Security summary – April 2019

Our short monthly review summarises important news and blog posts, which focus on IT security, cloud computing and privacy protection.

1. Clear increase in Mac malware for the first quarter of 2019

In their quarterly report for the first quarter of 2019, the security company Malwarebytes reports a 62% increase in malware for MacOS in comparison to the last quarter of 2018. Most notably is an increase as high as 200% in AdWare programs that manipulate the internet settings of a computer to enable unwanted advertisement.

Source: heise.de

2. Security cameras and baby monitors amongst millions of exposed devices

According to an in-depth analysis made by security researcher Paul Marrapese, a peer-to-peer (P2P) communications technology built into millions of IoT devices leaves them vulnerable to eavesdropping, credential theft and remote access. The devices exposed to this risk include security cameras and webcams, baby monitors, smart doorbells, and digital video recorders.

Source: krebsonsecurity.com

3. Hacker gains control of thousands of car GPS trackers

Thousands of users of the car GPS apps iTrack and ProTrack were hacked after failing to reset the standard password after installing the app popular among both companies and individuals alike. In some instances, the hacker would have been able to shut down the car engine of the affected cars when the vehicle was moving slower than 20 km/h. Furthermore, the hacker gained access to the exact position of the car along with personal information of the owner including name, address and telephone number.

Source: heise.de

4. More than half of SMEs ready to pay ransom after cyber attack

According to the AppRiver Cyberthreat Index for Business Survey, 55% of SMEs asked responded that they would be willing to pay a ransomware after an attack in order to regain access to and control of their business data. Nearly 40% of larger SMEs went so far as to say they would definitely pay at almost any price. The average ransom amount paid by victims in cases handled by Coverware skyrocketed by 89%, from USD 6,733 in the fourth quarter of 2018 to USD 12,762 in the first quarter of 2019.

Source: darkreading.com

5. Facebook anticipates billion-dollar fine after privacy violations

Thousands of users of the car GPS apps iTrack and ProTrack were hacked after failing to reset the standard password after installing the app popular among both companies and individuals. In some instances, the hacker would have been able to shut down the car engine of the affected cars when the vehicle was moving slower than 20 km/h. Furthermore, the hacker gained access to the exact position of the car along with personal information of the owner including name, address and telephone number.

Source: thehackernews.com

6. Amazon employees have ‘broad access’ to personal Alexa info

An auditing program for the voice assistance technology “Alexa” has exposed that Amazon employees can access information such as the home address of any Alexa user. Five Amazon employees confirmed to Bloomberg that they do indeed have access to the geolocation data enabling them to go as far as to generate satellite pictures of an Alexa owner’s house.

Source: threatpost.com

7. US congress reopens discussions of national privacy law

While Europe is hard at work making the European data privacy regulations (GDPR) a reality, the US congress has been debating whether it is time for the United States to also introduce national data and privacy regulations. Such an initiative saw a strong opposition in the past from large tech companies, including those based in Silicon Valley, which prevented any serious discussion on legislation. In the midst of large-scale abuse of private data, tech companies are now seeking to influence rather than avoid legislation.

Source: darkreading.com

8. France’s new government chat tool compromised

As an alternative to messaging apps WhatsApp and Telegram, the French government has had a third-party provider develop a messaging app designed specifically and exclusively for the exchange of messages between French government officials. However, shortly after the official app release, the hacker Baptise Robert proved able to create a user account and access the app.

Source: heise.de

9. Not thousands, but millions of Instagram accounts compromised

Facebook now admits that millions of Instagram users were affected by a data breach which occurred in end of March. When the breach was first reported, the social media giant stated that it affected tens of thousands of users. Facebook reports: “Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users.”

Source: heise.de

10. Easter attack targets half a billion Apple iOS users

Hacker group eGobbler took advantage of Easter holiday-related peaks in phone browsing to mount a large-scale malvertising attack on half a billion consumers. An unpatched Chrome bug allowed the attackers to redirect iPhone or iPad users to a website or a pop-up which would trigger a payload if they click on it.

Source: threatpost.com

11. Every second PC user affected by malware in the past year

Companies are not the only targets of malware such as trojans, viruses, or ransomware. A Bitkom survey of 1,120 German PC users show that 46% were affected by malware within the past 12 months. “The most common operating systems and office programs remain popular entry points for malware”, states Dr. Nabil Alsabah, head of IT security at Bitkom.

Source: security-insider.de

12. Chemistry manufacturer Bayer AG attacked by hackers

The chemistry manufacturer Bayer AG reports a cyber-attack supposedly carried out by the hacker group Winnti. The group is allegedly acting on behalf of the Chinese state. The company already found evidence of a hack back in the beginning of 2018. Currently, the Cologne district attorney's office is investigating the case.

Source: heise.de