Image of The Good, The Bad & The Ugly in CyberSecurity

The Good, the Bad and the Ugly in Cybersecurity – Week 45

Image of The Good, The Bad & The Ugly in CyberSecurity

The Good

This week, Google announced The App Defense Alliance. The new venture is a joint effort coordinated along with ESET, Lookout and Zimperium.

The overall goal is to ensure ongoing ‘safety’ of the official Google Play store, primarily finding and removing malicious apps from the marketplace. Potentially harmful applications and mobile malware have been a constant issue given the open nature of the Android marketplace, official or otherwise. This alliance hopes to curtail that by screening apps prior to their going ‘live’ on the Play store. App Defense Alliance partners can request that specific apps be analyzed, with subsequent results sent back to the requestor enriched with scan data and any intelligence gleaned from the analysis. Process-wise, the Google Play detection systems will be fully integrated with each partner’s scanning technology, allowing for a robust and multifaceted view of the app’s potential risk. A secure communication channel between Google and partners is also key to this effort. This allows for critical and expert-level vetting of code, above and beyond what occurs now. Naturally, this also generates more useful data around what is ‘good’ and what is ‘bad’. In the longer-term, this would benefit the entire ecosystem and enhance intelligence and reputation data around malicious behaviors and actors, including repeat offenders in the mobile space.

image of app defense alliance

The Bad

This week brought another round of ransomware attacks, targeting a variety of critical entities. We had multiple attacks make the news across Spain (Everis, Cadena SER) as well as the Lincoln County School District in Mississippi. Initial reports of the attack emerged on Monday morning. According to a statement from Lincoln County School District superintendent Mickey Myers:

“The district computer systems have been encrypted by a ransomware virus. This cyber-attack has adversely affected multiple systems in our network. We are investigating the incident with numerous agencies and will provide more information as soon as possible”.

According to current reports, the attack affected multiple sites, specifically affecting all internet-based communications across the district and a majority of the telecom systems. The district was quick to coordinate with local authorities as well as the FBI. As of this writing, there has not been confirmation on which specific family of ransomware was used in this attack. That being said, all cautions and standard caveats apply…Be prepared. Have tested and proven Backup, BCP, and DRP strategies in place. Better still, deploy a trusted security solution that beats ransomware attacks. 

The Ugly

All organizations should be hyper-aware (by now) that malicious insider activity is one of any environment’s largest threats. This holds true in both accidental AND intentional malicious actions. Now imagine an intentional bad actor with access to all your company’s customer support data. That alone is a treasure. Sprinkle in the fact that said bad actor also works for a well-known security company and you have the ‘perfect storm’: all the ingredients required for a modern “tech support” scam, backed by accurate personal data that the scammers can use to their advantage.

trend micro

This week it was reported that a Trend Micro employee was siphoning customer support data and selling it to a “malicious third party”. That 3rd party was a phone-based technical support scam operation that used data from approximately 68,000 Trend Micro customers. The scammers used this data to ‘inform’ the process of calling victims and attempting to extract personal and financial data from them. Phone-based support scans are not new, but this is a fresh reminder than even if the voice on the other end of the phone sounds like they have accurate data and valid info on your purchase of a specific product or service, they may still be adversarial.

The incident reportedly surfaced in August of 2019, with Trend Micro reaching a conclusion on the insider threat in October. Trend Micro released a statement on their blog highlighting the most important way to protect yourself from these types of scams: “TREND MICRO DOES NOT CALL CONSUMERS UNSOLICITED”.

The same holds true for your bank, the government/IRS, and other entities that are often tied to these scams and social engineering attempts. You can never be too careful.