Security News for the Week Ending June 21, 2019
Asus Was Not Alone
I wrote about the Asus supply chain attack in March (search for Asus in the blog search box). Attackers, somehow, compromised the development environment, injected malware and allowed the system to compile, digitally sign and distribute it through the software update process. Hundreds of thousands of clients were infected as a result.
Now we are learning that Asus was not alone. Kaspersky Labs, the Russian antivirus firm that the U.S. Government loves to hate, says that there were more.
In all cases, the development process was compromised and infected software was distributed – including:
- game maker Electronics Extreme
- Innovative Extremist, a web and IT company
- Zepetto
- Plus at least three other companies
All of these companies are current or former game makers and all had their internal development environments compromised to the level that hackers were able to get them to distribute digitally signed malware. Source: Kaspersky.
Samsung warns Users To Check Their TVs for Viruses – Then Unwarns
Last Sunday Samsung put out a notice on Twitter:
“Scanning your computer for malware viruses is important to keep it running smoothly,” the message warned. “This also is true for your QLED TV if it’s connected to Wi-Fi! Prevent malicious software attacks on your TV by scanning for viruses on your TV every few weeks. Here’s how:”
Then they deleted the message as if someone figured out that if users thought their TVs were breeding grounds for bad stuff, they might not buy new TV. When Samsung was asked about it, the reporter got no reply.
YOU DO scan your smart TV for malware every few weeks, don’t you? Source: The Register
The Consequences of A Data Breach
By now everyone is aware of the data breach reported by Quest Labs and Labcorp, among others. But there is another part of the story.
As I have reported, the source of the breach was a third party vendor – American Medical Collection Agency – the vendor cyber risk management problem.
Now that the breach has become public, customers are fleeing from AMCA like the proverbial rats and the sinking ship.
As a result of that, the lawsuits already filed and to be filed and the regulators snooping around, AMCA’s parent company, Retrieval-Masters Creditors Bureau, Inc. ,has filed for bankruptcy.
It seems the company’s future is pretty cloudy. Source: CNN.
Your Tax Dollars At Work
A Florida city has taken the opposite tactic that Baltimore did and decided to pay a hacker’s ransom demand instead of rebuilding from scratch.
Rivieria Beach, Florida, population 34,000, was hit by a ransomware attack three weeks ago. Like many cities and towns, Riveria Beach likely didn’t prioritize IT spending very high and crossed it’s fingers.
The Baltimore hacker asked for about $95,000, which the city refused to pay. They have now agreed to implement a number of IT projects that have been ignored for years and spending $18 million.
In this case, the hacker was bolder, asking for $600,000, which if the city has typically poor IT practices, was the only way to get their data back.
The reason why we hear about all of these attacks on cities is that their budget project is legally much more public. If a private company pays a ransom, there is, most of the time, no legal requirement to disclose it. Source: CBS.