Categories: News
Categories: Personal
Categories: Ransomware
Tags: ransomware

Tags:  vice

Tags:  education

Tags:  files

Tags:  dark web

Tags:  ssn

Tags:  stolen identity

Data stolen during attacks on schools can contain highly sensitive information.



(Read more...)




The post How kids pay the price for ransomware attacks on education appeared first on Malwarebytes Labs.

Modern ransomware attacks are as much about stealing data and threatening to leak it as they are about encrypting data. Which means that when a school or hospital is attacked, it's often students' and patients' data that's leaked if the ransom demand isn't met.

We have to wonder how greedy any person would need to be to show such a blatant disregard for how painful sharing that kind of information can be.

In our recent report on the state of ransomware in education we saw an 84% increase in known attacks on the education sector.

Known ransomware attacks against education, June 2022-May 2023

And, while ransomware attacks against education are a global phenomenon, the USA and the UK saw far higher rates of attacks than other countries.

Although the attacks were carried out by a large number of different ransomware gangs, one in particular stood out: Vice Society. The Vice Society ransomware gang specializes in attacking education, with almost half of its known activity (43%) directed against the sector—almost ten times the average for ransomware groups.

Vice Society has also been known to take their demands directly to college students (we talked about this tactic in the case of the University of Manchester.)

The documents stolen from schools and dumped online by ransomware gangs can contain very private information that goes beyond what we normally see in leaked files. But apparently it’s getting harder to convince victims to pay the ransom, so the cybercriminals are trying new tactics.

What they seem to forget, or not care about, is that they are not just extorting money from institutions, but ruining young lives in the process.

An Associated Press article talked to the families of six students who had their sexual assault case files exposed by a ransomware gang. The leaking of private records like that on both the Dark Web and the open Internet could have a lasting impact on those young people long after their school has recovered from the attack.

The ransomware groups are to blame, of course, but the education sector can improve a few things to lessen the impact of a ransomware attack.

It's prudent to assume that at some point your organisation will fall victim to a ransomware attack. That being the case, it might be better to resort to paper records for highly sensitive information, or to store it securely encrypted on a non-networked system.

It also seems to be a problem to inform the students and their family about what has happened and what might have been stolen. The families contacted by AP said they first learned about the leaked information from the journalist instead of from the school.

Another matter to consider is the fact that identity thieves sometimes target children because the crime can go undetected for years, often until the child applies for their first loan or credit card. Even more reason for schools to inform the families of students about stolen data.

As a Vice Society representative wrote in an email to students of a victimized school:

> “Additionally all of your SSN and Medical records will be put for sale, for every hacker to gain access and use your data in whatever illegal activity they want. To us, this is a normal business day. For you, it’s a sad day where everyone will see your personal and private info.”

Which goes to show that appealing to their decency is likely to fall on deaf ears, so the best defense is protection.

**How to avoid ransomware**

*   **Block common forms of entry.** Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
*   **Prevent intrusions.** Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
*   **Detect intrusions.** Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
*   **Stop malicious encryption.** Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
*   **Create offsite, offline backups.** Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
*   **Don’t get attacked twice.** Once you've isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

How kids pay the price for ransomware attacks on education

Researchers have issued a warning about an emerging and advanced form of voice phishing (vishing) known as "Letscall." This technique is currently targeting individuals in South Korea.
The criminals behind "Letscall" employ a multi-step attack to deceive victims into downloading malicious apps from a counterfeit Google Play Store website.
Once the malicious software is installed, it redirects

Mobile Security / Malware

Researchers have issued a warning about an emerging and advanced form of voice phishing (vishing) known as "**Letscall**." This technique is currently targeting individuals in South Korea.

The criminals behind "Letscall" employ a multi-step attack to deceive victims into downloading malicious apps from a counterfeit Google Play Store website.

Once the malicious software is installed, it redirects incoming calls to a call center under the control of the criminals. Trained operators posing as bank employees then extract sensitive information from unsuspecting victims.

