“The device can collect data such as the card’s number and expiration date. If the debit card’s RFID chip stores information such as the card holder’s name, home address, and a mini statement, X5 can steal it as well.”
Researchers have seen a %3,500 increase in ransomware attacks recently. This is no surprise, as there have been a few developments to help spur the growth:
It works! There have been a few stories in the news recently where enterprises have given in to ransom demands to get parts of their network back.
Bitcoin cannot be traced to a particular bank (where the transactions can be reversed) so the attackers now have a convenient method of payment.
Work From Home!
I don’t think Romanian or Chinese hackers are terribly worried about the repercussions of ransoming a hospital in California.
Like always, make sure you have off-site backups and your security infrastructure is in place.
This post references an old (and great) article in Wired about Stuxnet. I went back and re-read it and was struck by the specificity of the virus:
“Stuxnet targeted used the Profibus standard to communicate. They also noticed that the virus searched for a specific value — 2C CB 00 01 — before deciding to attack its target PLC.”
“Stuxnet was targeting a facility that had 33 or more of the frequency converter drives installed, all operating at between 807Hz and 1,210Hz.”
It’s not surprising that Stuxnet was designed to specifically NOT attack just any facility using Seimens PLC’s, that would be disastrous to the world economy (think about that for a second) but whomever (Israel or US tech teams) designed it had specific insider knowledge of the Iranian nuclear facilities. Do you think the Iranian government worries about that?
“167 million SHA-1hashed LinkedIn account credentials tied to the 2012 breach…” Not the 6.5 million they first reported.
This is a reminder to salt your hashes. LinkedIn used a SHA-1 hashing algorithm right out of the box, so when the user database was compromised, hackers could easily guess a large percentage of the passwords.
Google has a new service you can apply for, Project Shield. It utilizes their infrastructure to protect against DDOS attacks.
“Project Shield uses technology called a reverse proxy, which allows a webmaster to serve their site through Google infrastructure for free, providing a “shield” against would-be attackers. So far we’ve protected hundreds of news organizations and human rights websites that have faced attacks aimed at censoring free expression. By protecting these sites, we’ve helped to keep vital information online during elections, major crises and conflicts.”