By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    What is a Keylogger -Kaspersky Daily
    12 months ago
    An Interactive Map of Online Threats
    12 months ago
    Kaspersky Uncovers New Chthonic Zeus Banking Malware
    12 months ago
    Latest News
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)
    5 days ago
    Exploring Winrar Vulnerability (CVE-2023-38831) | McAfee Blog
    6 days ago
    Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks
    7 days ago
    Agent Tesla’s Unique Approach: VBS and Steganography for Delivery and Intrusion
    1 week ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Critical vulnerability fixed in popular WordPress plugin Jetpack
    Critical vulnerability fixed in popular WordPress plugin Jetpack
    12 months ago
    Windows 10 22H2 new features and changes
    12 months ago
    Windows 11 build 22000.652 (KB5012643) out as preview
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    7 months ago
    Now you can speed up any video in your browser
    7 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    8 months ago
  • How To
    How ToShow More
    Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)
    Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)
    18 hours ago
    Cloudflare account permissions, how to use them, and best practices
    Cloudflare account permissions, how to use them, and best practices
    18 hours ago
    Announcing Cloudflare Incident Alerts
    Announcing Cloudflare Incident Alerts
    18 hours ago
    Welcome to Birthday Week 2023
    Welcome to Birthday Week 2023
    2 days ago
    A new wave of innovation with Edge, your AI-powered browser
    3 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to make iPhone a listening device?
    11 months ago
    How to mirror Android screen on PC?
    11 months ago
    On Instagram, you can view stories and posts of closed accounts
    11 months ago
    Latest News
    How to use image layers on Paint for Windows 11
    6 days ago
    How to disable Copilot on Windows 11 (completely)
    2 weeks ago
    How to blur image background in Photos for Windows 11
    2 weeks ago
    How to hide text from screenshots on Snipping Tool for Windows 11
    2 weeks ago
  • Glossary
  • My Bookmarks
Reading: All data has been stolen. What’s next?
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

All data has been stolen. What’s next?

Vitus White
Last updated: 13 October
Vitus White 4 years ago
Share
7 Min Read

Cybercriminals are starting to shift their focus from stealing personal data to other actions which bring immediate profit, experts at SANS institute say. At the recent ‘The Seven Most Dangerous New Attack Techniques’ roundtable held at the RSA Conference, Dr. Johannes Ullrich demonstrated a curious slide with a modest header saying ‘Changes in malware economics’ which contained a far more radical statement: ‘ALL DATA HAS BEEN STOLEN’.

All data has been already stolen. What's next?

In the US alone, Ulrich says, cybercriminals had already laid their hands on 191 million voter records (bearing in mind the total number of voters in the US is 142 million). That means some records were stolen more than once. As for the credit card data, the numbers are not that shocking, but, of course, they do raise concerns: of 170 million cards issued, 61 million has been compromised (as of 2014).

For #DPD15, we look at 2014’s top data leaks on Kaspersky Daily. https://t.co/lEpy81gdBl #databreach #cybercrime pic.twitter.com/XITXMW9NLe

— Kaspersky Lab (@kaspersky) January 28, 2015

Since hackers’ ‘dedicated’ work has led to a surplus in ‘production’ (if you see cybecrime as an industry), the price of the data on the black market has dropped. With this trend, the theft of user information has become a less profitable and thus less attractive venture for hackers, who then started to search for new ways of gaining profit. Now cybercriminals are increasingly prone to directly demanding ransoms from a victim, no matter who the latter is — an individual or a business.

The number of cases involving DDoS extortion has significantly increased: the culprits won’t stop attacking until the target pays the ransom. Ransomware is becoming more varied and more sophisticated. Among the the recently publicized were the cases of ransomware attacks on two hospitals, and one of them was ultimately forced to pay the ransom in order to decrypt the valuable information.

The longest #DDoS attack in Q4 2015 lasted for 371 hours (or 15.5 days). https://t.co/mTTUwEKsNw #KLReport pic.twitter.com/taDBla5k6v

— Kaspersky Lab (@kaspersky) January 28, 2016

A much less prominent yet more proliferating phenomenon is a new generation of ransomware capable of blocking access to websites. Recently a number of WordPress blogs were hit by CTB-Locker. Cybercriminals would gain access through vulnerabilities in the WordPress engine and then encrypt all the contents of the website. They would then add a few lines of code which would allow them to open the page in a browser and get in touch with the attackers as if through the ‘technical support chat’.