To facilitate the routing of voice traffic, "Letscall" utilizes cutting-edge technologies such as voice over IP (VOIP) and WebRTC. It also makes use of Session Traversal Utilities for NAT (STUN) and Traversal Using Relays around NAT (TURN) protocols, including Google STUN servers, to ensure high-quality phone or video calls and bypass NAT and firewall restrictions.

The "Letscall" group consists of Android developers, designers, frontend and backend developers, as well as call operators specializing in voice social engineering attacks.

The malware operates in three stages: first, a downloader app prepares the victim's device, paving the way for the installation of powerful spyware. This spyware then triggers the final stage, which allows the rerouting of incoming calls to the attackers' call center.

"The third stage has its own set of commands, which also includes Web socket commands. Some of these commands relate to the manipulation of the address book, such as creating and removing contacts. Other commands relate to creating, modifying, and removing the filters that determine which calls should be intercepted and which should be ignored," Dutch mobile security firm ThreatFabric said in its report.

What sets "Letscall" apart is its utilization of advanced evasion techniques. The malware incorporates Tencent Legu and Bangcle (SecShell) obfuscation during the initial download. In later stages, it employs complex naming structures in ZIP file directories and intentionally corrupts the manifest to confuse and bypass security systems.

Criminals have developed systems that automatically call victims and play pre-recorded messages to further deceive them. By combining mobile phone infections with vishing techniques, these fraudsters can request micro-loans in the victims' names while assuring them of suspicious activities and redirecting calls to their centers.

UPCOMING WEBINAR

🔐 Privileged Access Management: Learn How to Conquer Key Challenges

Discover different approaches to conquer Privileged Account Management (PAM) challenges and level up your privileged access security strategy.

Reserve Your Spot

The consequences of such attacks can be significant, leaving victims burdened with substantial loans to repay. Financial institutions often underestimate the severity of these invasions and fail to investigate potential fraud.

Although this threat is currently limited to South Korea, researchers caution that there are no technical barriers preventing these attackers from expanding to other regions, including the European Union.

This new form of vishing attack underscores the constant evolution of criminal tactics and their ability to exploit technology for malicious purposes. The group responsible for the "Letscall" malware demonstrates intricate knowledge of Android security and voice routing technologies.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing

SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components.

*   Logiciel de caisse
*   Site web e-commerce
*   Pilotage de l’activité
*   Outils marketing
*   Outils de communication
*   DÉMO

Avec le **logiciel de caisse PrestaShop**, votre caisse enregistreuse dépasse les frontières physiques de votre magasin et devient le centre névralgique de votre activité. Avec le module KerAwen, vous possédez tous les outils et informations vous permettant de proposer une offre personnalisée à chacun de vos clients, mais aussi de bien gérer vos stocks. En plus, la **caisse enregistreuse** compatible Prestashop peut vous suivre partout pour renseigner votre clientèle en magasin ou réaliser un encaissement « sofa ».

Le logiciel de caisse PrestaShop Kerawen est **conforme et certifié** avec la nouvelle norme 2018.

Notre caisse Pos KerAwen est 100 % compatible avec un **site e-commerce** PrestaShop, mais elle l’est aussi avec d’autres CMS comme Shopify et WooCommerce.

_Logiciel de caisse prestashop intuitif, nomade et puissant.  
Offrez une nouvelle expérience à vos clients, réinventez le métier de vendeur._

**Module de caisse PrestaShop : un outil d’aide à la vente inédit**

*   *   *   **Comptes client** : création en quelques clics, reconnaissance des clients et visualisation immédiate de leur historique d’achats magasin, web et mobile. D’un simple clic, le vendeur peut consulter les articles vus sur son site e-commerce, la wishlist, le CA des 12 derniers mois, le panier moyen, les paniers abandonnés…

