New ransom tactics are 'unstoppable'—as North Carolina county discovers

Tim Johnson, McClatchy Washington Bureau on

Published in Business News

WASHINGTON -- Hackers are growing much more adept at getting people to open email infected with worms, as the network operators of Mecklenburg County government in North Carolina are the latest to discover.

Practically any infected email can look like it's from a trusted friend or co-worker.

New techniques that a researcher unveiled this week show how hackers can strip away any sign that an email is fake, and make it "virtually unstoppable" by normal safeguards such as spam filters on email servers.

Campaigns by criminal hackers are "becoming more and more sophisticated," said Ken Spinner, vice president of global field engineering at Varonis, a New York City security firm.

"It's really hard to determine, if you receive an email message, whether it is legitimate or not," Spinner said. "What's happening is that the hackers are well funded, and in a lot of cases, budgets (of governments) don't keep up with the requirements of security and they don't keep up with the sophistication of exploits."

A German security researcher, Sabri Haddouche, discovered the latest tactics used by cybercriminals, announcing them on a website Tuesday that shows a collection of vicious bugs used to bypass the hurdles set up on more than 30 widely used email clients, like Apple Mail, Mozilla Thunderbird, Yahoo! Mail and Microsoft Outlook 2016.


Haddouche dubbed the malware technique Mailsploit, and said he'd notified major software vendors at least three months ago to protect against it. About 20 vendors dealt with the problem, but 15 either did not say if they would fix the bug or said they would not, he said.

"Mailsploit is a new way to easily spoof email addresses. It allows the attacker to display an arbitrary sender email address to the email recipient," wrote Haddouche, who works for a European cybersecurity firm, Wire, with offices in Berlin; Zug, Switzerland; and San Francisco.

In his demonstration, Haddouche showed how he could make an email look like it was from President Donald Trump and originated from the email account (Potus stands for President of the United States).

By sending what are known as spoofing or spearphishing emails, hackers can either include a malicious link in the mail or attach an infected document, both of which can give intruders access into a network.


swipe to next page


blog comments powered by Disqus