In this Issue:
- Latest Pirates of the Caribbean film held for ransom
- DocuSign credential leak used in fake phishing emails
- NSA toolkit worms proliferate
- easyDNS members affected by “AntiPublic” credential dump
- The world’s most important resource is… your data
Latest Pirates of the Caribbean him held for ransom
Disney reported last week that they had been contacted by hackers who claimed to have obtained a pre-release copy of “Pirates of the Caribbean: Dead Men Tell No Tales”, the most recent instalment of the hugely successful franchise. A “huge” ransom was demanded, payable in bitcoin (of course), to which Disney has refused to comply and is co-operating with the FBI. Predictably, within hours numerous torrents appeared purporting to be the leaked copy of the movie. To date they are all fakes leading to various and sundry “online survey” scams and such.
DocuSign credential leak used in fake phishing emails
The electronic contracts & signatures company DocuSign revealed a compromise of their customer email list. DocuSign’s own forensic analysis of the situation states that only email addresses were exfiltrated, no other customer data, nor electronic documents such as contracts to be signed, were obtained. The attackers used said addresses to send fake requests to execute document requests and contained a virus payload.
NSA toolkit worms proliferate
Last week’s WannaCry worm, which was only stopped via the fortuitous discovery of an easily invoked “kill switch” was somewhat of a wake-up call to the world. The message was not lost on hackers who have wasted no time developing variants of the worm using the leaked NSA hacking tools containing various different payloads from Remote Access Tools (RATs) and bitcoin mining rigs to “sleeper” kits which burrow deep into the bowels of infected servers to lie dormant for use in future attacks. Needless to say, most of these variants opted to omit the “killswitch” part of the code, meaning once released they are “out there” for good.
easyDNS members affected by “AntiPublic” credential dump
We have completed our analysis of the AntiPublic dump, the enormous 500 million+ credential dump which we mentioned a couple weeks ago. The results were an intersection of 19,551 email addresses from our member database were present in the dump, of those, 1,095 (5%) were using the same passwords as the cleartext passwords exposed in the leak.
Affected user accounts have had their passwords reset, please folks, don’t reuse passwords across sites and use strong passwords unique to each website you use.
The worlds most important resource is… your data
The May 6th print edition of The Economist magazine front cover story calls personal data “The world’s most valuable resource”, opining the collecting, collating and selling personal data is “the oil” of the 21st century. The articles go on to wonder if the 800lb gorillas of the space (Google, Amazon, Facebook, etc) need to be broken up “Standard Oil” style as they have a penchant for stifling competition and end-running government privacy legislations.
We think the article asks some valid questions but only looks at one side of the the vice end users, “the people” find ourselves in: on one side we are all being cross-indexed and sold by vendors and their walled gardens ensconced in their lives via their smart phones and computing devices, while on the other side we’re being ubiquitously surveilled by The State itself. There needs to be a huge consumer led groundswell demand for personal encryption and personal data sovereignty. Although not enough people actually care yet to make that happen.
Previously on #AxisOfEasy
If you missed the previous issues, they can be read online here:
- May 15, 2017: What you need to know about the WannaCry Worm
- May 8, 2017: Facebook Ads Targeting Teens Based on Emotional State
- May 1, 2017: DoublePulsar: The Leaked NSA Exploit Kit Spreading In the Wild
- April 24, 2017: Is Google Stealing Your Content?