Welcome to The Dashlane Tech Check for June 16, 2017! I’ll help you catch up on Dashlane-related news and the big news in the tech industry. And just for fun, I’ll include a useful life hack that will keep you safe and secure all year long.
What in the (security) world?
Here’s what made headlines this week in the world of digital identity, security, and privacy:
A new report suggests US citizens are less savvy about cybersecurity than citizens in the UK
The 2017 User Risk Report from Wombat Security Technologies suggests people in the US are less knowledgeable of cybersecurity terminology and are more likely to fall victim to hacking and identity theft than people in the UK. According to Beta News, the survey also found that while the UK is more “cyber security savvy”, the US is better when it comes to passwords and backing up data. For instance, 92 percent of American respondents say they backup their important files (compared to 83 percent in the UK) and 38 percent prefer using password managers (compared to 10 percent in the UK).
The survey also shows that 50 percent of American respondents said they were victims of identity theft, compared to 19 percent of UK respondents. Moreover, 46 percent of American respondents also admitted to falling victim to phishing attacks, compared to 17 percent in the UK.
The University College London is reeling from a major ransomware attack
The University College London (UCL) was hit by a major ransomware attack Wednesday evening. According to Infosecurity Magazine, the malware was able to bypass the school’s existing security controls. In its first update on the attack, UCL’s Information Services Division said, “Currently it appears the initial attack was through a phishing email although this needs to be confirmed. It appears the phishing email was opened by some users around lunchtime today. The malware payload then encrypted files on local drives and network shared drives.” The school added that they’re mitigating the damage by restoring snapshot backups of all shared drives.
The NSA believes North Korea was behind the WannaCry ransomware attacks
According to The Washington Post, intelligence officials at the US National Security Agency believe the North Korean government created the WannaCry ransomware worm used to target more than 300,000 people in over 150 countries a few weeks ago. The assessment is based on an internal report that found with “moderate confidence” that “cyber actors” sponsored by North Korea’s spy agency, the Reconnaissance General Bureau (RGB), were behind the attack.
25-year-old hacker pleads guilty of hacking into the US Department of Defense’s satellite communication system
Motherboard is reporting that a 25-year-old British hacker has pleaded guilty to hacking into a US Department of Defense (DoD) satellite communication system and stealing hundreds of user accounts. According to a press release from the National Crime Agency (NCA), the man stole “ranks, usernames, and email addresses of more than 800 users of a satellite communications system, as well as of about 30,000 satellite phones”. The intrusion caused $628,000 in damages according to the DoD.
Social media companies could face fines for failing to remove extremist content
France and the UK have warned social media companies and other tech firms about possible fines if they fail to remove extremist content. Ahead of a scheduled meeting between the two countries this week, a statement from the UK Prime Minister’s Office read: “Crucially, plans include exploring the possibility of creating a new legal liability for tech companies if they fail to remove content. This could, for example, include penalties such as fines for companies that fail to take action. The two countries will lead joint work with the tech companies on this vital agenda, including working with them to develop tools to identify and remove harmful material automatically.”
Researchers found a way to catch identity thieves using mouse movements and artificial intelligence
Following the 2015 data breach at the US Internal Revenue Service (IRS), where hackers gained access to thousands of tax returns by successfully answering security questions, Italian researchers looked for a way to detect if a person answering security questions were who they claimed to be. In their recent study, researchers quizzed 40 respondents–half were to answer security questions truthfully and the other half were to use details from fake identities to answer the quiz. According to Quartz, the researchers then analyzed the mouse movements of each respondent and noted how the mouse movements differed from the truth-tellers and the fake identities. Then, the researchers used the mouse movement data to create a machine-learning algorithm that detected fake responses with 95 percent accuracy.
Samsung forgot to renew a domain, leaving millions of users vulnerable
According to security researchers, millions of users were left vulnerable when Samsung let a domain used to control a stock app installed on older devices expire. According to The Verge, older Samsung devices have a discontinued stock app called S Suggest, which is used to recommend popular apps to download. However, Samsung let one of the domains used to control the app–ssuggest.com–expire, leaving the door open for any willing to register that domain to push backdoored or malicious apps onto millions of smartphones. The domain is currently owned by João Gouveia, the chief technology officer at Anubis Labs.
Researchers discover powerful malware designed to target industrial control systems
A new analysis of malware used to knock out power for 230,000 Ukrainians for up to six hours found that the program could be more sophisticated and more dangerous than previously believed. Researchers from Dragos, a critical infrastructure security company, examined the malicious code and describe the malicious program as “a modular toolkit composed of multiple components that have the ability to launch automated assaults against industrial control systems managing the electric grid”, according to Motherboard. The researchers also noted that unlike malware, which commonly exploits software vulnerabilities, this toolkit exploits four communication protocols or standards that are used with industrial control systems in Europe, the Middle East, and Asia. The malicious toolkit is being called “Industroyer” by the antivirus firm ESET and “CrashOverride” by Lee and his firm.
Dashlane News You Shouldn’t Snooze
Spring Cleaning Your Finances: Dashlane Recommended on The TODAY Show
The TODAY show’s Financial Editor, Jean Chatzky, was on air Monday morning discussing spring cleaning one’s finances with host Savannah Guthrie. Beginning at about 3:22 in the segment, Chatzky talks about identity protection and password managers, asserting that “everyone should be using a password manager these days” and recommends Dashlane!
This Week’s Lifehack to Improve Your Security
We use apps, calendars, emails, written notes, and other productivity tools to help plan your vacation, but why not use a password manager? Dashlane’s Digital Wallet will help you book a flight or hotel faster, safely share a copy of your itinerary, and will also store backups of your IDs and travel documents. In our latest blog post, we’ll show you how you can use Dashlane to book your next getaway or business trip.
Have any thoughts on any of the news I shared? Leave me a comment below and make sure to visit our blog next week for another edition of The Dashlane Tech Check.