3 Security Updates: Exposed User Records, Ransomware and Video Links Spreading Malware

Several new security threats have recently been exposed, many of which more directly affect the business word. However, the more aware you are of what is going on, the more likely you are to protect your data security. Also, individuals are also often targets so understanding how current threats work is important. This post discusses three recent threats, including a VPN misconfiguration that exposed one million users, the insurance company CNA suffering a Ransomware attack, and how YouTube videos are being used to share malware spreading links.

This post discusses what happened, what you need to know, and what you can do to protect yourself from these, as well as all security threats in general.

As we head into the holiday season, pressures and distractions are at an all time high for many people, making it more important than ever to be careful online. These examples provide good reminders of what to be on the lookout for, as well as what to do if you are affected.

Exposed user records

Last month over a million users had their personally identifiable information (PII) exposed when a server used by Quickfox, a free VPN service, was found unprotected and accessible. The ElasticSearch server failed to have any password protection or encryption configured. Without any security set up in Elastic Stack, user's information was completely exposed to anyone who found the server.

In total, about 500 million records were exposed, of which one million users' information was exposed. Users affected by this data breach include those from the United States, Japan, Kazakhstan and Indonesia.

The data of the users exposed included:

  • Email addresses
  • IP addresses
  • Phone numbers
  • MD5 hashed passwords
  • Information about their device type

There are several concerns about this breach. First is the fact that the server was configured without any security. Beyond that, hackers could crack the passwords in an effort to use them to hijack other user accounts. This is another example why it is so critical not to reuse passwords.

This is also a great reminder to be very careful what services you sign up for, especially when using free services. What responsibility does a company have to you for services they are providing for free? This is typically the kind of information available in the user agreement, which is often not read by users before they engage with a service.

What you can do: If you use Quickfox's free VPN service, you will want to change your password. Make sure you use something you do not use elsewhere. If those credentials are used elsewhere, be sure to change those as well! Lastly, you may want to consider using a paid service, which often promises a higher level of protection to its customers.

Insurance company pays Ransomware

CNA, a large insurance company, suffered a Ransomware attack and has reportedly paid $40 million to regain their data. In a statement from CNA, they shared that they "did not believe that the systems of record, claims systems, or underwriting systems where the majority of policyholder data - including policy terms and coverage limits - is stored, were impacted."

Ransomware is extremely effective because it renders users' systems, servers, any physically attached drives, AND network shares unusable by encrypting all the data it can access. Even when a company has a recent copy of a backup they can use to recover from, hackers often threaten to release private information in an effort to convince the victim to pay anyway. A Ransomware attack can be especially devastating to its victims, however, the more victims that refuse to pay, the less popular this type of attack will be.

What you can do: First and foremost, have a reliable, recent, and offsite backup of your data at all times! A true backup is one you check regularly, as well as practice restoring files from, to verify they are the correct files and are usable. Again, be sure you always use complex passwords and that you do not reuse credentials. With these protocols in place, a Ransomware attack is much less devastating.

Video links spreading malware

A new malware trend has been uncovered where links to malware are embedded into descriptions of videos on YouTube. Videos on YouTube often have links in the description and/or comments so users can click and connect with a product, special, or website. Unfortunately, new channels are being created for the sole purpose of embedding links to malware in these descriptions.

This scam is a multi-part scam that feeds itself. Users become infected with malware by clicking on bad links in a YouTube video description. Once the malware is in place, the victim's Google credentials are stolen by the malware. Next, their credentials are used to create a new YouTube channel associated with the stolen email. Once the channel is created, videos are uploaded and malware links are posted into the description.

When users click on the malware link and get infected, they feed the next cycle of victims. This is one of those situations where each victim potentially leads to more victims (similar to when your email is hacked and the hacker uses the account to SPAM all of your contacts in hopes of gaining access to their contacts as well). These types of attacks can spread very quickly since they are self-feeding.

What to know: Obviously, not every new channel on YouTube has bad links or was created for nefarious reasons. However, it is always a good idea to be careful of the links you click, regardless of what website you are on. If you are on YouTube, be cautious about the channels you visit, and be especially careful of clicking links. It is often much safer to search for something and use a result to go directly there - after checking the link results of course!

NOTE: Checking link results means looking at the domain name in the URL of a search result to verify it matches what you are looking for. For example, if you search for printer drivers for an HP printer, and one of the results says something.hp.com and another says something.xyz.com, you want to click on the hp.com result. It is always important to check to see where the link is taking you before clicking.

The thing about data security is that protecting yourself is a constantly changing and evolving task. The attack methods change, come in different forms, often look very legitimate, and sometimes just catch us on an off day. The best you can do is always use caution when clicking links, opening emails, opening attachments (which is almost worth saying twice), when creating user accounts, and when sharing information about yourself on social media. These are some of the ways you can help protect yourself every day!

As always, the more careful you are the less likely you are to be an attractive target to a hacker!