Our latest round up of recent cybercrime news stories from Phil Ashley, Director of Crossword Labs. A pick of the weird, unexpected and sobering reminders of why we need to work together to stay on top of cybersecurity.
AZOV RANSOMWARE IS A WIPER, DESTROYING DATA 666 BYTES AT A TIME
Azov Ransomware, a malware being distributed worldwide, has been proven to be a data wiper that intentionally destroys victims’ data and infects other programs.
It is being widely distributed through the ‘Smokeloader’ botnet, commonly found on fake pirated software and crack sites. The threat actor behind the malware is currently unknown, but it may be an attempt to cover up other malicious behaviour or to troll the cybersecurity community. Victims of the ransomware will have no way of recovering their files and it is being recommended to fully reinstall an operating system to be safe.
THIRD-PARTY PAYMENTS USED TO SATISFY CYBER INSURANCE POLICY EXCESS
Washington State Appeals Court ruled that T-Mobile had covered a $10 million excess payment under a cyber policy with Zurich American Insurance with funds it received from a vendor involved in a 2015 data breach.
The court rejected Zurich’s argument that a policyholder cannot use a third-party payment as a deductible and found that the insurer must cover T-Mobile’s losses stemming from the breach. This clears the way for companies to use third-party data breach settlement payments to satisfy skyrocketing cyber insurance excesses. Already a number of insurer’s, policies (including Lloyd’s of London) have now specifically barred third-party recoveries from being used to pay excesses.
15,000 SITES HACKED FOR MASSIVE GOOGLE SEO POISONING CAMPAIGN
Hackers are conducting a massive black hat search engine optimisation (SEO) campaign by compromising almost 15,000 websites and redirecting visitors to fake Q&A discussion forums.
The attacks were first spotted by cybersecurity firm Sucuri, which found that each compromised site contains approximately 20,000 files used as part of the search engine spam campaign. Most of the sites are WordPress sites. The researchers believe that the goal of the threat actors is to generate enough indexed pages to increase the fake Q&A sites’ authority and improve their ranking in search engines. The campaign primes these sites for future use as malware or phishing sites.
Find out more about Crossword's cybersecurity and vulnerability monitoring service, Nightingale.