Cybersecurity news headlines (January 5 – January 20)

In case you did not keep up with the world of cybersecurity in the past few weeks, we have compiled the biggest news headlines between January 5th and 20th. You’ll find a couple of major headlines, such as the US Senate voting in favor of a bill that could allow NSA to spy on citizens without needing a warrant, and some minor ones, like Taiwanese police giving away malware-infected USBs as prizes for a cybersecurity quiz. Without further ado, here’s what made headlines in the last two weeks.

US Congress votes in favor of a bill allowing warrantless surveillance

Despite numerous objections from privacy groups, on the 11th, the United States House of Representatives passed a bill that allows intelligence agencies to spy on US citizens without needing a warrant. On the 16th, the Senate voted in favor of the bill, reauthorizing the NSA to collect electronic communications for the next six years.

Section 702 of The Foreign Intelligence Surveillance Act (FISA), the bill in question, allows NSA to monitor and collect electronic communications from non-US citizens located outside of the US. A loophole in the bill also allows the intelligence agency to spy on US citizens, more specifically, their communication with the monitored non-US citizen.

The bill has long since been controversial, and gathered much attention when Edward Snowden revealed the warrantless NSA surveillance program that has been running since the 9/11 terrorist attack.

OneDrive introduces File Restore, a service that could recover deleted, corrupted or infected files

Microsoft is planning on rolling out a file restore feature for OneDrive for Business. It would be able to recover files that have been deleted, corrupted or infected by malware. This feature is expected to reach eligible customers by mid-February, according to a notice in the Office 365 Message Center.

“Files Restore- will enable self-service recovery from disastrous events such as mass deletes, corruption, and other data loss scenarios,” Microsoft said.

File Restore is different from Version History, which allowed users to go back to previous versions of files. File Restore will allow customers to restore the entire account to a previous date. This feature is expected to be especially useful when dealing with a ransomware infection, which have become very common.

Hospital pays $55,000 in ransom after a ransomware attack, despite having backups

A hospital in Greenfield, Indiana, has decided to pay a $55,000 ransom when their systems became infected with ransomware, despite having backups. SamSam ransomware, the malware responsible for the attack, encrypted around 1,400 files, renaming them “I’m sorry”, and demanded that the hospital pay 4 Bitcoins (worth $55,000 at the time) to recover the files.

IT services took down the network and employees were asked to keep their computers turned off while the issue was solved. The staff had to switch to pen-and-paper for about two days, but the hospital continued to operate, and patients received care as usual.

According to the hospital representatives, the decision to pay the ransom was made considering the amount of time it would take to recover everything from backup. It was speculated that it could take days or even weeks to restore files, and ultimately, it was decides that the hospital would give into the demands. Fortunately, the hackers did restore files after the payment was made and the hospital was up and running as normal a couple of days later.

Man behind LeakedSource portal charged

A 27-year-old man, residing in Ontario, Canada, was charged for running LeakedSource.com, a web page that in addition to allowing users to check if their credentials appear in a data breach, was also selling access to that data, including clear text passwords, to anyone willing to pay.

The website, active since late 2015, permitted anyone to buy a subscription that would grant them access to a compilation of data breach files, including usernames, emails and passwords. Since users tend to reuse passwords and rarely change them, the data could be used to hack many accounts.

The man is now facing charges on:

• Trafficking In Identity Information
• Unauthorized Use of Computer (s. 342.1 of the Criminal Code)
• Mischief to Data
• Possession of Property Obtained By Crime.

The Royal Canadian Mounted Police (RCMP) estimates that the LeakedSource.com was able to make around $247,000 by doing this.

Police give out malware-infected USB after a cybersecurity quiz

In a rather ironic situation, Taiwanese police gave out USBs infected with malware to winners of a cyber-security quiz. The 250 8GB USBs were given as a prize to winning participants of a cyber security quiz at a data security expose hosted by the country’s Presidential Office. 54 of those 250 USB were reportedly infected with malware. After numerous complaints from the winners about their anti-virus alerting them about malware, the police stopped handing out the prizes.

Reportedly, a third-party contractor’s employee was checking the USB storage capacity on their computer, which was infected with malware. The infection spread to the USB from there.

No computer’s were damaged by the malware, as it was designed to collect and send data to an already shut down server in Poland.

Skype end-to-end encryption is coming soon

Skype is finally introducing private conversations. Microsoft is teaming up with Signal to integrate Signal Protocol and bring Skype end-to-end encryption. Signal Protocol is already used in other popular messaging apps such as Facebook Messenger and Whatsapp, and allows users to have completely private conversations, with neither the company nor the servers transmitting the data being able to decrypt the messages.

“Skype Private Conversations give you enhanced security through end-to-end encryption with an additional layer of security for conversations between you and your friends and family. Private Conversations can only be between you and one other contact. This is not supported in groups,” Skype explains.

End-to-end encryption on Skype is not enabled by Default, so in order to have a private conversation, users will have to manually launch it. The new feature is currently available to Skype Insider, a platform allowing users to test out new Skype features before they become available to everyone, and is expected to roll out to all users soon.

Firefly malware creator charged, after spying on users for 13 years

Phillip Durachinsky of Ohio, USA, was formally charged with creating malware known as Firefly. It is suspected that Durachinsky has been spying on people using the malware for 13 years.

“For more than 13 years, Phillip Durachinsky allegedly infected with malware the computers of thousands of Americans and stole their most personal data and communications. This case is an example of the Justice Department’s continued efforts to hold accountable cybercriminals who invade the privacy of others and exploit technology for their own ends,” Acting Assistant Attorney General John P. Cronan of the Justice Department’s Criminal Division said.

Reportedly, the malware was created to spy on web browser activity and harvest keystrokes of infected systems. Durachinsky was also able to watch and listen in on the victim via webcam and microphone. It is believed that the malware activated when users using infected computers typed in pornography related search terms. Allegedly, the malware could have taken pictures of users while they were browsing adult-orientated websites, and may have sent them to Durachinsky.

Data breach in Norway’s healthcare system

It has been reported that hackers have breached Norway’s Health South East RHF, and personal data of nearly three million patients could has been compromised. The breach was reported on Monday, after strange activity against computer systems in the region was noticed. Not much is clear at the current moment, but the situation is considered to be very serious. The hackers are believed to be highly-skilled and professional. The CEO of Health South East RHF, Cathrine M. Lofthus has reassured that there was no impact on patient care yet, and that all measures are taken to limit the damage and resolve everything. It has been noted that the health records include those of government, secret services, military, and intelligence employees, as well as politicians. Thus, there are worries about a foreign state sponsored attack.