This week blog comes fresh off the press
because a data breach happened yesterday. Gamestop.com is looking into a possible
data breach of their websites. A third party notified GameStop that its customer’s
credit card data was being sold on a website. Krebs’s financial sources say
they have received alerts of fraud coming from gamestop.com. This does not affect
in store purchases only purchases made from GameStop’s website Gamestop.com. According
to Krebs’s customer card number, expiration date, name, address and card verification
value (CVV2) were compromised (Krebs, 2017). The CVV2 is the three digit number
on the back of credit and debit cards, which is used for security. Merchants
are not supposed to store the CVV2 numbers, but that does not mean hackers can
use software to get the number before it is encrypted (Petite, 2017). GameStop has hired a security firm to investigate
the data breach that happened between September 2016 and February 2017.
GameStop told customers to basically watch
credit card and bank statements for authorized charges. The problem with
looking at paper credit card and bank statements is they are monthly, which
would give the bad guy plenty of time to buy items. If a person’s bank or
credit card has a way to check purchases from an online interface (Online
Banking) that would be a better way to check instead of paper statements. If
the breach does turn out to be from GameStop I would hope GameStop offers to
replace all the credit and debit cards affected from the breach.
Without knowing more about the breach (I’m
sure more will come out in a couple weeks) it’s hard to say how the attackers were
able to get the information. Most likely GameStop did not have security as part
of building the website and there was a vulnerability, which allowed the
attackers access to the data. I will update the blog once more information has
been shared. Lately it has been quiet, but there will be more data breaches for
the year of 2017.
Another subject I want to touch on is
Ransomware. A project call No More Ransom (NMR) started collecting decryption
tools and keys for Ransomware. The project was started by Europol, the Dutch
National Police, Intel Security and Kaspersky Lab (Kumar, 2017). The project
allows teaching users about ransomware and provides decryption tools, so that
users can get their files back. According to the article the platform is
available in 14 languages and it has over 40 free decryption tools (Kumar, 2017).
The website is located at https://www.nomoreransom.org/.
With ransomware being the new way for
attackers to make money there have been several variants. I have only heard of CryptoLocker
, CryptoWall, and Locky, but some other names are Cerber, Crysis, CTB-Locker,
Jigsaw, KeRanger, LeChiffre, TelsaCrypt, TorrentLocker, and ZCryptor (Brunau ,
2017). I found the Jigsaw ransomware name interesting and decided to do more
research. Jigsaw is a nasty type of ransomware that gives a user three days to pay
the 150 dollars in bitcoin, but there is more. Jigsaw will start deleting files
every hour until the payment is received. If no payment is received Jigsaw will
delete all the encrypted files. If a person attempts to change registry
settings or attempts to shut off the computer, Jigsaw will make the time jump
24 hours ahead. A person is only given three chances before all the files are
deleted.
A youtube video seen upload can be found at the founding link https://www.youtube.com/watch?v=cbHcDgMtA0k and it shows how to decrypt Cerber ransomware. I’m glad the project No More Ransom was
setup to help people decrypt their files. For a default computer user they have
no safe guards to protect their computer against ransomware. With these tools
users can get away without paying the attackers, which is why ransomware is
still around. Tips for home users to
protect themselves from ransomware:
1.
Ransomware
mostly comes from emails, so be careful and look for spam emails
2.
Have
two accounts one for regular use and another made to install applications
3.
Create backups using either backup software or
online backups
References
Krebs,
B. (2017, April 07). Krebs on Security. Retrieved April 08, 2017, from https://krebsonsecurity.com/2017/04/gamestop-com-investigating-possible-breach/#more-38927).
Petite,
S. (2017, April 07). GameStop.com customers' credit card information may have
been compromised. Retrieved April 08, 2017, from http://www.digitaltrends.com/gaming/gamestop-online-security-breach
Kumar,
M. (2017, April 05). No More Ransom - 15 New Ransomware Decryption Tools
Available for Free. Retrieved April 08, 2017, from http://thehackernews.com/2017/04/decrypt-ransomware-files-tool.html
Brunau,
C. (2017, March 01). Common Types of Ransomware. Retrieved April 08, 2017, from
https://www.datto.com/blog/common-types-of-ransomware
No comments:
Post a Comment