from a company is the company’s official website, Reisig said. It may take some time to navigate the page, “but it will increase the likelihood that you’re going straight to the source,” he said. A company may not offer a toll-free number but may provide an email address, online chat function, or have customers enter a number so the next available operator can contact them, he said.
Sen. Chuck Schumer, D-N.Y., urged the Department of Commerce to modify its proposed rules for implementing changes to the 41-nation Wassenaar Arrangement export controls treaty that would control the export of intrusion software and IP network surveillance systems. The implementation rules proposed by Commerce’s Bureau of Industry and Security have come under fire from a range of U.S. cybersecurity stakeholders for being overly broad and potentially punishing legitimate security research (see 1507240054). “The goals of the proposal are laudable, and I share them: the proposal is intended to limit access to powerful surveillance tools by oppressive foreign regimes and agents,” Schumer said Wednesday in a letter to Commerce. “Unfortunately, I believe the proposal as drafted is vague and overbroad, and may inhibit the development of important cyber protection tools, as well as limiting the ability of US companies to protect their own networks.” House Homeland Security Committee Chairman Michael McCaul, R-Texas; Rep. Jim Langevin, D-R.I.; Rep. Ted Lieu, D-Calif.; and Rep. David Schweikert, R-Ariz., have also jointly voiced their concerns about the Wassenaar implementation proposal. Deputy Secretary of Commerce Bruce Andrews said during a podcast interview with Steptoe & Johnson cybersecurity lawyer Stewart Baker that there’s likely to be “a very strong effort to be responsive to those comments and to try to figure out what is the next iteration of this” along with another comment period. USTelecom President Walter McCormick said in a statement that he shares Schumer’s concerns about Commerce’s Wassenaar implementation proposal, “which could significantly hamper cybersecurity and information sharing between industry and government.” The proposed rules, “while well-intentioned, are too broad and would limit the telecommunication industry’s ability to protect its networks against intrusions by hackers, cyber-criminals, terrorists, and nation-states,” McCormick said.
The Digital Citizens Alliance (DCA) urged YouTube in a report Thursday to stop featuring advertising on videos that promote malicious software. Hackers are increasingly using trusted sites like YouTube to learn hacking skills, with YouTube hosting thousands of videos on the use of remote access Trojans and other malware, DCA said. About 38 percent of the videos DCA found on YouTube related to malware use contained ads from major car companies and others. YouTube parent company Google and the video’s poster split ad revenue from “these malicious tutorials,” DCA said. YouTube “has clear policies that outline what content is acceptable to post, and we remove videos violating these policies when flagged by our users,” the company said in a statement.
Android devices running versions 2.2 through 5.1.1_r4 contain vulnerabilities in the Stagefright media playback engine that may allow an attacker to access multimedia files or potentially take control of a vulnerable device, said an alert from the U.S. Computer Emergency Readiness Team Tuesday. Users and administrators are encouraged to review the Vulnerability Note for more information, the alert said. Affected Android users should contact their wireless carrier or device manufacturer for a software update, it said.
A vulnerability affecting the Uconnect software in Fiat Chrysler Automobiles (FCA) that may have allowed an unauthorized user to take remote control of an affected vehicle requires access to Sprint’s cellular network, as Sprint connects FCA vehicles to the Internet, a U.S. Cyber Emergency Readiness Team (U.S.-CERT) alert said Monday. Sprint blocked the port used for attacks, it said, and FCA and the National Transportation Safety Administration initiated a safety recall for all potentially affected Chrysler, Dodge, Jeep and Ram models, the alert said. Uconnect users are encouraged to review the recall announcement and apply the software update, it said.
The National Cybersecurity Center of Excellence (NCCoE) released the first draft of a step-by-step guide to show healthcare providers how to better secure smartphones and mobile devices to protect patient information, a National Institute of Standards and Technology news release said Friday. The draft, first in a series of publications meant to teach businesses and organizations how to improve cybersecurity, instructs medical IT personnel on ways to decrease the risks of patient information theft by increasing the security of mobile devices used to transmit the data, said NIST. "This guide can help providers protect critical patient information without getting in the way of delivering quality care," said NCCoE Director Donna Dodson. NIST also said the use of mobile devices to "store, access and transmit electronic healthcare records is outpacing the privacy and security protections on those devices." The NCCoE requests comments on the draft be submitted to the center by Sept. 25.
Imposters pretending to be from the FTC are offering money to OPM data breach victims, and “all you need to do is give him some information,” wrote FTC Consumer and Business Education Division attorney Lisa Weintraub Schifferle in a blog post Wednesday. One scammer has identified himself as Dave Johnson from the FTC’s office in Las Vegas, she said. The FTC doesn’t have an office in Las Vegas and won’t ask for personal information or give money to OPM data breach victims, she said. Don’t trust caller ID, don’t wire money or put it on a prepaid debit card, and don’t provide personal or financial information unless you initiated a call and you know the number is correct, Weintraub Schifferle said. “Never provide financial information by email,” she said.
Twitter unveiled a new Safety Center, designed to be a resource for those looking to report abusive accounts and block accounts and for those looking to learn about online safety, wrote Head-Global Trust & Safety Outreach, Public Policy Patricia Cartes in a blog post Monday. “Online safety is a shared responsibility, and digital citizenship is essential to fostering a safe environment for all,” Cartes said. “As Twitter evolves along with the world of online safety, we will continue to create new materials for the Safety Center.”
Cybersecurity is becoming an increasingly dominant issue for teleport and satellite service providers, the World Teleport Association (WTA) said Tuesday in a report. Cybersecurity is becoming an increasingly important issue to teleport and satellite providers because 94 percent of them have reported a security breach in the last 12 months, WTA said. “Today’s teleport is a data center with antennas, and both large and small operators have to develop an approach to cybersecurity that is appropriate, not only to the threats they face, but to the concerns of their customers and the resources they can bring to the problem,” said WTA Executive Director Robert Bell in a news release. “Whether the adversary is a hacker or an employee who gives away a password by mistake, constant vigilance has become the new requirement.”