From the return of BlackEnergy to analysing all things security at CES 2016 and the pros and cons of Windows 10, we’ve got you covered for all the important security stories from the past seven days.
BlackEnergy trojan returns with attacks against Ukrainian energy providers
ESET delivered a comprehensive report on the reemergence of the BlackEnergy trojan in 2015. Anton Cherepanov, a malware researcher at the leading information security company, explained that in recent attacks against energy providers in Ukraine, “a destructive KillDisk trojan was downloaded and executed on systems previously infected with the BlackEnergy trojan”.
CES 2016: Expert insight from a security point of view
Cameron Camp, a malware researcher at ESET, launched his three-part series on CES 2016 with a look at the Internet of Things. He noted that this year will likely be a defining one for IoT, adding: “Everything is connected, from the grip on your golf club to the insoles in your running shoes to the doll your child might play with. So while bad guys might get past the goons at the door with the drug-sniffing dogs, the perimeter you need to protect just became very large indeed.”
Windows 10: Debating whether or not to migrate to the operating system
When it was first released six months ago, there was a lot of buzz and excitement about Windows 10. While it certainly has many amazing features and characteristics – ‘Windows as a Service’, for example – there are, nevertheless, drawbacks, explained Aryeh Goretsky, a distinguished researcher at ESET. Take privacy … this latest version “gathers more data on program and user behaviour”, than previous versions, the expert elaborated.
First analyzed by Emsisoft, and detected by ESET as Win32/Filecoder.NFR, Ransom32 is a new type of malicious software. What is unique is that it works in the form of ‘Ransomware as a Service’, highlighted Sabrina Pagnotta, We Live Security’s Spanish editor. She revealed that it operates from a hidden server in the Tor network, adding: “There, cybercriminals can choose what malware will infect the victim, how many bitcoins it will ask for as a ransom and what threatening messages it will show in the screen.”
Uber hit with $20,000 penalty for poor data security practices
New York’s attorney general, Eric T. Schneiderman, announced that Uber had agreed to pay a $20,000 fine for failing to notify the authorities of a data breach in a timely manner, as well as reform its policies over information security. He said: “This settlement protects the personal information of Uber riders from potential abuse by company executives and staff, including the real-time locations of riders in an Uber vehicle.”
Time Warner Cable warns that customer data may have been compromised
Time Warner Cable, one of the biggest cable telecommunications companies in the US, revealed that up to 320,000 of its customers may have had their data – emails and passwords – compromised. It reported that while it had not yet identified how the information was accessed, it was confident that it was not as a result of a direct data breach.