A massive worldwide ransomware attack called "WannaCry" resulted in more than 45,000 infections in 74 countries, mostly in Russia, said cybersecurity firm Kaspersky Lab in a Friday blog post. It said Spain's Computer Emergency Response Team CCN-CERT posted a notification that several organizations in that country were affected, plus 16 National Health Service organizations in the U.K., according to the post. Ukraine and India also were affected, but Kaspersky didn't mention the U.S. "It’s important to note that our visibility may be limited and incomplete and the range of targets and victims is likely much, much higher," said Kaspersky. It said the malware encrypts files and drops and executes a decryptor tool. "The request for $600 in Bitcoin is displayed along with the wallet," said the post. "It’s interesting that the initial request in this sample is for $600 USD, as the first five payments to that wallet is approximately $300 USD. It suggests that the group is increasing the ransom demands."
With more than 96,000 complaints about tech support scams reported since 2015, the FTC said it's ramping up actions against companies that deceive consumers into thinking their computers are infected with malware and then charge them hundreds of dollars to fix nonexistent problems. At a Friday news conference in Tampa, Florida, FTC Consumer Protection Bureau acting Director Thomas Pahl and Florida Attorney General Pam Bondi announced that Operation Tech Trap -- with federal, state and international law enforcement agencies -- resulted in 16 new actions, including complaints, indictments, guilty pleas and settlements, against these scams in the past few weeks, bringing actions to 29 over the past year (see 1507310027, 1510200050 and 1610170020). Consumer losses from the scams so far have totaled more than $24.6 million, said Pahl. He said consumers browsing the internet get a pop-up message telling them their computer is infected with a virus or has another security problem. The message urges them to call a toll-free number, which connects them to telemarketers, usually located in India, who say they're certified or authorized by Apple or Microsoft to fix the problems. The scammers are allowed to remotely access the computer, diagnose it and supposedly fix it at a cost of $200 to $300. He said Apple, Microsoft and other companies gave the commission affidavits that they have nothing to do with such operations, making it easier to prosecute. Such scams began several years ago when telemarketers cold called consumers to buy services, a scam that has evolved into pop-up messages, said Pahl. Complaints to the FTC have increased year over year, including a 13 percent hike from 2015 to 2016 about the scams, which have also grown in sophistication, he added. Pahl said the 96,000 complaints are the "tip of the iceberg" since many go unreported and scripts are becoming "far more slick," misleading more people and making it harder to prosecute. Bondi said personal data is at risk from these scams, which can also leave devices inoperable. She said the scams "damage consumer confidence" and undermine trust in using the internet for transactions. Pahl said the agency recently acted against a company falsely offering tech support services on behalf of the FTC. He called this a scam "trying to injure people twice, which indicates just how pernicious this behavior is." Officials said consumer education and more reporting to law enforcement agencies are the only way to stop such scams.
CTIA released www.stolenphonechecker.org, so consumers more easily can check if a used or refurbished smartphone has been reported stolen or lost. “The new website is designed to provide peace of mind to consumers who are increasingly buying used or refurbished smartphones,” said a news release. “It will also benefit law enforcement by allowing police departments to quickly verify the status of a recovered phone.” Consumers, police and resellers can use the site to verify the status of a recovered phone by entering a device's unique ID at the website. The ID can be located in the phone’s device settings or on packaging. If a device has been reported as stolen or lost in the database, it will show a red status, and note that wireless service may be blocked from the device, the group said.
The FCC Electronic Comment Filing System seemed to still be experiencing problems Wednesday, as it has been this week. Access to filings was intermittent and apparently limited to only some dockets when we did have access. The agency declined to comment. The commission has been receiving high volumes of comments on its open internet draft proposals, which Sunday night was the target of a commentary by HBO comedian John Oliver. His 2014 commentary was credited with helping spark a wave of public comments in a previous net neutrality rulemaking that apparently helped crash the agency's system (see 1406040046). Beginning Sunday at midnight, the commission was "subject to multiple distributed denial-of-service attacks" that eventually tied up servers in the agency's commercial cloud host's system, preventing responses to people trying to submit comments, said Chief Information Officer David Bray Monday (see 1705080042). Fight for the Future, which backs net neutrality rules, Tuesday questioned whether the DDoS attacks took place right after Oliver's commentary, and Sens. Ron Wyden, D-Ore., and Brian Schatz, D-Hawaii, wrote the FCC Tuesday to ask questions about the situation and urge an alternative way to file comments (see 1705090063).
