an estimated 280 million records that include a treasure-trove of private user data . According to a report by Appthority , more than 1,000 apps it looked at on mobile devices leakedAttack.Databreachpersonally identifiable information that included passwords , location , VPN PINs , emails and phone numbers . Appthority Mobile Threat Team calledVulnerability-related.DiscoverVulnerabilitythe vulnerability HospitalGown and saidVulnerability-related.DiscoverVulnerabilitythe culprit behind the threat are misconfigured backend storage platforms including Elasticsearch , Redis , MongoDB and MySQL . “ HospitalGown is a vulnerability to data exposure caused , not by any code in the app , but by the app developers ’ failure to properly secure the backend servers with which the app communicates , ” wrote the authors of the report releasedVulnerability-related.DiscoverVulnerabilityWednesday . According to Seth Hardy , director of security research , the problem is a byproduct of insecure database instillations that made headlinesVulnerability-related.DiscoverVulnerabilityin February . That ’ s when misconfigured and insecure MongoDB , Hadoop and CouchDB installations became popular extortionAttack.Ransomtargets for hackers who were scanning for vulnerable servers to attack . The weak link in the chain when it comes to HospitalGown are the insecure servers that apps connect to , Hardy said . During the course of Appthority ’ s investigation , it foundVulnerability-related.DiscoverVulnerability21,000 open Elasticsearch servers , revealing more than 43 terabytes of exposed data . In one scenario , the attacker looks for vulnerabilities in the space between the vendor ’ s mobile application and the app ’ s server side components , according to researchers . “ The servers for most mobile applications are cloud based and accessible via the Internet , this allows a bad actor to skip the long and potentially many-layered ‘ compromise ’ stage of an attack , accessingAttack.Databreachcompany data directly from a database that is impossible for the enterprise to see or secure , ” they wrote . Researchers saidVulnerability-related.DiscoverVulnerabilityvulnerable mobile apps it foundVulnerability-related.DiscoverVulnerabilityran the gamut , from office productivity , enterprise access management , games , dating to travel , flight and hotel applications . Any personal identifiable data a user shared with the app was vulnerableVulnerability-related.DiscoverVulnerabilityto possible exfiltrationAttack.Databreachby a hacker . “ These servers were accessible from the Internet , lacked any means of authentication to prevent unwanted accessAttack.Databreachto the data they contained , and failed to secure transport of data , including PII , using HTTPS : conventions , ” according to the report . While this is a strictly a data security issue , Appthority saidVulnerability-related.DiscoverVulnerability, attacks can quickly escalate and personal information could easily be leveraged in a spear phishing attackAttack.Phishingor brute force attack . In its report , AppThority showed how a mobile VPN app called Pulse Workspace , used by enterprises , government agencies and service providers , leakedAttack.Databreachdata . While Pulse Workspace created an API to secure front-end Elasticsearch access , the backend , and all of the app ’ s data records , were exposed and leakedAttack.DatabreachPulse customer data . AppThority notifiedVulnerability-related.DiscoverVulnerabilityPulse Workspace and its customers of the vulnerability , which have since been fixedVulnerability-related.PatchVulnerability. Appthority is careful to point out that of the platforms it examined – Elasticsearch , Redis , MongoDB , and MySQL – each had plugins to allow for proper public exposure on the internet . “ Best practices on secure data stores is just not being adopted in too many cases , ” Hardy said . Elasticsearch , for example , has a bevy of security and data protection capabilities , such as being able to encrypt all the data that ’ s on the platform . Increasing the risk of HospitalGown type-attacks is that fact that many apps Appthority looked at seemed benign in terms of shared user data . But , increasingly apps have advertising components that collectAttack.Databreachpersonal identifiable data that can be mined by hackers for phishingAttack.Phishingor ransomware attacksAttack.Ransom. App developers and system administrators need to know where their data is stored and make sure it is secured , Hardy told Threatpost .