As a sign of ‘good will’, the criminals would decrypt two files free of charge. You might say, “Why go to so much trouble just for a blog?” However, WordPress engine’s simplicity and convenience made it the platform of choice for many online stores and even corporate websites. In those cases, the value of website contents might be huge.

Encrypting data is not equal to stealing it — as it turns out, the first may be even worse. Admiral Michael Rogers, head of the NSA, which also had spoken at RSA 2016, names this one of his worst nightmares. ‘What happens when the same activity is used to manipulate data, software or security products, and suddenly we no longer trust the data we are seeing? What do we do about that?”‘ — he asks.

CTB-Locker is back: the web server edition via @IdoNaor1 https://t.co/oz3vZYSD5C #infosec #netsec pic.twitter.com/RrGIwlorOi

— Kaspersky Lab (@kaspersky) March 1, 2016

Average users still have to watch out for ransomware that encrypts PC data. Also, the attackers are increasingly looking into opportunities to target smartphones: Android ransomware is already in the wild. Besides encrypting data, it makes the handset entirely unusable.

Since a large portion of smartphones do have unpatched vulnerabilities (like Stagefright) and Android malware has quickly become more sophisticated, we are witnessing even more disastrous Android attacks which would enable cybercriminals to both steal money from a phone or bank account and demand ransoms.

The continual evolution of #mobile #malware – https://t.co/lev9ovlF4j pic.twitter.com/lZMRPKVblr

— Kaspersky Lab (@kaspersky) March 2, 2016

SANS experts did not cover protection techniques thoroughly, but we will do this job for them.

1. Websites owners should regularly update both WordPress and its add-ons. Since it’s a tedious job, consider a specialized web hosting which would run those updates automatically.

2. Don’t forget to regularly download website backups which are usually run by a hosting provider and keep them in an offline storage.

3. Back up your critical data regularly and keep it in a detached storage – the best option here would be an external hard drive. As for smartphones, we recommend using cloud storage and uploading all the critical data there.

Setting up backups with Kaspersky Total Security https://t.co/xY9jD0mPpu pic.twitter.com/3PSGIvzFNn

— Kaspersky Lab (@kaspersky) December 23, 2015

4. Ensure your home PC is properly protected. By the way, Kaspersky Internet Security safeguards your documents if it spots some suspicious activity which looks like something’s trying to encrypt your files.

5. It is vital to regularly update and patch the operating system, browser, antivirus and key applications for all the devices you use. If it seems to take too much time, try automatic update.


Source: kaspersky.com

Translate this article

TAGGED: Malware, PoC, RC4, RTF, Security, Software, Threats, Vulnerabilities, WordPress
Vitus White October 13, 2022 September 30, 2019
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)
Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)
Apps 18 hours ago
Cloudflare account permissions, how to use them, and best practices
Cloudflare account permissions, how to use them, and best practices
Apps 18 hours ago
Announcing Cloudflare Incident Alerts
Announcing Cloudflare Incident Alerts
Apps 18 hours ago
Welcome to Birthday Week 2023
Welcome to Birthday Week 2023
Apps 2 days ago
A new wave of innovation with Edge, your AI-powered browser
Windows 3 days ago

You Might Also Like

Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)
Apps

Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)

18 hours ago
Cloudflare account permissions, how to use them, and best practices
Apps

Cloudflare account permissions, how to use them, and best practices

18 hours ago
Announcing Cloudflare Incident Alerts
Apps

Announcing Cloudflare Incident Alerts

18 hours ago
Welcome to Birthday Week 2023
Apps

Welcome to Birthday Week 2023

2 days ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
Critical Vulnerability in Forminator Plugin
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
PHP Object Injection Vulnerability in Flatsome Theme
How to download Windows 11 22H2 ISO after 23H2 releases
Previous Next

10 New Stories

Curator can help you with PC Game Pass picks
Cloudflare Email Security now works with CrowdStrike Falcon LogScale
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)
Exploring Winrar Vulnerability (CVE-2023-38831) | McAfee Blog
How to use image layers on Paint for Windows 11
New! Rate Limiting analytics and throttling
Previous Next
Hot News
Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)
Cloudflare account permissions, how to use them, and best practices
Announcing Cloudflare Incident Alerts
Welcome to Birthday Week 2023
A new wave of innovation with Edge, your AI-powered browser
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?