Two new ransomware strains found, TikTok fined millions in the U.K. and more.
Welcome to Cyber Security Today. It’s Wednesday, April 5th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Two new ransomware strains have been discovered. One has been dubbed Rorschach by researchers at Check Point Software. In a detailed report they say it could be the fastest at encryption seen so far. Security teams should note that this strain first goes after the victim organization’s Windows domain controller, where it can create group policies for spreading. So locking down access to the domain controller — if you haven’t done that already — is essential.
The second strain found is briefly described in a tweet from Palo Alto Networks. After encrypting files this strain adds the extension “.cylance” to files. As a result it’s been named Cylance. It goes after Windows and Linux systems. Researchers think it might have been created by a beginner group, since the Cylance ransom note uses email addresses for communication with the criminals instead of a better-protected way of messaging.
Organizations can prepare for ransomware attacks by having an incident response playbook for ransomware — and regularly testing it so staff know what to do. And if you haven’t started already, get moving on implementing an enterprise-wide zero trust architecture.
Attention administrators who use Veritas Backup Exec: A hacker is exploiting three two-year-old vulnerabilities to compromise systems and then install the BlackCat/Alphv ransomware. That’s according to researchers at Mandiant. The thing is, patches for these holes were released two years ago. Those using Veritas Backup Exec Windows for versions before 21.2 are in trouble. You should examine Veritas Backup Exec logs for signs of connecting to unknown IP addresses.
Distributed denial of service attacks continue to rise. That’s according to the fifth annual DDoS Threat Intelligence Report from Netscout. The purpose of a denial of service attack can be harassment or extortion. The thing is, many of these attacks rely on compromised desktop computers, servers, smartphones and internet-connected devices like video camera systems. You can cut down DDoS attacks by making sure your business and home devices are protected with strong passwords and updated software.
Is ChatGPT being used by threat actors to improve their email attacks? Researchers at Darktrace think so. In a report issued this week they note that shortly after the release of ChatGPT last November there was a 135 per cent increase in what they call ‘novel social engineering attacks’ among its customers. These are phishing messages that have different wording than most messages. Many people look for poor email spelling and grammar as signs of a scam. Smart AI systems may already be helping crooks create better phishing lures.
TikTok has been fined the equivalent of US$15 million for violating the United Kingdom’s data protection law, including failing to use children’s data lawfully. An estimated one million children under the age of 13 were wrongly granted access to TikTok, the U.K. Information Commissioner ruled. TikTok also failed to easily explain to users how their data was collected used and shared. The platform also failed to ensure personal data of U.K. users was process lawfully, fairly and in a transparent way.
Attention users of a U.S. income tax program called efile.com. The website was compromised last month to download malware. Those who were victims clicked on a button when they got a message saying the current version of their browser used an unsupported protocol. Clicking on the button was supposed to update a browser. Instead it installed malware that Windows accepted because it was digitally signed. This is another supply chain attack. What makes it serious is that this is income tax season, when many people are looking for a program to help them fill out their taxes. Efile.com users who got this message and clicked on the button should scan their systems for malware.
Finally, for those who believe they’re too small to be hacked, the experience of a Canadian photographer will shake you out of complacency. Amie Roussel of Carousel Studios in Vernon, B.C. had her Facebook account hacked last November. The attacker then locked her out of the business’s website. She lost access to her client’s contacts. According to a news site called Castanet, she re-opened business this week under a new name, Amie Roussel Photography. But the incident cost her $10,000. The lesson is cybersecurity takes time and money. Take the time and money to learn how to secure your online presence. It will start by having secure passwords and using multifactor authentication.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon