Russian gang tried to hack US nuclear research labs, and more malware in PyPI
Welcome to Cyber Security Today. It’s Monday, January 9th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
A Russian-based hacking team targeted three American nuclear research labs last summer. That’s according to the Reuters news agency, which said the group is called Cold River by researchers. The attackers created fake login pages for each of the three labs and then emailed phishing messages hoping scientists would fall for the bait, click on links and enter their passwords. Reuters was unable to determine if anyone was tricked. The Cold River group has escalated its hacking attempts against countries that support Ukraine since the Russian invasion just over a year ago. One of its successes occurred last May when it broke into and leaked emails of the former head of Britain’s MI6 spy agency.
More malicious packages have been discovered in the open PyPI repository of code. It’s used as a resource by Python language application developers. Researchers at Phylum discovered six packages of code with malware late in December. They will install information stealers and remote access Trojans. According to a news report they have now been removed from PyPI. However, they will have to be manually deleted from the systems of anyone who downloaded them. It’s another reminder to developers they must carefully scan anything they take from an open code repository before using it.
People who run Apple computers may think they’re immune from malware. They’re not. There’s lots of bad stuff aimed at Apple phones, tablets and computers, including ransomware. A report last week from Microsoft details four ransomware strains aimed at computers running the macOS operating system. IT administrators with Macs in their environment should look at the report. Separately, Trend Micro warned Mac users that the Dridex malware that steals bank passwords from Windows computers may be going after Macintosh computers. Researchers have seen Dridex code that suggests the malware is being prepared for machines running the macOS. Computers get infected with Dridex when users download infected documents. As always you have to be careful when downloading anything.
Tomorrow, January 10th, is Patch Tuesday, when Microsoft and other companies issue their monthly security updates. But for Windows administrators tomorrow is important for another reason: Microsoft will stop supporting Windows 8.1. That means no more calling Microsoft for help, and no more security updates. Not only that, you won’t be able to buy Microsoft Extended Security Update support for Windows 8.1. And if your organization runs Microsoft 365 you’ll no longer receive updates for the Office apps; this includes feature, security, and other updates. You can upgrade computers to Windows 10, but remember support for it ends in October 2025. Or upgrade to Windows 11 if your computers can handle it. IT departments got this message a while ago, but home and small businesses may still be running Windows 8.1.
By the way, next month the Google Chrome browser will stop supporting any Windows version prior to Windows 10.
Looking further ahead, extended support for Windows Server 2012, including version R2, will end this October.
Patients and employees of a Pennsylvania health clinic started being notified last week that a ransomware gang copied their personal information. Data stolen included names, Social Security numbers, birth dates, and driver’s licence numbers — the type of information perfect for creating fake ID. Here’s the thing: The clinic discovered the attack eight months ago, in April, 2022. The clinic was hacked in August 2021. That means the crooks were hunting around for data undetected for months. It was also months before victims were notified. The clinic explained time was needed to determine what information was stolen.
How fast data breach victims have to be notified depends on local law. American telecommunications carriers, for example, don’t have to tell victims until seven business days have passed after a data breach. They may have to do it much faster. On Friday the Federal Communications Commission proposed eliminating the seven-day rule. Given the increase in frequency, sophistication and scale of data leaks the commission thinks it must update its rules to protect consumers. The rule gives carriers time to assess in detail what happened and what data is at risk. But some argue the delay gives threat actors a seven-day start on exploiting the data they’ve stolen.
Under Canadian privacy law, a telecom carrier has to notify victims as soon as feasible if it considers that a breach poses a real risk of significant harm to individuals.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.