iiNet investigating alleged Westnet breach

ISP iiNet has urged more than 30,000 of its customers to change their passwords, following rumours that a legacy database of customers of subsidiary Westnet has been put up for sale online.

The Cyber War News Twitter account published a screencap on Sunday showing a sales listing allegedly posted by an unknown hacker seeking to sell a Westnet customer database.

In the listing the hacker, using the username Mufasa, claims that the stolen database includes valuable data including plain-text passwords.

iiNet CIO Matthew Toohey has confirmed in a statement that iiNet is investigating a possible Westnet breach.

He said the incident appears to involve a legacy customer database, which includes customer usernames, addresses, phone numbers and in some cases password information - but no payment details.

Toohey said iiNet has not yet been able to confirm whether the database has in fact been breached. But as a precaution, the company has contacted over 30,000 customers advising them of the potential breach and advising them to change their passwords. In addition, iiNet has now taken the legacy server offline.

In March, TPG offered to acquire the 93.75% of iiNet it does not yet own for $1.4 billion, or $8.705 per share, as part of a plan to merge with the company to create Australia’s second-largest fixed line operator. M2 submitted a counter-offer worth around $9.42 per share, prompting TPG to improve its offer to $9.55 per share by incorporating a $0.75 dividend.

The iiNet board has recommended TPG’s offer, and competition regulator ACCC is expected to rule this week on whether to allow the takeover.

Ransomware threat looms larger in Q1

Australian internet users meanwhile need to be on the lookout for the ransomware threat, after a report demonstrated that new ransomware detected in the wild surged 165% during the first quarter of 2015.

A report from McAfee Labs shows that this growth is being driven by the proliferation of the hard-to-detect CTB-Locker ransomware family.

The CTB-Locker family employs clever techniques for avoiding detection by security software. McAfee Labs also attributes its success to a higher quality of phishing emails as well as an “affiliate” program offering accomplices a percentage of ransom payments for sending out CTB-Locker phishing messages.

A new ransomware family called Teslacrypt and new versions of the Cryptowall, TorrentLocker and BandarChor ransomware also contributed to the growth.

In an unusual step, the author of the Locker ransomware reportedly recently apologised for unleashing the malware on the world, and offered up decryption keys for victims to use.

McAfee’s report also indicates a steep rise in the number of malware programs targeting Adobe Flash. The company detected a 317% increase in Flash malware samples during the quarter, attributing the rise in part to the enduring popularity of Flash and the development of new methods to exploit vulnerabilities in the code.

Exploit kit authors are also shifting focus from Java and Microsoft Silverlight to Flash vulnerabilities. But the report notes that 42 new Flash vulnerabilities were submitted to the US-based National Vulnerability Database during the quarter, and Adobe made fixes available to all 42 of them on the same day they were submitted.

“With the popularity of a product like Flash, there comes a tremendous responsibility to proactively identify and mitigate security issues potentially threatening millions of users,” McAfee Labs Senior VP Vincent Weafer said.

“This research nicely illustrates how the tech industry works together constructively to gain an advantage in the realm of cybersecurity - industry partners sharing threat intelligence and technology providers acting on information quickly to help prevent potential issues.”

Image courtesy of Stilgherrian under CC