This week was an interesting one in the world of cybersecurity. Fiat Chrysler is paying hackers, ransomware takes its toll on the mobile industry and two strains of malware hit the WordPress and Joomla! platforms. This week’s Security Central take a deep dive into these curious developments.
One year ago, hackers were able to infiltrate and seize control of a moving Jeep Cherokee using the vehicle’s wireless communications system. Instead of the usual cybersecurity breach retaliation tactics, Fiat Chrysler Automobiles decided to take a different approach. Considering a world in which hackers can compromise and take over a moving vehicle, what strategy could possibly be different and effective enough to help prevent future attacks and stop hackers in their tracks? Easy. Pay them.
We are of course talking about hackers of the white hat variety here. Fiat Chrysler will be launching a “bug bounty program” which essentially offers cash rewards to individuals – these white hat hackers – who find potential bugs or vulnerabilities in vehicles’ software. Bugcrowd Inc., a San Francisco-based cybersecurity company, is running the program. Hackers can earn between $150 and $1,500 depending on the level of threat they uncover and report.
In a recent Wired article, Casey Ellis, co-founder and CEO of Bugcrowd, said that other automakers have been considering implementing bug bounty programs of their own, spurred largely by the Jeep Cherokee incident. “That was the ‘oh shit’ moment in the market,” Ellis says. “The conversation since then has been how do we get as much smarts, intelligence, and creativity to help as addressing this issue as we possibly can. Crowdsourced vulnerability discovery is the most effective way right now.”
This new type of threat and has sparked a flurry of concerns and conversations among experts. Carmakers today are packing vehicles chock full of electronic bells and whistles and software to enhance safety features, increase communication and navigation abilities and provide more connectivity functionalities. While these features are designed to provide a safer and better driving experience, they open up a whole new realm of possibilities for hackers to gain access. Where there’s software, there are cybersecurity threats. Perhaps this ‘hackers fighting hackers’ solution may just do the trick. Only time will tell.
Shifting gears, it appears as though ransomware bugs are determined to keep topping headlines, this week being no exception. Back in June, thousands of websites built on WordPress and Joomla! platforms were compromised by the CryptXXX and Cryptobit ransomware strains, a campaign dubbed ‘Realstatistics’. These bugs encrypt users’ files and then demand a ransom of approximately 2.4 bitcoins (about $1,000) to receive the decryption key. Over the course of the month and into July, at least 2,000 websites were infiltrated and infected with the malicious malware.
How the attackers have been able to break into the content management systems and unleash the harmful code have experts a little stumped. Research company Sucuri executed a fingerprint sweep of the affected sites and stated that the likely culprits are outdated plugins and extensions on both platforms.
In a blog post, Sucuri founder and CTO Daniel Cid stated, “When a CMS is out of date, it speaks volumes to the administration/maintenance strategies a website is employing. If a website owner is unable to keep their core up to date, we can confidently say that they are likely not keeping the extensible components up to date. And we know from our previous research that the leading vector in most CMS applications comes from third-party integrations like plugins and extensions.”
Google has recently been cracking down on sites with the Realstatistics code, most often blacklisting them. Take note, site administrators.
Not to be outdone, the mobile industry just reported dismal numbers in terms of ransomware attacks. The report, released by Kaspersky Lab, stated that the number of mobile ransomware victims has “increased almost four-fold” compared to a year ago. From April 2014 to March 2015, Kaspersky software prevented 35,413 mobile ransomware attacks. From April 2015 to March 2016, the number of attacks prevented totaled 136,532 – a significant jump.
"The growth curve may be less than that seen for PC ransomware, but it is still significant enough to confirm a worrying trend," the report states. So, what it is that’s contributing to the increase in attacks? The report cites several factors: people are actually willing to pay the ransom sums, the value of the information stored on digital devices is much higher these days, law enforcement is ill-equipped to properly deal with the issue, and new online payment tools and platforms (cryptocurrencies) make it extremely easy for the ransom money to change hands.
According to an article in TechNewsWorld, there are ways to protect against ransomware infections. Ryan Naraine, head of the global research and analysis team at Kaspersky Lab, urges users to never download apps from anywhere but the Google Play store, patch Android apps the moment upgrades become available, and above all, use your brain. "If you download a flashlight app," Naraine says, "and it's asking for access to your contact list, that should raise a red flag to a user."
With a few hackers on our side and more ransomware defenses being put in place every day, we may yet see a break in the clouds in terms of cyber-attacks. For now, a little common sense goes a long way.