Cyber-Security: WOROK – Powerful Malware Hidden in .PNG Images

WOROK: Powerful Malware Hidden in .PNG Images

 

“Unless it’s your first day on the internet, you’re probably aware that downloading certain files can be a serious mistake. It doesn’t take a cybersecurity expert to know that double-clicking the TotallyNotAVirus.exe file that mysteriously appeared in your downloads folder is a bad idea. If you’re a bit more security conscious, you probably also know that PDF files, Excel spreadsheets, and Word documents can also contain malicious code. But how many times have you considered the possibility of malware hidden inside an image file? A sophisticated hacking group known as Worok has developed a new type of malware that can be concealed in innocuous-looking PNG images, and they’ve been using it to target governments and large corporations around the world.”

 

Cyber-Crime: Why Hospitals Are The Perfect Targets For Ransomware

hospitals-ransomware-186264888-1024x768

RANSOMWARE HAS BEEN an Internet scourge for more than a decade, but only recently has it made mainstream media headlines. That’s primarily due to a new trend in ransomware attacks: the targeting of hospitals and other healthcare facilities.

The malware works by locking your computer to prevent you from accessing data until you pay a ransom, usually demanded in Bitcoin. Hospitals are the perfect mark for this kind of extortion because they provide critical care and rely on up-to-date information from patient records. Without quick access to drug histories, surgery directives and other information, patient care can get delayed or halted, which makes hospitals more likely to pay a ransom rather than risk delays that could result in death and lawsuits.

“If you have patients, you are going to panic way quicker than if you are selling sheet metal,” says Stu Sjouwerman, CEO of the security firm KnowBe4. Hospitals are a good target for another reason as well: they “have not trained their employees on security awareness … and hospitals don’t focus on cybersecurity in general,” he says. Instead, their primary concern is HIPAA compliance, ensuring that employees meet the federal requirements for protecting patient privacy.

Last month, attackers took computers belonging to the Hollywood Presbyterian Medical Center in Los Angeles hostage using a piece of ransomware called Locky. Computers were offline for more than a week until officials caved to the extortionists’ and paid the equivalent of $17,000 in Bitcoin.

Earlier this month, Methodist Hospital in Henderson, Kentucky was struck by Locky as well, an attack that prevented healthcare providers from accessing patient files. The facility declared a “state of emergency” on a Friday but by Monday was reporting that its systems were “up and running.” Methodist officials, however, said they did not pay the ransomware; administrators in that case had simply restored the hospital’s data from backups.

Then this week, news broke that MedStar Health, which operates 10 hospitals and more than 250 out-patient clinics in the Maryland/Washington, DC area, was hit by a virus that may be ransomware. MedStar wrote in a Facebook post that its network “was affected by a virus that prevents certain users from logging-in to our system,” but a number of employees told the Washington Post that they saw a pop-up screen appear on their computers demanding payment in Bitcoin. The organization responded immediately by shutting down large portions of its network. Employees were unable to access email or a database of patient records, though clinics and other facilities remained open and operating. MedStar did not respond to a call from WIRED.

Read the Remainder at WIRED 

Being a “Criminal” in a Mass Surveillance World

I want to warn you ahead of time, this article is extremely long and sometimes, dense. But Please, don’t give up on it! Read it all the way through, and then re-read it. After that, you will never look at cyber-security and cyber-surveillance “aka Big Brother” the same way again, I ASSURE YOU! Pay Close Attention to the 10 Step “ANTI-SURVEILLANCE “GUIDE at the end…some really good, practical stuff you can do NOW to protect and pre-empt invasions and attacks.

new collection

 

 Original Article:

 You’re a Criminal in a Mass Surveillance World: How Not to Get Caught 

by David Montgomery

Sometimes you just get lucky.

I was in Amsterdam when the Snowden story broke. CNN was non-stop asking politicians and pundits, “Is Edward Snowden a traitor?” Those who said he betrayed America also said something else: Mass surveillance is only an issue if you’re a criminal. If you’ve got nothing to hide then you’ve got nothing to fear.

The Snowden story hit me upon my return from – of all places on earth – the Secret Annex of the Anne Frank House. The Secret Annex is where Anne Frank and her family hid from the Nazis for two years. It was during this period of hiding in terror that Anne wrote her world-famous diary. In it she confided, “I want to be useful or bring enjoyment to all people, even those I’ve never met.”