Developers are once again being blamedVulnerability-related.DiscoverVulnerabilityfor cloud back-end security vulnerabilities , this time in a new reportVulnerability-related.DiscoverVulnerabilityfrom Appthority . The company published investigation results that found nearly 43 TB of enterprise data was exposedAttack.Databreachon cloud back-ends , including personally identifiable information ( PII ) . This comes just shortly after a similar report from a different security company . In the new `` 2017 Q2 Enterprise Mobile Threat Report '' report ( free upon providing registration info ) , Appthority found `` data leakageAttack.Databreach`` from mobile apps that send data to unsecured cloud back-ends . While security concerns typically focus on a triad of other factors -- apps , device threats and network threats -- this data leakageAttack.Databreachon the back-end was dubbed the `` HospitalGown '' threat because of that garment 's open back-end . `` In total , we foundVulnerability-related.DiscoverVulnerabilityalmost 43 TB of data exposedAttack.Databreachand 1,000 apps affectedVulnerability-related.DiscoverVulnerabilityby the HospitalGown vulnerability , '' Appthority saidVulnerability-related.DiscoverVulnerabilityin a blog post last week . `` Looking at a subset of 39 apps , we still found 280 million records exposedAttack.Databreach, a total of about 163 GB of data . This is a staggering amount of leaked information , and in some cases represents the entirety of customer or operational data for an enterprise . '' The reportVulnerability-related.DiscoverVulnerabilityechoes the findings of an earlier reportVulnerability-related.DiscoverVulnerabilityby RedLock Inc. , which revealedVulnerability-related.DiscoverVulnerabilitymany security issues primarily caused by user misconfigurations on public cloud platforms . RedLock claimed it found 82 percent of hosted databases remain unencrypted , among many other problems . As with the RedLock reportVulnerability-related.DiscoverVulnerability, developers were blamedVulnerability-related.DiscoverVulnerabilityfor the HospitalGown vulnerabilities. `` HospitalGown is a vulnerability to data exposure caused , not by any code in the app , but by the app developers ' failure to properly secure the back-end ( hence its name ) servers with which the app communicates and where sensitive data is stored , '' Appthority said . Unsecured Elasticsearch servers and MongoDB databases were prime targets of a series of ransomware attacksAttack.Ransomearlier this year that generated widespread publicity in the security field . However , that publicity apparently was n't enough to significantly alleviate the issue . `` As our findings show , weakly secured back-ends in apps used by employees , partners and customers create a range of security risks including extensive data leaksAttack.Databreachof personally identifiable information ( PII ) and other sensitive data , '' the report states . `` They also significantly increase the risk of spear phishingAttack.Phishing, brute force login , social engineering , data ransomAttack.Ransom, and other attacks . And , HospitalGown makes data accessAttack.Databreachand exfiltrationAttack.Databreachfar easier than other types of attacks . '' Key findings of the report as listed by the company include : Affected apps are connecting to unsecured data stores on popular enterprise services , such as Elasticsearch and MySQL , which are leakingAttack.Databreachlarge amounts of sensitive data . Apps using just one of these services revealed almost 43TB of exposed data . Multiple affected apps leakedAttack.Databreachsome form of PII , including passwords , location , travel and payment details , corporate profile data ( including employees ' VPN PINs , emails , phone numbers ) , and retail customer data . Enterprise security teams do not have visibility into the risk due to the risk 's location in the mobile app vendor 's architecture stack . In multiple cases , data has already been accessedAttack.Databreachby unauthorized individuals and ransomedAttack.Ransom. Even apps that have been removed from devices and the app stores still pose an exposureAttack.Databreachrisk due to the sensitive data that remains stored on unsecured servers . The company saidVulnerability-related.DiscoverVulnerabilityits Mobile Threat Team identifiedVulnerability-related.DiscoverVulnerabilitythe HospitalGown vulnerabilities with a combination of its dynamic app analysis tool and a new back-end scanning method , looking at the network traffic on more than 1 million enterprise mobile apps , both iOS and Android . As with the misconfiguration problems identifiedVulnerability-related.DiscoverVulnerabilityin the RedLock reportVulnerability-related.DiscoverVulnerability, Appthority emphasizedVulnerability-related.DiscoverVulnerabilitythat all cases of HospitalGown vulnerabilities were caused by human errors , not malicious intent or inherent infrastructure problems . That human error was especially prevalent in two app implementations investigated by Appthority : Pulse Workspace ( for accessing enterprise network and Web applications ) and Jacto apps ( from an agricultural machinery company ) .
