Ready to Start Your Career?

UNM4SK3D: Kaspersky, Experian, and CTB-Locker

Olivia 's profile image

By: Olivia

December 22, 2017



Due process. That's what Kaspersky is saying they were denied of after the Trump administration banned the use of its products in government networks. Now, they're asking a U.S. federal court to overturn this ruling. How did this all start? Well, back in October of this year, an article from the New York Times described Israeli intelligence officers getting visibility into Kaspersky’s network in 2015 where they witnessed Russian government hackers hacking US government hackers. This caused a widespread wave of suspicion from the US government, with the DHS response reading, "The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security." This resulted in a directive ordering civilian government agencies to remove Kaspersky software from their networks within 90 days. Fast forward to today and the company has continued to deny it has ties to any government and said it would not help a government with cyber espionage.According to the Kaspersky complaint, it appears the value of Kaspersky’s software sales to the U.S. government totaled less than $54,000, or about 0.03 percent of its U.S. subsidiary’s sales in the United States, pointing at a large concern for Kaspersky's reputation in the country. Additionally, allegations about the software have hurt its much bigger consumer software business, which prompted retailers like Best Buy to pull Kaspersky products from their shelves. In the lawsuit, Kaspersky alleges that the government largely relied on uncorroborated news media reports as evidence in a review of Kaspersky software. Since the beginning of this saga, Kaspersky has offered to share the source code of its software and future updates for inspection by independent parties, however, it seems no one is interested in this offer.
DHS has harmed Kaspersky Lab’s reputation and its commercial operations without any evidence of wrongdoing by the company. -the company’s founder, Eugene Kaspersky
Want the full story on what lead to the US/ Kaspersky battle? Read this edition of 'UNM4SK3D.'


AWS should be spelled 'B-A-D.' Yup, more bad news involving another unsecured data repository. This one, which belongs to Alteryx, a data analytics firm, has publicly exposed datasets from their partner Experian and the U.S. Census Bureau that contain sensitive personal information on 123 million U.S. households.UpGuard Director of Cyber Risk Research Chris Vickery was first to disclose the issue, noting that the sensitive information available to any AWS Authenticated User included home addresses, contact information, purchasing behavior, mortgage ownership, and financial histories. UpGuard stated that this “constitutes a remarkably invasive glimpse into the lives of American consumers.” While the spreadsheet uses anonymized record IDs to identify households, the other information in the fields are incredibly detailed as to be "not merely often identifying, but with a high degree of specificity."  Further analysis of the Experian marketing material shows the information delves deeper into household finances, analyzing investment behavior, car buying, and even retail purchasing histories, segmented into categories like 'Book Buyer' and 'Cat Enthusiast.'Experian has that they “[provide] consumers with notice and choice when it comes to how their data is being used,” using “careful consideration of consumer privacy” and “values-based practices that govern the acquisition, compilation and sale of our consumer data." This incident has proven yet another reminder of how third-party vendor risk can result in sensitive data leaking from multiple entities, not to mention how severe the looming threat of data exposure is to consumers, many of whom are still reeling from the Equifax breach. UpGuard wrote,"The data exposed in this bucket would be invaluable for unscrupulous marketers, spammers, and identity thieves, for whom this data would be largely reliable and, more importantly, varied. With a large database of potential victims to survey, with such details as 'mortgage ownership' revealed, a common security verification question, the price could be far higher than merely bad publicity."
This case highlights that third-party vendor relationships are a growing cybersecurity risk. Data from three different organizations: Alteryx, Experian, and the US Census Bureau was revealed. -Varun Badhwar, CEO and co-founder of RedLock
Learn how to leverage the S3 events feature and Simple Notification Service in order to monitor the actions taken on certain assets. Read 'AWS: Monitoring S3 With Events and SNS.'


"But officer, I only rented the malware!" Romania arrested five suspects for allegedly spreading CTB-Locker (Curve-Tor-Bitcoin Locker or Citroni) and Cerber ransomware, which they rented from a ransomware-as-a-service (RaaS) operation on the Dark Web.You may recall CTB-Locker as a more recent PHP ransomware that attacked blogs, websites, content managers and more in 2016. During 'Operation Bakovia,' a joint operation between Romanian and Dutch police and public prosecutors offices, the UK’s National Crime Agency, the FBI, Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT), police turned up a large haul of hard drives, laptops, external storage devices, cryptocurrency mining computers, and documents. From what police found, the responsible individuals are being prosecuted for "unauthorized computer access, serious hindering of a computer system, misuse of devices with the intent of committing cybercrimes and blackmail."Europol says that early this year, "the Dutch High Tech Crime Unit tipped off Romanian authorities about a group of Romanian nationals who were behind a wave of spam that pretended to originate from well-known companies in countries like Italy, the Netherlands, and the UK." They also explained that CTB-Locker was one of the first ransomware variants to use Tor to hide its command and control infrastructure, not to mention that the operation has identified more than 170 victims from several European countries. Although the actual identities of the arrested individuals have not been released, Europol posted a dramatic video of the arrests, where you can see how armed officers stormed the suspects' residence.
The spam messages intended to infect computer systems and encrypt their data with the CTB-Locker ransomware. Each email had an attachment, often in the form of an archived invoice, which contained a malicious file. Once this attachment was opened on a Windows system, the malware encrypted files on the infected device. -Europol press release
Get an in-depth look at the Cerber ransomware. Read 'Ransomware Technical Analysis.'


Black Book announced key findings from a Q4 2017 survey that found that more than 8 in 10 healthcare organizations (about 84%) lack a reliable enterprise leader for cybersecurity, while only 11% plan to get a cybersecurity officer in 2018. olivia2Olivia Lynch (@Cybrary_Olivia) is the Marketing & Communications Manager at Cybrary. Like many of you, she is just getting her toes wet in the infosec field and is working to make cyber security news more interesting. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.
Schedule Demo