Fight for the Future, a group that supports the 2015 net neutrality rules, is questioning whether distributed denial-of-service attacks (DDos) against the FCC Electronic Comment Filing System took place after HBO comedian John Oliver urged the public to weigh in on net neutrality (see 1705080042). Oliver directed viewers to “gofccyourself.com,” which redirects to the comment filing site. A former senior FCC official told us the problem is the FCC never really fixed ECFS after the last time it crashed in 2014 under similar circumstances, and three years ago, the agency made similar claims of a cyberattack. “Fight for the Future is extremely skeptical of the FCC's claim that they experienced a DDoS attack at the exact same time that large numbers of people would have been commenting on their site in support of Title II net neutrality protections following John Oliver's viral segment on Sunday,” the group said in a statement Tuesday. “We have now read that the FCC is claiming this also happened in 2014 during the last John Oliver segment about the issue, and we are even more skeptical.” The FCC should release its logs “to an independent security researcher or major media outlet who can verify their claims and inform the public about what really happened here,” the group said. “The agency has a responsibility to maintain a functioning website to receive large numbers of comments and feedback from the public.” Sens. Ron Wyden, D-Ore., and Brian Schatz, D-Hawaii, are probing the FCC statement. They sent a letter to the commission Tuesday asking several questions and urging the FCC to set up an alternate way to comment if need be, such as a dedicated email address. Schatz first made that suggestion in a Monday tweet. “Any potentially hostile cyber activities that prevent Americans from being able to participate in a fair and transparent process must be treated as a serious issue,” they wrote. They want answers by June 8: “Has the FCC sought assistance from other federal agencies in investigating and responding to these attacks? … Did the DDoS attacks prevent the public from being able to submit comments through the FCC’s website? If so, do you have an estimate of how many individuals were unable to access the FCC website or submit comments during the attacks? … Does the FCC have all of the resources and expertise it needs in order to combat attacks like those that occurred on May 8?” The FCC received and is reviewing the letter, a commission spokesman said. Matt Wood, policy director at Free Press, said his group has similar questions. "We share the skepticism, and at minimum hope the FCC will demonstrate that it's not characterizing a flood of comments as an attack,” Wood told us. Scott Cleland, chairman of NetCompetition, slammed the Oliver segment in an opinion article in The Hill. Cleland said Oliver is likely to have little impact given the makeup of the current FCC under Chairman Ajit Pai. “Is net neutrality policy the joke here?” Cleland asked. “Or is the joke really that net neutrality activists think late night comedy is the most effective way for them to influence the FCC on public policy?” Public interest group Popular Resistance said it launched a new campaign, Protect Our Internet. The group urged net neutrality supporters to engage in a campaign of “Ajit-ation.”
Acting FTC Chairwoman Maureen Ohlhausen and Small Business Administration Administrator Linda McMahon called on small businesses Tuesday to use tools the two agencies have developed to combat cyberthreats and fraud. The agencies “stand ready to help our small businesses protect their customers, themselves, and their bottom line,” McMahon and Ohlhausen said in a commentary on The Hill's website. The FTC recently launched online resources to inform small businesses on ways to reduce cyber risk, respond to data breaches and information on recent scams, while the SBA offers similar online resources, the two officials said. Both agencies can also handle cyberthreat complains and can provide resources for training staff on cyber issues, the officials said.
Comcast unveiled the xFi experience Monday, a platform controllable by mobile app, website, TV or the X1 voice remote, that’s designed to simplify home Wi-Fi networks as they become more advanced and handle more devices. With Comcast’s investment in Plume, the platform will get a boost later this year from Plume’s Adaptive WiFi technology that uses pods around the home to maximize Wi-Fi in a “self-optimizing” mesh network that’s said to adapt to a household in real time to ensure fast speeds, the company said. Chris Satchell, chief product officer-Comcast Cable, in a blog post compared the xFi to the rollout of the X1 platform. Later this year, release of “zero-configuration” xFi Wi-Fi Pods from Plume will allow Xfinity customers to create “seamless Wi-Fi for any size or shape home” by plugging pods into power outlets around the home, said Satchell. The ISP said in 2017, 86 percent of in-home broadband use will travel over Wi-Fi, and by 2020, Americans will have an average of 50 Wi-Fi connected devices in their homes.
Intel will send out an update to fix a firmware vulnerability that could give a hacker access to business computers or devices that use its Active Management Technology (AMT), Intel Standard Manageability (ISM) or Small Business Technology (SBT), said a news release Friday. Intel, which issued a security advisory about the vulnerability May 1, said it implemented and validated an update to address the issue and is working with computer makers to integrate it into their software, with the update available beginning Monday. Before then, Intel said companies using computers and devices that incorporate AMT, ISM or SBT can download a tool that will analyze a system. If the tool detects the vulnerability or can't determine if a system is at risk, administrators can follow a mitigation guide published with the advisory or they can contact customer support.
When Gmail users received a phishing email impersonating Google Docs they clicked a link in the email that led them to the attacker's application requesting access to their accounts, said Mark Risher, Google director-counter-abuse technology, in a Friday blog post about the spoofing campaign last week. "If the user authorized access to the application (through a mechanism called OAuth), it used the user's contact list to send the same message to more people." Google said it stopped the attack within an hour of detecting it Thursday, and fewer than 0.1 percent of users were affected (see 1705040025). Risher said Google protects users from such attacks via machine learning technology that can detect spam and phishing messages with a 99.9 percent accuracy; "safe browsing" warnings that alert users to dangerous links within Gmail and across more than 2 billion browsers; prevention of suspicious account sign-ins; and email attachment scans for malware. The company, he said, is updating policies and enforcement of OAuth apps and anti-spam systems and expanding monitoring of "suspicious" third-party apps that seek information from users.
Google said it stopped a phishing email campaign impersonating Google Docs that was attempting to compromise Gmail users. "We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again," said a Wednesday tweet. In a later statement, the company said it resolved the issue about an hour after it first tweeted that it was investigating a phishing email. It said the phishing campaign "affected fewer than 0.1% of Gmail users. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed."