The top 3 Security & Privacy threats December 20174 min read

1. Ransomware fears cause companies to hoard Bitcoin
Companies are reportedly stockpiling cryptocurrencies to hedge against the possible need to pay off cyber criminals. Some firms are said to be investing in Bitcoin and Ethereum to ensure that they have cryptocurrency funds available if they are affected by a ransomware attack.

A survey carried out earlier this year by Citrix found that 42% of companies surveyed were building cryptocurrency stockpiles for ransomware payments, with 28% holding more than 30 bitcoins. The cost of paying ransoms is increasing rapidly along with the value of the cryptocurrencies in which they are paid, so by investing now, some companies hope to ensure that the cost of a ransom is less pricey than it might be later.
However, this approach comes with its own risks, as such holdings may themselves be targeted. With a single bitcoin now worth over $17,000 (£12,000), a company’s cryptocurrency wallet can be worth a substantial amount to a cybercriminal.

The rise in malware focusing on Cryptocurrency comes at a time where the subject has risen to prominence due to is mass media and online appeal, the marketing strategy makes it seem like a quick “Get rich” scheme that ultimately gets people drawn into a bubble, that will eventually crash due to its volatility and also, it’s wider issues to do with legality worldwide.
The NCSC’s website provides further advice to organisations that may be affected by ransomware. The NCSC does not offer advice on whether or not companies should invest in Bitcoin. While it is a matter for the victim whether or not to pay a ransom, the National Crime Agency encourages industry and the public not to do so.

2. New Android malware can melt mobile phones

The Loapi family of Android Trojans is a group of Trojans that are a new type of malware.
A newly discovered family of Android malware can put so much load on mobile phones that it can cause physical damage, according to cyber security researchers.
The Loapi family of Android Trojans has been described as a “jack of all trades” for its wide variety of functionality, ranging from participating in distributed denial of service attacks to signing the user up to paid subscription services. It also includes a module that mines the cryptocurrency Monero by using the phone to generate new coins for the malware’s authors. These activities put so much demand on the phone’s CPU that it generates considerable heat, which the researchers found caused the battery in their test phone to bulge and deform the cover after two days of activity.
Loapi is being distributed via advertising campaigns which mimic genuine antivirus products and adult websites. It repeatedly asks the user for device administrator permissions and, once installed, seeks to delete antivirus software already on the device. It can then carry out a range of malicious functions.

The NCSC recommends in its guidance that enterprise-managed devices are configured to only run apps that have been added to a whitelist (hence blocking other malicious apps). Where this approach is not feasible, users should only install apps from a device’s built-in official store and outlets such as Google Play and Amazon app store.

3. WannaCry offically attributed to North Korea
Media outlets reported the US attribution of the “WannaCry” cyber-attack to North Korea. Writing in the Wall Street Journal, Homeland security adviser Tom Bossert stated:
“The attack was widespread and cost billions, and North Korea is directly responsible. We do not make this allegation lightly. It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree.”
Mr Bossert’s assertions were followed up with a statement from UK Foreign Office Minister Lord Ahmad who said:
“Britain’s National Cyber Security Centre (NCSC) assesses it is highly likely that North Korea’s Lazarus hacking group were behind the WannaCry campaign.”
The NCSC started investigating a potential DPRK link on Friday 12 May and, within a week, had identified malware code overlaps linking the incident to Lazarus Group. The NCSC led the technical investigation into the WannaCry attack and published guidance on its website to help organisations and home users mitigate the impact of the incident.
The UK had made an early announcement on the origin of WannaCry earlier although the evidence of examining the WannaCry malware code brings to light some of the facts such as the presence of typical Korean terms in the malware’s code.

Author: Taran Ranger, CyNation