Reading Time: ~2 min.
The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.
Amazon IPs Rerouted for Several Hours
Early Tuesday morning attackers compromised an ISP that allowed them to reroute 1,300 IP addresses belonging to Amazon’s Route 53 DNS service. Amazon quickly released a statement on the issue and clarified that it was a specific vendor’s domain that was sharing the traffic across multiple peer networks. In doing so, the attackers were able to masquerade as MyEtherWallet.com, which netted them over $150,000 in cryptocurrency.
Middle East Ride-Hailing App Compromised
In an announcement at the beginning of this week, the ride-hailing app Careem addressed a data breach that occurred in mid-January. The breach could affect nearly 14 million customers, though officials have stated that no payment information was amongst the compromised data, as it is stored off-site. Fortunately, the breach shouldn’t affect anyone who signed up for the app after January 14.
Complaints of Tech Support Scams on the Rise
Over the course of 2017, Microsoft saw a 24% rise in the number of complaints regarding tech support scams their customers fell victim to. This increase is similar to the findings of the FBI’s Internet Crime Complaint Center, which saw an 86% change from the previous year. While the tactics used have not varied much, the number of scam calls have gone up significantly and have branched out to include both Mac and Linux users.
City of Atlanta Closing in on $3 Million Mark for Ransomware Recovery
It was recently revealed the City of Atlanta has spent close to $3 million to recover from a ransomware attack nearly a month ago. Though the original ransom was set at $51,000, paying it would not guarantee a swift resolution. Even now, Atlanta is still working on returning its systems to full working order. The delay may have been lengthened by the unknown amount of time the hackers had access to its system.
Malicious Crypto-miner Disables System Security
The newly dubbed PyRoMine, a cryptocurrency miner, which uses the EternalRomance NSA exploit to propagate, has been spotted in the wild over the past month. By disabling any security services it encounters, as well as Windows Updates, the malicious VBScript is able to compromise RDP to allow consistent traffic through port 3389. Even though it hasn’t spread widely, the number of unpatched machines still accessible to malware authors is a goldmine just waiting to be found.