2016: Held Ransom

April 11, 2016 at 4:29 pm | Posted in EC-Council, Technical Tips | Leave a comment
Tags: , , , , , , , , , , , , ,

It was predicted late last year that 2016 would the year for ransomware. Thus far, the prediction is proving right; only four months in to 2016, the Locky ransomware has managed to spread itself over 114 countries (displaying its demands in dazzling array of 24 languages). The Hollywood Presbyterian Medical Center paid $17,000 in bitcoins after having their computer systems seized in February 2016, while hospitals in Kentucky and Maryland report similar attacks.

In case you’ve been in that doomsday bunker a bit too long, ransomware is malicious software that blocks access to your own data, usually by encryption that targets a local computer. Data stays locked away until you pay a tidy sum of money to the hacker (or, more commonly, to the hacking organization). The malware usually contains a ticking bomb that will format the entire hard drive if you don’t pay by a deadline (or post the data for everyone to see, just as extra motivation). The data kidnappers may call themselves hackers or vigilantes, or even pretend to be a federal agency, but their demand is always the same: pay us for your data — or else!

Worse, with automated viruses like Crytpolocker, Crytowall and TeslaCrypt, hackers don’t have to go through the extra effort of targeting big fish like CEOs of Fortune 500 companies. Any end user could be bilked for hundreds of dollars. And, through the economies of scale, hackers rake in millions per campaign. While current year damages won’t be tallied for a while,  the FBI estimates the CrytoWall variant pulled in over $18 million from 2014 to 2015 alone.

gangster-squad-option-2

“Shame if something happened to that hard drive…”

End users are not the only targets; nor are Windows users. Major sites like the New York Times, BBC, AOL and NFL had their advertising networks compromised by malvertising, where a malicious ad hijacked user’s browsers and redirected them to install a crypto-virus via the Angler toolkit (another argument for using adblockers?). And the once near-invincible Mac OS has been revealed as the target of the KeRangers malware – the first ransomware Mac users have ever had to contend with.

In this climate, is it any surprise then that a prominent security certification vendor like EC-Council was a recent target? Read more for the details.

Posting to the security community in late March, Jonathan Klijnsma noticed an unusual vulnerability to the Angler toolkit on a WordPress plugin used by the iClass site. It was possible for a TelsaCrypt payload to be installed if the following conditions were met:

  • The user’s browser was Internet Explorer (or the user-agent was set to IE).
  • The user was redirected from a search engine, like Google or Bing.
  • The user’s IP address or location information was blocked (probably from some blacklist to protect the hackers  from getting served themselves!).

ransomware-med

This vulnerability was not only difficult to detect, but also uncommon – most users do not use IE and EC-Council students would access the iClass directly without going through a search engine.

I’m proud to say that EC-Council didn’t rest on their laurels. They fixed the problem within days of being notified of the security breach.

I would personally like to thank the security community and Jonathan Klijnsma, @ydklijnsma for highlighting a vulnerability that existed in a third party plugin on one of EC-Council’s affiliated service sites. As soon as our security team became aware of the issue they began working on remediating the vulnerability.

Thereafter, the issue had been remediated and we now confirm that all known instances of the vulnerability has been removed and patched. We also wish to confirm that none of our servers or data were compromised at all during this period.

EC-Council takes security seriously and as the CEO, it is my utmost priority.

I would also like to invite the security research community, whom we have a lot of respect for, to be able to write directly to me at
ceo [at] eccouncil.org

Jay Bavisi
President and Chief Executive Officer,
EC-Council

from EC-Council’s Facebook feed

I don’t think I’ve seen any similar statements from Google, AppNexis, AOL or Rubicon involving their high-profile malvertisements. Just goes to show that if you want to beat hackers, you need to think like one. And if you want to go a step further and become a Certified Ethical Hacker, EC-Council and Transcender are the only place to go!

TranscenderTradeShow

Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: