Highlights from the past seven days in information security include the threat from Locky, the nuisance of Robocalls and another celeb-related iCloud breach.
Welcome to this week’s security review, which includes the Locky threat, the nuisance of Robocalls, another celeb-related iCloud breach and a warning from the FBI that cars are vulnerable to cyberattacks.
Trojan Downloaders on the rise: Don’t let Locky or TeslaCrypt ruin your day
ESET’s Josep Albors and Raphael Labaca Castro revealed that weeks after it first started encrypting victims’ files, the ransomware Locky has been found to be still active. In their article, the experts offered interesting details into this threat, including the attack vector being a typical email with a seemingly routine attachment. However, hidden in it is a Trojan Downloader, typically from the S/TrojanDownloader.Nemucod family.
Robocalls: where is RoboCop?
ESET’s senior research fellow David Harley delivered an insightful piece on robocalls. He explained that the nuisance, in which people receive an automated phone call with a pre-recorded message, is often used by criminals to scam people. It is, for example, common in cons relating to mis-sold payment protection insurance and pensions. One tip in reducing instances of robocalls, which was offered by the expert, includes subscribing to a ‘do not call’ register.
Harry Styles and Kendall Jenner photos leak online after iCloud account breach
Reporting on news that personal photographs of celebs Harry Styles and Kendall Jenner had been leaked online after the One Direction star’s mum’s iCloud account was breached, independent security analyst Graham Cluley reiterated the importance of two-step/two-factor authentication. He said: “The great thing about two-step verification and two-factor authentication is that it can help protect your data, even if your password is stolen by a criminal.”
FBI warn that automobiles are vulnerable to cyberattacks
In partnership with the Department of Transportation and the National Highway Traffic and Safety Administration, the FBI delivered a public service announcement in which it highlighted the vulnerabilities of modern cars to cyberattacks. “Modern motor vehicles often include new connected vehicle technologies that aim to provide benefits such as added safety features, improved fuel economy, and greater overall convenience,” it stated. “However, with this increased connectivity, it is important that consumers and manufacturers maintain awareness of potential cybersecurity threats.”
ProtonMail: Encrypted key to a more secure future
Speaking to We Live Security by email, ProtonMail’s CEO, Dr. Andy Yen, said that encryption is “key” to a more secure future. As the online world increasingly becomes the go to place for most things – entertainment, banking, work and communication – the “only viable” way of being secure is through encryption, he stated. In an official company blog, Dr. Yen explained that “the best way to ensure that encryption and privacy rights are not encroached upon is to get the tools into the hands of the public as soon as possible and widely distributing them”.
Google adds transparency to online encryption
Google announced that it had added a new category to its transparency report. The new metric will document the use of HTTPS encryption on all requests sent to its servers – this includes information for its own properties, as well as the top 100 non-Google destinations. Revealing this on the official company blog, Rutledge Chin Feman and Tim Willis, HTTPS evangelists at Google, said: “Implementing encryption is not easy work. But, as more people spend more of their time on the web, it’s an increasingly essential element of online security.”