Week in review 22 August 2014
This week, MailShark made an announcement about our latest customer. You can read the full text of the announcement in our news section.
This week we saw a little of the mindset of hackers, along with how the Ebola virus is leading to more phishing campaigns. Also prominent was a new form of Android malware. Heartbleed was announced some months ago; this week a data breach affecting 4.5 million patients was attributed to Heartbleed. Jailbroken iPhones have been targeted by a new form of malware, whilst the Facebook colour changing app continues to claim victims. Finally, another data breach, this time involving United Parcel Service (UPS) stores, turned up. The data breach was caused by malware. You could be disturbed by a finding from Thycotic that 86% of hackers aren’t concerned that they will be caught. The survey was done at the Black Hat USA 2014 conference.
There were other findings too: 88% of respondents thought that their own Personally Identifiable Information (PII) was not safe online. The full article is an interesting read. Facebook colour changing apps have been doing the rounds over the last few months. They are malware, but there is a safe way to change the colour of your Facebook page, as this article details. The colour changing apps are phishing; they are designed to capture user credentials. The Ebola virus outbreak has spawned a phishing and malware campaign. The campaign works by suggesting sites to visit to obtain a cure or other related information. The site however is a phishing site, which is used to garner user credentials.
This is then used to spread malware that includes key stroke loggers. Android malware that looks like a Symantec Antivirus application turned up this week. This piece of malware gives the user a fake FBI notice that tells the user to pay USD500 to unlock the device. The malware can be easily circumvented, however, as the article details. Heartbleed made the news some months ago. This month we had a glimpse of its ramifications. A large data breach occurred at Community Health Systems; 4.5 million patients had personal data stolen. Community Health Systems is the second largest hospital chain in the US. It is highly recommended that iPhone users do not jailbreak their phones. Even more so with the reporting this week of malware that only affects jailbroken iPhones.
The malware, known as AdThief or Spad, has reportedly infected 75,000 iPhones. There is more: the malware steals revenue from ads, and to date 22 million ads have been affected. This malware offers a compelling reason not to jailbreak an iPhone. Finally, some late breaking news about another data breach, this time involving UPS stores in the USA. Disturbingly, it looks like the breach was undetected for up to 5 months in some cases. The cause of the data breach was malware. The details stolen were customer debit/credit card details. The article contains links to the UPS stores affected by the breach.