Cybersecurity Weekly: California school ransomware, Office Sway phishing campaign, SNAKE ransomware

January 13, 2020 by Sam Fay

A ransomware attack causes a California school district to teach with pen and paper for the week. A new phishing campaign is hosting landing pages on Office Sway. A new strain of ransomware targets business networks. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Ransomware hits, but doesn’t stop, the Pittsburg Unified School District

The Pittsburg Unified School District is recovering from a ransomware attack over the holiday break, but school remains open as usual. The superintendent announced to students and families that they will be teaching and learning without laptops and internet while the school’s IT department recovers from the attack.
Read more »

2. SNAKE ransomware targets business networks

The new SNAKE strain of ransomware joins other popular ransomware families such as Ryuk, Maze and Sodinokibi. Security researchers noted trends of ransomware shifting their focus from individuals to enterprises to maximize profits. Unlike other ransomware, SNAKE is designed to target the entire network rather than individual computers or servers.
Read more »

3. Attackers increase focus on North American electric utilities

In recent months, four hacker organizations expanded their attack efforts against electric utilities in North America. One of these organizations is notorious for targeting utilities, aerospace firms and oil-and-gas companies. An October 2019 report revealed that only 42% of surveyed security professionals felt their organization was prepared for an attack.
Read more »

4. Office 365 phishing emails point to Office Sway

A new phishing campaign was spotted by security researchers last week that hosts the landing page on an Office Sway site. The malicious site will often spoof Microsoft applications, such as Sharepoint or Office 365. If the user is logged into an Office account, links on the page will lead to familiar account pages, making the spoof even more convincing.
Read more »

5. Hospital breach exposes sensitive data on 50,000 patients

A security incident at Alomere Health involved the hacking of two employee email accounts. The company discovered “portions” of patient information were exposed via email attachments in the compromised accounts. Exactly how much of the information that was exfiltrated by the hackers is still under review.
Read more »

6. City of Las Vegas suffers a cyberattack

A cyberattack breached the city’s computer systems last week, but it is not immediately clear if any sensitive data was exposed. Officials pointed out that city networks receive about two million emails, which means attackers “likely compromised the internal network of the city through a malicious email.”
Read more »

7. Google removes over 1,700 joker malware infected apps from Play store

Roughly 1,700 applications infected with the Joker Android malware were removed by Google’s Play Protect from the Play Store since the company started tracking it in early 2017. The malware’s operators use malicious apps to trick victims into purchasing various types of content via their phone bill.
Read more »

8. Over 56 million U.S. residents’ records exposed on Chinese server

Found by a white-hat hacker in early January, the huge data store includes names, home addresses, phone numbers and ages. The size of the database is 22GB and included metadata that links the collection to The hacker said in an interview that “the data is harmless by itself, but could be combined with other data sources for malicious purposes.”
Read more »

9. Researchers demonstrate how to hack any TikTok account by sending SMS

The Chinese video-sharing app contained dangerous vulnerabilities that allowed remote attackers to hijack any user account just by knowing the mobile number of targeted victims. Chaining multiple vulnerabilities allowed security researchers to remotely execute malicious code on the victims’ devices without their consent.
Read more »

10. Critical Firefox 0-day under active attacks

Late last week, Mozilla released a new Firefox version to patch a critical zero-day vulnerability that an undisclosed group of hackers is actively exploiting in the wild. This type of flaw occurs when the code blindly uses objects without checking their type, allowing attackers to crash the application or execute arbitrary code.
Read more »

Posted: January 13, 2020
Sam Fay
View Profile