The week in security: Aussie businesses encouraging ransomware cons; industry Russian to conclusions on election hacks

Australian businesses may have decided the easiest way to deal with ransomware is to pay the ransom, but one expert has warned that this behaviour is only encouraging the extortionists' behaviour.

One site has moved to aggregate advice around ransomware, yet in an interesting twist one ransomware gang also moved to sabotage a rival group by leaking the decryption keys to the Chimera ransomware. This, as one security vendor put its money where its mouth is, offering $1000 per endpoint for machines that get infected by ransomware that isn't stopped by its software.

Yet businesses are also facing problems from other quarters, failing to secure their privileged accounts adequately, according to one survey that warns the overall security posture is not great.

Good thing, then, that law-enforcement and technology firms are joining forces to help fight ransomware – in Europe as well as in the US, where president Barack Obama charged the FBI with investigating cybercrimes as concern escalated over the hacking of an additional Democratic Party organisation and allegations Russian hackers are interfering with the US election – something that presidential candidate Donald Trump, to the disbelief of many and the consternation of cybersecurity practitioners, encouraged in a recent speech.

Cyberespionage group Patchwork was expanding its scope to new industries, even as a hospitality provider Kimpton Hotels investigated a possible credit-card breach and a new report found healthcare organisations are 114 times more likely to be ransomware victims than financial firms.

Hackers love them, a US House hearing heard. Privacy analysts were warning about the implications of Verizon's $US4.8b ($A6.4b) acquisition of Yahoo, while a US federal agency was warning about the implications of SMS-based two-factor authentication and indicated that service providers to government may be forced to replace it with something else.

Many other insecurities were on the radar, with a flaw in the LastPass password manager flagged and Twitter suspending accounts that lured ISIS supporters into installing spyware. Security researchers shut down a large-scale malvertising operation that had remained undetected for months. Researchers warned that many wireless keyboards are completely unprotected and can be eavesdropped on, with hackers able to both read and inject their own keystrokes from nearly 100m away.

Even as Microsoft was preparing to launch new security features for Windows 10 – and a minimum hardware specification to accompany it – there were warnings that security issues were holding up the development of the Internet of Things (IoT) market.

Tags cyberespionageRussian hackersweek in securityprivacy analystsrussian election hack

Show Comments