65 Million Tumblr Passwords Leaked Online

This week, we hear about 65 million Tumblr passwords that were leaked online and a new self-propagating ransomware found in the wild.

Breach

65 Million Tumblr Passwords Leaked Online

In early May, Tumblr announced that an unknown third-party obtained access to email addresses and passwords for an undisclosed amount of their users back in 2013, before they were acquired by Yahoo. According to Troy Hunt, owner of the “Have I Been Pwned” website, over 65 million credentials were leaked online from this 2013 breach, and are now for sale online. A hacker going by the name of “peace_of_mind” is selling the Tumblr data for 0.4255 Bitcoin ($225) on a Darknet marketplace.

Tumblr’s blog reads, "As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts.” Also, Tumblr hashed and salted (adding random digits to the end of hashed passwords) all of the passwords, making them much harder for hackers to crack.

References: Hacker Selling 65 Million Passwords From Tumblr Data Breach | More than 65m Tumblr emails for sale on the darknet | Hackers Stole 65 Million Passwords From Tumblr, New Analysis Reveals

Mitigation Strategies:

Malware

New Self-Propagating Ransomware Found in the Wild

Microsoft issued an alert on May 26 warning of a new ransomware, dubbed ZCryptor, which is able to not only encrypt your files, but also reproduce itself and spread to other systems through removable devices. This ransomware is one of the few that is capable of spreading on its own by dropping a copy of itself in removable drives, as well as network drives. Trend Micro gave ZCryptor an overall risk rating of critical, with a high damage potential.

Once embedded on the user’s computer and the files are encrypted a ransom note appears demanding 1.2 Bitcoins (approx. $500). It gives the victim four days to comply before boosting the payment to 5 Bitcoins. There is no decryption key for ZCryptor just yet, but fortunately we can largely defend against it as we would other ransomware variants, such as avoiding clicking on suspicious links and email attachments, disabling macros by default, and maintaining secure backups. 

References: Ke3chang Is Back and It's Targeting Indian Embassies Around the Globe | China-Linked Ke3chang Resurfaces, Now Targeting Indian Embassies

Mitigation Strategies:

  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Mail filtration would scan incoming files and hyperlinks of any malicious links or codes.
  • FIM solution would detect any type of file modification or addition.
  • Anti-virus would detect file infection on the local host

Top 20 IP Addresses

46.109.168.179 62.217.130.19
81.183.56.217 188.118.2.26
118.69.63.0 104.223.6.148
118.170.130.207 190.72.232.186
181.225.67.42 198.55.114.245
176.104.54.159 106.120.42.47
155.94.224.179 118.165.73.144
114.44.192.128 198.20.70.114
219.233.217.94 183.60.48.25
93.190.143.36 198.55.103.159

*IP addresses provided by Recorded Future.