Anne Frank House then and now

I say I was lucky because the cosmic unlikeliness of my Secret Annex visit coinciding with Snowden’s mass surveillance revelations led to some revelations of my own. My understanding of law, criminality, and mass surveillance coalesced into a horrifying picture.

It turns out we’re all criminals in a mass surveillance world. The only question is whether we’ll get caught. Let me explain.

Read the Remainder at Bananas.Liberty.Me

Cyber-Spook Tradecraft

cyber

 

Originally titled Spyfiles 4 on WikLeaks, this very revealing article reveals some very nasty programs that governments around the world use to spy on their citizens. (Please be careful if you choose to download any of the files on that LINK, as the page warns, even though they have been renamed and compressed, they are still WEAPONIZED GRADE MALWARE.

Beware the Ransomware!

hacker

You know, as we steadily progress into the 21st Century, I for one am seeing a lot of criminal behavior CHANGING; or should I say, EVOLVING into something much more devious and utterly mind-blowing than anyone, especially me, could have ever imagined 20 years ago. Now, you don’t need a gun and a mask to rob a bank or hold something or someone hostage…No, all you need is a DSL connection and hacker tradecraft, and you are IN.

I mean let’s face it, Hackers ARE a threat on many fronts; not only can they can steal your money and your identity, they can also threaten your NATIONAL SECURITY by hacking into critical infra-structure like nuclear power plants, water plants or hospital records. It was recently discovered that Russian hackers had planted malware into a US Nuclear Power Plant Data base; they also hacked Sony and the White House Non-Classified data base (so they are telling us). I mean these guys are into EVERYTHING and ANYTHING.

But, as the bad guy leader Hans said in the 80’s action Hit “Die Hard”...”Who said we were terrorist? We are thieves!” the base instinct in most criminals, cyber or analog, is greed, and to be honest, it is this trait that makes these types of hackers a tad easier to predict and understand than the other 2 types. I mean the ideological types are typically just thieves masquerading as political activist anyways; but the hardest to understand are those purely MALICIOUS assholes that do it just to ruin your day (and your computer typically). And the REALLY bad part (and the one that stings the most for me at least)  is that they typically wind up being some 13-year-old pimped faced kid in their parent’s basement laughing their ass of while at the same time playing World of Warcraft or some other escapist video game. Ughhh..can you feel the utter contempt??

But these hackers, being as forward-thinking as they are daring, decided to not just be satisfied with draining bank accounts to satisfy their greed, no, they had to step it up a notch and enter the realm of DATA RANSOM using you guessed it, RANSOMWARE. Although there has been many reported cases, the latest trend seems to be to strike Police Departments. Read about the latest incident HERE.

When you look at this crime from a broad perspective, you really do see the genius in it. I mean, think about just your average suzy homemaker..she probably has at a minimum, 75 to 100% of her household financial information, not to mention a large portion of her families private information, stored on the HDD of her home computer. Now expand that same principle to critical infrastructure like a city or state police department, or maybe a State Health Department, and you get the picture (and the possibility for mayhem) these kind of people create.

It is interesting to note that in cyber-warfare, just like in standard warfare, for every move, their is a counter-move, and with that counter-move, a chance to again, for an enterprising individual to make BIG money (legally this time). Companies have now sprung up that offer to store your critical data OFF-SITE on a Secure cloud based server for a nominal fee. Companies like  Carbonite and Iron Mountain have made solid reputations for themselves in this field.

So where does this leave the CO? Well first and foremost, back up ALL your critical data! and if you have anything you don’t want stolen, store it Off-site! And, like anything else in the digital age, Knowledge is Power. Learn everything you can about Malware and Ransomware. Understand the depth of this kind of threat, not only to local and state agencies, but also Government agencies, where critical national security information could be stolen and held for ransom. It should also be noted that this type of cyber-crime is an INTEGRAL branch of Fourth Generation Warfare for both State actors and Non-State Actors (terrorist groups like ISIS) to finance their operations. Read what the folks at MalwareBytes had to say about Cryptolocker Ransomware HERE. Sophos also published a very informative piece HERE.

Stay Alert, Stay Informed, Stay Armed and Stay Dangerous!