The SecuriTea News - Issue #14

Each week The Weekly SecuriTEA Report brings you the past week’s interesting Cybersecurity News. Here's what is new for this week:

Don't Know Where This Bill Came From? Check Your Phone For This App. Researchers are warning users to delete a popular Android keyboard application that, once downloaded, makes unauthorized purchases. Google removed the application, AI.type, back in June of this year but not before it was downloaded on at least 40 million phones worldwide. The application in question allows someone to personalize their keyboard with different fonts and emojis while also making suspicious requests in the background that triggers purchases of premium digital services. Users are wholly unaware of this occurring and it was last detected that 14 million transactions occurred recently that if not blocked, would have cost device victims as much as $18 million. The application is also available on the Apple app store, so iPhone users also need to double-check if this is something that was downloaded onto your phone. Some signs to beware of when it comes to knowing if your phone or number is involved in something are: 1) If you notice a random depletion of mobile data, battery life, or performance 2) Random subscription verification texts, 3) Applications asking for a broad range of permissions that can potentially be dangerous. Always make sure you are looking at the permissions applications are asking for.

Beauty Brand Hit With Digital Card Skimmer. You may be familiar with physical card skimmers - hardware devices, that are typically placed on atm machines or gas pumps that accept credit cards, that allow an attacker to steal your credit card information when your card is inserted. Digital Card Skimmers are the same concept but instead of a physical device to capture your card information, malicious software is injected (or inserted) into a legitimate website to steal this information. First Aid Beauty, a popular skincare brand, has discovered that a digital card skimmer was injected on its website for more than 5 months, stealing visitor payment card information. They serve as one of the first major beauty brands to be hit with a malicious attack such as this. With more than 89,689 monthly web visitors the potential scope of this breach is wide. The skimmer was discovered by Williem de Groot, a researcher who contacted the company several times to get this malicious software removed. Another interesting note is that it seemed the skimmer did not work for non-US visitors or visitors who visited the website with a certain type of Operating System (Linux). Their website is currently down for further investigation.

SecuriTea Tip: Be vigilant when online shopping. You should have the same precautions with legitimate and sketchy websites when entering your credit card information. If you need to purchase, see if there is a way to use other pre-authorized/populated methods such as Paypal or Apple pay where you do not have to enter your credit card information.

Adults Sites Possibly Verify Using Facial Recognition. By now we are all familiar with facial recognition technology - it is being actively used on iPhones to unlock phones and make purchases, for example. The Australian government is now looking to use this technology to verify the age of individuals looking to access online porn sites. This proposal comes amid initiatives to change the current Australian policy that does not prohibit minors from visiting adult sites. This proposal, to use technology to answer the question of how to properly enforce regulation on adult sites, brings in many controversies over privacy and security concerns. Australia has a track record for breaches in their local and federal agencies - so much so that relying on the trust of the government to properly secure a facial recognition database becomes questionable. Should the faces of individuals who access these sites be revealed, major privacy concerns come into play when you think of the backlash that can occur (similar to the Ashley Madison incident).

The city of Johannesburg vs Ransomware Attackers. After being attacked last week by ransomware, malicious software that locks users out of their systems in exchange for money, the city of Johannesburg, South Africa is taking a stance to not pay the ransom of 4 Bitcoin and instead rebuild. The attackers, known as Shadow Kill Hackers, claimed responsibility for the attack after city officials tweeted that they had "detected a network breach which resulted in unauthorized access to its information system.” and subsequently shut down access to its online services. The attackers detailed how they compromised all passwords, sensitive data (such as finance and person) and population information with proof via screenshots on Twitter as well. With a city home to around 5 million people, having access to critical infrastructure shut down and compromised accounts on the dark web strikes a massive security issue to officials. This past Monday the city confirmed that they were able to restore customer-facing systems but said they still have a significant way to go in returning e-services back to normal. When an organization is hit with ransomware they usually have two options: 1) pay the ransom and hope the attackers will give them the key to unlock their systems or 2) deny paying the ransom and build their systems from scratch or a backup. We have seen examples throughout this year of organizations not having backups and therefore facing enormous difficulties in restoring their systems back to normal - or when Uber decided to pay the ransom when they were attacked. Unfortunately, ransomware attacks aren’t going away anytime soon. Security experts predict that organizations will continue to be at risk for these types of attacks that also will come with increasingly more sophistication.

And that's a wrap for your Weekly SecuriTea Report. Be sure to check out the latest every week for the latest in Information Security News. Follow us on social media for daily news.