The average company had four ransomware attacksAttack.Ransomlast year , paidAttack.Ransoman average ransomAttack.Ransomof $ 2,500 per incident , and spent 42 hours dealing with the attackAttack.Ransom. `` We 're nowhere near the end of the ransomware threat , '' said Norman Guadagno , chief evangelist at Carbonite , which provides continuous automated cloud backup services . Of those who did not pay up , 42 percent said that having a full and accurate backup was the reason . And only 13 percent said their preparedness to prevent ransomware was `` high . '' `` People say , ' I know I should back up , have anti-virus , use strong passwords ' -- but they do n't do it , '' said Guadagno . Only 46 percent of respondents said that prevention of ransomware attacks was a high priority for their company . One reason could be that they do n't think the hackers will bother with them . According to the survey , 55 percent of companies said they thought it was either likely or certain that the ransomware also exfiltratedAttack.Databreachdata from the infected device . Businesses should not only have anti-virus in place to keep ransomware from getting in , but also train their employees to spot potential attacks . According to the survey , only 29 percent of respondents said they were confident that their employees could detect risky links or sites . It just goes to show that you ca n't even trust cybercriminals these days .
Check Point ’ s mobile security researchers have discovered a new ransomware in Google Play , dubbed Charger . Charger was found embedded in an app called EnergyRescue . The infected app stealsAttack.Databreachcontacts and SMS messages from the user ’ s device and asks for admin permissions . If granted , the ransomware locks the device and displaysAttack.Ransoma message demanding paymentAttack.Ransom. Researchers detected and quarantined the Android device of an unsuspecting customer employee who had unknowingly downloaded and installed Charger . The early detection enabled them to quickly disclose the findings to Android ’ s Security team that added the malware to Android ’ s built-in protection mechanisms before it began to spread , ensuring only a handful of devices were infected . Unlike most malware found on Google Play , that contains a dropper that later downloads the real malicious components to the device , Charger uses a heavy packing approach . This makes it harder for the malware to stay hidden . Charger ’ s developers compensated for this using a variety of techniques to boost its evasion capabilities so it could stay hidden on Google Play for as long as possible . These included : The ransom demandAttack.Ransomis for 0.2 Bitcoins or roughly $ 180 and is much higher than what has been seen in previous mobile ransomware attacksAttack.Ransom. By comparison , the DataLust ransomware demandedAttack.Ransommerely $ 15 and could be an indicator of a wider effort by mobile malware developers to catch up with their PC ransomware cousins . Similar to other malware seen in the past , Charger checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine , Russia , or Belarus . This is likely done to keep the developers from being prosecuted in their own countries or being extradited between countries
However , modern ransomware certainly merits a classification as one of the most evolving sectors of cybercrime in 2017 . Though it is quite difficult to calculate the overall damage caused by ransomware in 2016 , some researchers state that cybercriminals received over $ 1 billion in ransom paymentsAttack.Ransomlast year . Others mention a 3,500 % increase in the criminal use of infrastructure that helps run ransomware campaigns . Carbon Black says that ransomware is the fastest growing malware across industries , up 50 % in 2016 . Technology ( 218 % ) , utilities and energy ( 112 % ) and banking ( 93 % ) saw the highest year-on-year ransomware growth last year . Due to an important lack of qualified technical personnel and other resources , law enforcement agencies are globally unprepared to detect , prevent and prosecute this type of digital crime . Moreover , more and more cases of ransom paymentAttack.Ransomby the police have become public , while those police officers who dare to resist take a substantive risk . There is the Texas police who lost eight years of their investigative work and all of the evidence by refusing to payAttack.Ransomcybercriminals . This sad statistic explains why the majority of despaired victims of cybercrime fail to report it to the law enforcement agencies . Attackers can easily rent a Ransomware-as-a-Service ( RaaS ) infrastructure for as low as $ 39.99 per month , making up to $ 195,000 of monthly profit without much effort in comparison to other niches of digital fraud and crime . The business of ransomware has become so attractive that some cybercriminals don ’ t even bother to actually encrypt the data , but just extort moneyAttack.Ransomfrom their victims with fake malware . The victims are so scared by media stories about ransomware , combined with law enforcement agencies ’ inability to protect them or at least to punish the offenders , that they usually pay . The new generation of ransomware attacksAttack.RansomIoT and smart devices , locking not only mobiles and smart TVs , but also doors in hotels and air conditioning systems in luxury smart houses . Criminals switch from file encryption to database encryption and web applications , demonstrating a great scalability of ransomware tactics . To increase their profits , hacking teams behind the ransomware campaigns now threaten to send the victim ’ s sensitive data to all of their contacts instead of just deleting it . Cryptocurrencies allow attackers to receive online payments almost without any risk of being traced and prosecuted . Despite the media hype around blockchain ’ s ability to reinvent and improve the world , so far only the cybercriminals have entirely leveraged the full potential of this emerging technology . A simple business model , high profits , accessibility and affordability of resources to deploy large-scale attacking campaigns , and low risks in comparison to other sectors of ( cyber ) crime , assure the flourishing future of ransomware . All of this without mentioning the problem of global inequality actually causing the cybercrime , which I briefly described in Forbes recently . Nonetheless , it does not mean that organizations should give up . The FBI confirms the skyrocketing problem of ransomware , but suggests relying on prevention rather than paying ransomAttack.Ransomto the criminals . PwC also suggests to plan and prepare the organization to this kind of incident in order to have internal capabilities to recover without suffering important financial losses . Some cybersecurity vendors , like SentinelOne , contractually guarantee protection and provide a financial insurance for their clients .
