Pay ransomware crooks, or restore the network? Guess which way this city chose after weighing up the costs
Plus: Sec wizard shows another way to pwn Mac users
In brief A city in Colorado, USA, has swallowed its pride and paid off a malware gang after deciding the cost of a network nuke-and-pave was too high.
The city of Lafayette – technically a home-rule municipality – with a population of around 30,000, said it has opted to pay ransomware criminals a $45,000 (£35,000) fee after deciding that it was a better use of cash than spending time and money wiping and reformatting all of their machines.
"Ransom payment was not the direction the city wanted to go, and pursued all avenues to find alternative solutions," Lafayette officials admitted. "In a cost/benefit scenario of rebuilding the city’s data versus paying the ransom, the ransom option far outweighed attempting to rebuild. The inconvenience of a lengthy service outage for residents was also taken into consideration."
EFF hackers dish the dirt on 4G tracking
During this year's virtual DEF CON hacking conference, EFF senior security researcher Cooper Quentin presented research collected with technologist Yomna Nasser on how they devised a method for detecting fake 4G base stations in real time, thus prevent information from being intercepted. You can catch their talk below.
This is of particular interest to those who are weary of Stingrays and other 4G tower simulators that law enforcement and intelligence agencies use to keep tabs on people. It's also an area where, Quentin notes, many commercial security products don't tread, as there's not much money to be made.
"Even though cybersecurity teams and antivirus companies are doing a good job of what they do, they mostly care about the type of malware that affect their customers, which are usually enterprise customers," he explained.
The EFF has now developed Crocodile Hunter, an API paired with radio hardware to collect information on 4G snooping kit and share it with other researchers.
Remember those Office Macro attacks PC users have known of for years? They're a thing on Macs, too
Patrick Wardle, principal security boffin at JAMF and Apple security expert, has a new warning for macOS users: look out for malicious Office Macros. Booby-trapped Office documents are something Mac users may not realize are a threat on their platform of choice.
He pointed to a Microsoft Office bug, CVE-2019-1457, that can be exploited to escape Apple's sandbox protections, and grant miscreants code execution in a Mac Office environment as well as in Windows.
"Triggered by simply opening a malicious (macro-laced) Office document, no alerts, prompts, nor other user interactions were required in order to persistently infect even a fully-patched macOS Catalina system," says Wardle.
Dutch hackers pwn traffic lights (in a very polite and low-key manner, of course)
Also making waves at DEF CON this year was a presentation from Wesley Neelen and Rik van Duijn, who showed how mobile apps in the Netherlands that connect to traffic lights can be manipulated:
Most notably, the pair were able to create a script to generate a large number of bicycle traffic reports, something that would cause the cyclist-only lights to instantly go from red to green. This could be used for all sorts of mischief.
"More than 10 municipalities in the Netherlands connected a part of their cyclist traffic lights to the affected platforms," the pair said. "It was possible to perform these hacks from any remote location, which allows someone to remotely influence the traffic at scale."
Taiwanese chip makers hacked
And finally from the virtual Black Hat this year, we have a presentation from CyCraft's Chung-Kuan Chen, Indy Lin, and Dhang-De Jiang, who detailed how spies were able to infiltrate and siphon blueprints from seven Taiwan-based semiconductor manufacturers.
The intrusions, it is said, were largely focused on stealing intelligence from the chip makers between 2018 and 2019, presumably for the benefit of companies in mainland China. The infiltration was eventually traced back to the Beijing-backed Winnti hacking crew.
The hackers were able to steal data including source code, technical documents involving industrial controllers, and info on development kits. See the above link for the presentation slides and whitepaper for more details. ®