SEPE is a Spanish government agency for labor that provides employment opportunities to the public. The ransomware attack disrupted hundreds of thousands of users who had their appointment scheduled with the agency. The ransomware is said to have spread beyond SEPE’s workstations and also targeted the agency’s remote working employees’ devices.

“Currently, work is being done to restore priority services as soon as possible, among which is the portal of the State Public Employment Service, and then gradually other services to citizens, companies, benefit and employment offices. The application deadlines for benefits are extended by as many days as the applications are out of service. In no case will this situation affect the rights of applicants for benefits. Confidential data is safe. The payroll generation system is not affected and the payment of unemployment benefits and ERTE will be paid normally,” Guitérrez said.

Ryuk Ransomware Gang Made Over $150 Mn

Ryuk is a ransomware-as-a-service (RaaS) active since August 2018. The group attacked more than 20 health care organizations last year. A series of Ryuk ransomware attacks targeted multiple hospitals in the U.S. Cybercriminals compromised critical network systems across six hospitals in a single day. A recent analysis found that the Ryuk ransomware operators earned more than $150 million worth of Bitcoins from ransom payments after their cyber intrusions globally.

The post Ryuk Ransomware Takes Down Systems of Spanish Government Agency, SEPE appeared first on CISO MAG | Cyber Security Magazine.

“As is common with banking malware, Cerberus disguised itself as a genuine app in order to access the banking details of unsuspecting users. What is not so common is that a banking Trojan managed to sneak onto the Google Play Store. To avoid initial detection, the app hid its malicious intentions for the first few weeks while being available on Google Play. During this time, the app acted normally as a legitimate converter, and it does not steal any data or cause any harm. This was possibly to stealthily acquire users before starting any malicious activities, which could have grabbed the attention of malware researchers or Google’s Play Protect team,” the researchers said in a statement.

The Cerberus Trojan app operates stealthily to gain the trust of users and steals their banking data later. The app executes itself in three different stages:

• In the first stage, the Calculadora de Moneda app appears normal and does not steal any data from users who have downloaded it.
• In the second stage, the normal looking app turns into a malicious dropper, which is intended to download another malicious app onto a device, without the user’s knowledge.
• In the final stage, the app activates the malicious Trojan to access the existing genuine banking app on the victim’s device and wait for the user to log in. The Trojan creates a layover on the login screen to capture the credentials.

Avast stated that the malicious app has been taken down after it reported the findings to Google.

Protection Against Banking Trojans

Avast recommended users certain mitigation measures to protect themselves from mobile banking Trojans, these include:

• Confirm that the app you are using is a verified banking app. If the interface looks unfamiliar or odd, double-check with the bank’s customer service team.
• Use two-factor authentication if your bank offers it as an option.
• Only rely on trusted app stores, such as Google Play or Apple’s App Store. Even though the malware slipped into Google Play, its payload was downloaded from an external source. If you deactivate the option to download apps from other sources, you will be safe from this type of banking Trojan activating on your phone.
• Before downloading a new app, check its user ratings. If other users are complaining about a bad user experience, it might be an app to avoid.
• Pay attention to the permissions an app requests. If you feel that the app is requesting more than it promises to deliver, treat this as a red flag.
• Often, malware will ask to become a device administrator to get control over your device. Don’t give this permission to an app unless you know this really is necessary for an app to work.

Not the First Time

In 2019, Kaspersky discovered the Ginp Banking Trojan, which lures Android users to steal their credit card credentials.

For more information, read, “Ginp Banking Trojan Lures Android Users Amidst COVID-19 Outbreak”

The post Cerberus – A Banking Trojan Disguised as Currency Converter appeared first on CISO MAG | Cyber Security Magazine.

The analysis stated that the surge in data breach notifications in both France and Spain is because the companies were aware of their data security obligations. The reasons for  the decline in data breach notifications in the U.K. include:

• Organizations over-reporting data breaches after the initial implementation of the GDPR
• The U.K.’s Information Commissioner’s Office (ICO) issued a warning on the over-reporting of data breaches
• The U.K. is having high breach notifications compared to other countries in the first year of the GDPR

Most of the data breach notifications stemmed from breach of confidential data or access by unauthorized third parties. The survey also highlighted that attackers mostly targeted on clients and employees to steal data with various hacking activities like malware attacks, phishing e-mails, and compromising victims’ unsecured devices.

In addition, the analysis also highlighted the number of fines ordered under the GDPR in the last year. It said that only one fine was reported in the U.K., while 112 fines were ordered by the Spanish DPA, 10 by the Italian DPA, 9 by the Belgian DPA, 6 by the CNIL in France, 13 in Germany, and 5 in Poland. The findings are based on the data analysis across seven European countries, namely Belgium, France, Germany, Italy, Poland, Spain, and the U.K.

Tanguy Van Overstraeten, Partner and Global Head of Linklaters’ Privacy and Data Protection Practice, said, “The harmonization of data protection rules across the EU has been largely successful under the GDPR; however, there are still significant differences among Member States – impacting uniformity of enforcement across the EU. Only harmonizing the approach towards the determination of sanctions will not be sufficient, the interpretation of the rules should also be common to all the Member States. Businesses need certainty and a more unified approach across the EU.”

Overstraeten added “There is also a danger of GDPR fatigue amongst businesses and the Covid-19 crisis is impacting budgets which could limit resources to ensure compliance going forward. The further simplification and harmonization of data protection rules across the EU will be key to ensure companies can sustain this effort.”

The post GDPR Data Breach Notifications Rise by 66% Across Europe appeared first on CISO MAG | Cyber Security Magazine.