In recent years , ransomware has become a growing concern for companies in every industry . Between April 2015 and March 2016 , the number of individuals affected by ransomware surpassed 2 million — a 17.7 % increase from the previous year . Ransomware attacks function by breaching systems , usually through infected email , and locking important files or networks until the user pays a specified amount of money . According to FBI statistics cited in a Malwarebytes report , hackers gained more than $ 209 million from ransomware paymentsAttack.Ransomin the first three months of 2016 , putting ransomware on track to rake in nearly $ 1 billion this year . But as a result of increased ransom-avoidance , cybercriminals have created an even more insidious threat . Imagine malware that combines ransomware with a personal data leakAttack.Databreach: this is what the latest threat , doxware , looks like . With doxware , hackers hold computers hostageAttack.Ransomuntil the victim pays the ransomAttack.Ransom, similar to ransomware . But doxware takes the attack further by compromisingAttack.Databreachthe privacy of conversations , photos , and sensitive files , and threatening to release them publicly unless the ransom is paidAttack.Ransom. Because of the threatened release , it 's harder to avoid paying the ransomAttack.Ransom, making the attackAttack.Ransommore profitable for hackers . In 2014 , Sony Pictures suffered an email phishing malware attackAttack.Phishingthat releasedAttack.Databreachprivate conversations between top producers and executives discussing employees , actors , industry competitors , and future film plans , among other sensitive topics . And ransomware attacksAttack.Ransomhave claimed a number of recent victims , especially healthcare systems , including MedStar Health , which suffered a major attackAttack.Ransomaffecting 10 hospitals and more than 250 outpatient centers in March 2016 . Combine the data leakAttack.Databreachof Sony and the ransomware attackAttack.Ransomon MedStar and you can see the potential fallout from a doxware attack . Doxware requires strategic , end-to-end planning , which means hackers will target their victims more deliberately . Looking at the data leakedAttack.Databreachfrom Sony , it 's easy to imagine the catastrophic effect doxware would have on an executive of any major corporation . Company leaders hold countless conversations over email each day on sensitive topics ranging from product development to competition to internal politics , and if there 's a doxware attack , the fallout could be extensive . Expect Things to Get WorseThe technology behind doxware is still new , but expect the problem to become worse . Recent attacks have been contained to Windows desktop computers and laptops , but this will certainly change . Once the malware can infiltrate mobile devices , the threat will become even more pervasive , with text messages , photos , and data from apps at risk for being leakedAttack.Databreach. It 's also highly likely that doxware will target more types of files . Workplace emails are currently a big target for hackers . However , a company 's internal communications/instant messaging network is also appealing to hackers using doxware , as the messaging network often serves as a platform where both sensitive business discussion and casual conversations take place , potentially exposing both company secrets and personally embarrassing exchanges . One of these variants hold files ransomAttack.Ransomwith the threat of release and then stealsAttack.Databreacha victim 's passwords . Another mutation , Popcorn Time , takes doxware even further giving victims the option to infect two of their friends with the malware instead of paying the ransomAttack.Ransom.
