The Shared Security Weekly Blaze – MyLobot Malware, Updates on Third-Party Location Data Sharing, Fortnite Scam Websites

by Tom Eston on June 25, 2018

This is the Shared Security Weekly Blaze for June 25, 2018 sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions, Silent Pocket and CISOBox. This episode was hosted by Tom Eston. Listen to this episode and previous ones direct via your web browser by clicking here!

Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated!

Show Transcript
This is your Shared Security Weekly Blaze for June 25th 2018 with your host, Tom Eston. In this week’s episode: MyLobot malware, updates on third-party location data sharing, Fortnite scam websites.

The Shared Security Podcast is sponsored by Silent Pocket with their patented Faraday cage product line of phone cases, wallets and bags you can block all wireless signals which will make your devices instantly untrackable, unhackable and undetectable. Visit silent-pocket.com for more details.

Hi everyone, I’m Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.

Sponsorships Available

A new serious form of malware called MyLobot (apparently named after the researchers pet dog) was discovered by security firm ‘Deep Instinct’. This new form of malware is quite dangerous as it will make infected systems part of a large botnet and has the ability to install trojans, keyloggers, conduct DDoS attacks as well as ensure that it cannot be detected and even run executable files from within system memory. Having executable files run from within memory is a newer technique only discovered by malware researchers in 2016 and makes detecting this type of malware much more difficult. Researchers have indicated that this particular form of malware is quite advanced not the typical work of an amateur. In addition to all of this, there is an interesting delay feature which will not allow the malware to communicate to its command and control services for approximately two weeks. This delay was put in to avoid detection from modern endpoint detection and other techniques which usually pick up malware infections like these. To top it all off, the malware will attempt to detect and disable other types of malware already installed, effectively, eliminating other malware competition. Deep Instinct researchers indicate that this type of advanced malware is being sold on the ‘darkweb’ for purchase and that “Other than the malware itself, malware developers can purchase services that assist in the infection process. An attacker can purchase access to exploit kits, buy traffic of tens of thousands of users to a web page, or even buy a full ransomware-as-a-service for his own use”.

As we’ve mentioned on the podcast before, one of the primary ways that malware can get installed on your computer is through phishing and social engineering. There are, of course, other ways such as drive by downloads from malicious ads and compromised web sites hosting malicious code. Besides being more aware of phishing and social engineering, you can help defend your computer by keeping your system patched and up-to-date as well as using ad blocking web browser plugins like uBlock Origin and web tracker prevention plugins like EFF’s Privacy Badger. Check out our show notes for details on where to download and how to install these plugins.

Are you a CISO or Information Security Manager challenged with tracking and managing information security incidents within your organization? If you are, you need to take a look at CISOBox which is a software appliance built for NIST-compliant management of all types of information security incidents. CISOBox secures and protects sensitive incident data using technology accredited by US Federal Intelligence Agencies and gives your organization an efficient and streamlined process for incident handling. No matter if your business is large or small, we highly recommend the CISOBox solution as it’s extremely easy to use, scalable, and a secure way to implement incident handling within your organization. For more information on the CISOBox solution and to schedule a demo visit cisobox.com/sharedsecurity. That’s cisobox.com/sharedsecurity.

This week I wanted to provide an update on the previous news we mentioned on the podcast a few weeks ago regarding how the major wireless carriers were selling your real-time location data to various third party companies. Just this past week Verizon, AT&T and Sprint announced that they will no longer share customer location data with third-party data aggregators like one particular company we discussed on the podcast called ‘LocationSmart’. This change was most likely due to the investigation conducted by Senator Ron Wyden who sent a letter to Verizon questioning the reason behind allowing real-time location data to be sent to shady third-party companies.

In addition, on Friday it was announced by the EFF that in a new ruling, by the United States Supreme Court, said that cell phone location data is protected by the Fourth Amendment. The Court also rejected the government’s argument that sensitive data held by third-parties is automatically devoid of constitutional protection. Ironically on Friday, I received a privacy notice update from my wireless carrier, AT&T, noting that because of the merger with WarnerMedia (previously known as Time Warner), that data sharing was now taking place between both companies. In reading this revised privacy policy, I noted that you can now “opt-out” of location sharing either from each individual third-party or through the AT&T privacy settings on your account. I’m not sure if this is a new feature due to recent controversy about third-party location data sharing, GRPR or perhaps it’s always been there. However, we highly recommend researching this setting for your own through your mobile carrier website and opting out if don’t want to have your location data shared with third-parties.

Do you or your kids play Fortnite? If so, you should be aware of scam websites that are capitalizing on the huge popularity of the game targeting young players to steal money and login credentials. The creators of Fortnite, Epic Games, are warning that many scam websites are offering free or heavily discounted virtual currency called V-Bucks. V-Bucks is the virtual currency that’s used within the Fortnite game. In April alone it’s estimated that players have spent $296 million on this virtual currency. In response to this recent rise in scams, Epic games sent an email to players stating quote “Beware of scam sites offering things like free or discounted V-Bucks. The only official websites for Fortnite are epicgames.com and fortnite.com” end quote.

Epic games also noted that players should double check to ensure they are using the real epic games website when purchasing V-Bucks and that they also enable two-factor authentication on their Fortnite accounts. As mentioned before on the podcast, it’s highly recommended to enable two-factor authentication wherever possible. Unfortunately, many companies have two-factor authentication as an optional feature that you have to specifically enable. Be sure to take the time to find out if the games and services you use have two-factor authentication and enable this service to add an additional layer of security to your accounts.

That’s a wrap for this week’s show. Please be sure to follow the Shared Security Podcast on all the regular social media channels like Facebook, Twitter and Instagram for frequent posts, commentary and updates. If you have feedback or topic ideas for the show you can email us at feedback[aT]sharedsecurity.net. First time listener to the podcast? Please subscribe on iTunes, Google Play, Stitcher, TuneIn, Spotify or iHeartRadio. Thanks for listening and see you next week for another episode of the Shared Security Weekly Blaze.