Ransomware attacks are up and a huge number of phishing packages found in open-source repositories.
Welcome to Cyber Security Today. It’s Monday, December 26th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Today is the Boxing Day holiday in Canada, when we get a day off to shop for holiday bargains. If you’re from up here, thanks for taking the time to tune in. However, it’s a regular workday for listeners in other countries so the show must go on.
As the year came to a close the number of reported successful ransomware attacks around the world jumped. According to the NCC Group, there were 265 incidents in November, a 41 per cent leap over the previous month. That made November the most active month for ransomware since April. The three leading strains were Royal, Cuba and Lockbit. Also up in November were distributed denial of service attacks.
Last week I reported on malicious packages that were recently found in the open-source Python language PyPI registry. It was the latest in a number of stories I did this year on malware being planted in projects on open-source registries. Researchers at Checkmarx and Illustria suggest the problem is bigger than most application developers think. They found over 144,000 packages of code with links to phishing campaigns had been planted in the NuGet, NPM and PyPI repositories this year — apparently by one person. The overwhelming number of these packages were in NuGet and uploaded in January. Judging by the names of the packages, the idea is to get developers to click on links hoping for a free Steam code generator or a hack for an online game. The links go to websites with referral IDs that benefit the threat actor with referral rewards. The problem, say the researchers, is the threat actor found a hole in the open-source ecosystem. Essentially, the platforms can be spammed. While these offensive packages have been de-indexed in NuGet they are still on the platform. Other platforms have removed the packages. This again highlights the need to be cautious when downloading packages from repositories and to only use trusted sources.
Finally, the U.S. National Institute of Standards and Technology has officially retired the SHA-1 cryptographic algorithm. Since being created in 1993 it’s been used in a wide range of security applications and protocols such as TLS, SSL and IPsec. However, it was superceeded years ago by SHA-2 and SHA-3 because it can be cracked. By now, the SANS Institute says, infosec leaders should have updated their digital certificates and applications to not allow the use of SHA-1. If they haven’t, they should get started now. NIST recommends organizations not have it running by the end of 2030.
That’s it for now. But on Wednesday instead of the regular morning podcast there will be a special Year in Review show, with both Terry Cutler of Cyology Labs and David Shipley of Beauceron Security looking back at some of the big news events of 2022 and making predictions for 2023.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.