Schools and colleges are being warned to be on the lookout for ransomware attacksAttack.Ransom, after a wave of incidents where fraudsters attempted to trickAttack.Phishingeducational establishments into opening dangerous email attachments . What makes the attacksAttack.Phishingunusual , however , is just how the attackers trickedAttack.Phishingusers into clicking on the malware-infected attachments . As Action Fraud warns , confidence tricksters are phoning up schools and colleges pretending to beAttack.Phishingfrom the “ Department of Education ” . The fraudsters request the email or phone number of the institution ’ s head teacher or financial administrator claiming they need to sendAttack.Phishingguidance forms to the individual directly , as they contain sensitive information . The emails , however , have a .ZIP file attached , which often contains a boobytrapped Word document or Excel spreadsheet which initiates the ransomware infection . According to reports , up to £8,000 can be demandedAttack.Ransomfor the safe decryption of files on the victims ’ computers . That is , of course , money that few schools can afford to spend . Similar scams have posed as beingAttack.Phishingfrom telecoms providers claiming to need to speak to the head teacher about “ internet systems ” or the Department of Work and Pensions . In all cases the chances of the attack succeeding are increased by the fact that it is prefaced by a phone call . We ’ re all very used to receiving suspicious emails in our inbox , but may be caught off guard if it is accompanied by an official-sounding phone call . Action Fraud ’ s warning indicates that there are considerable amounts of money to be made by online criminals through ransomware attacksAttack.Ransom. If there weren ’ t , they wouldn ’ t be prepared to go to such extreme efforts ( such as making bogus phone calls ) to increase the likelihood that their poisoned email attachments will be opened . More money can typically be extortedAttack.Ransomfrom an organisation than an individual , with some corporations having paid outAttack.Ransomhuge sums to blackmailers after having their data locked away through a ransomware attackAttack.Ransom.
Schools and colleges are being warned to be on the lookout for ransomware attacksAttack.Ransom, after a wave of incidents where fraudsters attempted to trickAttack.Phishingeducational establishments into opening dangerous email attachments . What makes the attacksAttack.Phishingunusual , however , is just how the attackers trickedAttack.Phishingusers into clicking on the malware-infected attachments . As Action Fraud warns , confidence tricksters are phoning up schools and colleges pretending to beAttack.Phishingfrom the “ Department of Education ” . The fraudsters request the email or phone number of the institution ’ s head teacher or financial administrator claiming they need to sendAttack.Phishingguidance forms to the individual directly , as they contain sensitive information . The emails , however , have a .ZIP file attached , which often contains a boobytrapped Word document or Excel spreadsheet which initiates the ransomware infection . According to reports , up to £8,000 can be demandedAttack.Ransomfor the safe decryption of files on the victims ’ computers . That is , of course , money that few schools can afford to spend . Similar scams have posed as beingAttack.Phishingfrom telecoms providers claiming to need to speak to the head teacher about “ internet systems ” or the Department of Work and Pensions . In all cases the chances of the attack succeeding are increased by the fact that it is prefaced by a phone call . We ’ re all very used to receiving suspicious emails in our inbox , but may be caught off guard if it is accompanied by an official-sounding phone call . Action Fraud ’ s warning indicates that there are considerable amounts of money to be made by online criminals through ransomware attacksAttack.Ransom. If there weren ’ t , they wouldn ’ t be prepared to go to such extreme efforts ( such as making bogus phone calls ) to increase the likelihood that their poisoned email attachments will be opened . More money can typically be extortedAttack.Ransomfrom an organisation than an individual , with some corporations having paid outAttack.Ransomhuge sums to blackmailers after having their data locked away through a ransomware attackAttack.Ransom.
Democrats in Pennsylvania ’ s state Senate were locked out of their computer network early Friday morning due to a ransomware attackAttack.Ransom, NBC News reports . According to an unidentified state official who spoke with NBC , the Democratic senators in Harrisburg use their own computer network and “ there is no indication that other state agencies of the Republicans have been affected ” . As of about 5 p.m. Friday , both law enforcement agencies and Microsoft were working with the state Democrats to free their network . In a statement sent to reporters via text message and obtained by The Hill , state party officials said , “ there is currently no indication that the caucus system was targeted or that any data has been compromisedAttack.Databreach” . Recently , ransomware attacksAttack.Ransomhave struck everywhere from hospitals and universities to San Francisco ’ s transit system . Last summer , the congressional IT desk warned representatives in Washington DC to be careful of potential ransomware and phishing threatsAttack.Phishing, but the hacks on the DNC were unrelated . In many cases , the payment demandedAttack.Ransomis only in the tens of thousands of dollars , and occasionally ransomware can be spammed without a specific target , but the affected computer systems are encrypted and inaccessible until the hackers release a key . If a network ’ s data is backed up offsite , the target can occasionally circumvent the ransomAttack.Ransomaltogether — albeit with some increased security . A spokesperson for the Pennsylvania Democrats declined to say to NBC News whether that was possible in this case , or whether the attackers had revealed any motives