Cyber Week in Review: Cron, Walt Disney Company & Nigerian ICT

Media Division | June 2, 2017

Each week we bring you some of the top stories from around the globe in the world of cyber security news. Some weeks the losses are more related to security and personnel.  Some weeks the water cooler talk in cyber security land is about massive malware or data breaches.

This week the major cyber attacks center around millions of dollars lost—in Russia, Hollywood, and Nigeria. (Since Hollywood is practically its own country, let’s just go ahead and list it as such).

Russian Gang Hack

What do Android phones, pornography, fake apps, and banks have in common?  Cron, that’s what.  It’s the name of a malware that infected more than a million Android phones in Russia and stole nearly $1M over the past year from banking customers.  The gang called themselves Cron as well, and according to the Russian Interior Ministry, a series of successful raids has captured the Crons.

Through fake Android-based apps, including those for pornography, the Cron malware would get on a victim’s phone.  Then, the virus would hijack the phone and text the victim’s bank requesting a wire transfer of a small amount of money, on average just $140.  The malware also had the capability to hide any reply texts from the bank, making the whole conversation unknown to the victim.

Banking cyber security attacks are on the rise.  Even this group had plans to expand to the US, Germany, France, Singapore, and Australia.  Officials started making arrests last November, though, and as of this past week feel they’ve caught the last of the gang Cron.

Walt Disney’s Stolen Sequel

Just like Hollywood’s propensity to make sequels, crime tends to create copycats.  In this case, a repeat of the recent cyber attack against Netflix, where episodes of the show “Orange is the New Black” were stolen, ransomed, and ultimately released to the public early.

This week news broke of a copycat cyber attack, possibly by the same culprits.  An as-yet-unreleased movie (reportedly “Pirates of the Caribbean: Dead Men Tell No Tales,” the fifth installment in the highly lucrative franchise) was stolen.  According to Disney CEO Bob Iger, the hackers are demanding a ransom or they will release the first 5 minutes of the movie to the public, and then 20-minute installments after that.

Should companies stockpile bitcoin to pay ransom in the case of such attacks, as some companies reportedly are doing?

  • Pros: Pay the ransom, you could get your data back. A movie like Pirates 5 will likely make the bulk of its money in the first couple of weekends and in international release.  An early release could cost Disney hundreds of millions of dollars.
  • Cons: Pay the ransom and you could get more copycats. Plus, even if you do pay, there’s no guarantee they won’t still release your data publicly.

These cyber criminals are the real pirates.

Nigeria Loses Millions

Across the ocean in Nigeria, some shocking news: the Nigerian Senate announced it has lost about $450 million in cyber attacks on its Information and Communication Technology space.

Nigeria, like other governments across the globe, is struggling to develop a unified defense strategy against cyber attacks. The Senate asked for a stakeholders’ conference, and a need to draft a similarly collaborative plan like The Framework referenced in the recent Cyber Security Executive Order in the US.

Though the losses account for the combined impact of as many as 3,500 cyber attacks in Nigeria, they shed light on the need for unified responses around the world.

Stay Tuned

Each week we learn from the global cyber security news, and you can too.  Enjoy the headlines, but stay out of them.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.