*   *   *   **Catalogue produits** : création, édition, modification et visualisation des fiches produit (prix, stocks, descriptifs, recommandations…)

*   *   *   **Marketing** : édition de _coupons promotionnels_, mise en place de programmes personnalisés de _fidélité_ et de _parrainage_

**Notre caisse PrestaShop est aussi un gestionnaire de commandes**

*   *    Notifications automatiques des commandes web sur la caisse

*   *   Gestion des commandes clients en temps réel (changement d’état et retrait en magasin)

*   *   Bientôt, la prise de commande avec choix entre retrait en magasin et livraison à domicile depuis la caisse

**Un logiciel de caisse PrestaShop lié à une technologie simple et économique**

*   *   *   **Conservez votre matériel informatique** : compatible avec les systèmes d’exploitation Windows, Mac, Linux… et avec tous les devices (ordinateurs, tablettes et téléphones mobiles), notre logiciel de caisse PrestaShop nécessite uniquement un navigateur (Firefox, Chrome, Safari, Opera). La solution KerAwen est aussi compatible avec les douchettes USB et les imprimantes supportant le protocole ESC/POS, soit la plupart des imprimantes du marché.

**Une caisse enregistreuse Prestashop avec les meilleures fonctionnalités**

Multi paiement : espèces, ticket-restaurant, carte-cadeau, carte, paiement différé…

Gestion des devis omni-canal : un devis créé en caisse peut être transformé en commande en ligne par votre client

Fidélité : compte commun au web et au magasin, transformation d’achat

Carte-cadeau omni-canal : une carte-cadeau vendue en magasin peut être utilisée sur le site ou vice versa

Ticket de caisse & facture : impression, envoi par e-mail et disponible en ligne

Remise catalogue ou vendeur (article ou panier)

Avoir : génération avec code-barres, utilisable en caisse ou en ligne, anonyme ou nominatif

Coupons : code-barres, automatique ou discrétionnaire vendeur

Clôture de caisse, dépôt et remise d’espèces

Journaux : CA, encaissement et TVA des points de fidélité en bons

Mise en attente et rappel panier

Afficheur client 2 lignes ou écran incluant photo publicité

Génération et impression des codes-barres

CVE-2023-27845: Logiciel de caisse PrestaShop, caisse enregistreuse POS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.

CVE-2023-37067: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section.

CVE-2023-37065: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.

CVE-2023-37064: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel.

CVE-2023-37066: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section.

CVE-2023-37063: Security issues - Chamilo LMS

A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter.

**G3W-SUITE**

G3W-SUITE is the easiest way to publish QGIS projects on WebGIS services.

G3W-SUITE is a framework built with Django and VueJs,.

**Pinned**

1.  Server module for G3W-SUITE
    
    JavaScript 30 30
    
2.  Run G3W-SUITE stack with docker-compose
    
    HTML 17 25
    
3.  Map viewer addon for G3W-SUITE
    
    JavaScript 14 12
    
4.  Edit and translate G3W-SUITE end-user documentation
    
    Python 1 3
    

**Repositories**

*   Python 0 MPL-2.0 0
    
    0 0
    
    Updated Jul 7, 2023
    
*   Vue 0 MPL-2.0 0
    
    0 0
    
    Updated Jul 7, 2023
    

*   JavaScript
    
    30
    
    MPL-2.0
    
    30 32 6
    
    Updated Jul 6, 2023
    
*   JavaScript 0
    
    3 3 2
    
    Updated Jul 4, 2023
    
*   HTML
    
    17 25 16 5
    
    Updated Jun 22, 2023
    
*   Vue 0
    
    2 1 0
    
    Updated Jun 22, 2023
    
*   0 MPL-2.0 0
    
    3 0
    
    Updated Jun 13, 2023
    
*   JavaScript 0
    
    1 0 0
    
    Updated Jun 8, 2023

CVE-2023-29998: G3W-SUITE

Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload.

Tag

#web