Reports on successful ransomware attacks, on stolen credentials for accessing business applications, and more.

Welcome to Cyber Security Today. It’s Wednesday, July 26th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.



Almost half of the respondents to a survey said their organization has been the victim of ransomware in a recent six-month period. That’s according to a survey paid for by three security companies: Cohesity, Tenable and BigID. Just over 3,400 IT and security operations decision-makers in seven countries were questioned in April. Not surprisingly, 93 per cent of respondents feel the threat of ransomware attacks to their industry has increased in the past year. Respondents were also asked about the biggest barriers to their organization being able to get back up and running after a successful cyberattack. The top three challenges were integration between IT and security systems, a lack of co-ordination between IT and security, and antiquated backup and recovery systems.

Crooks are selling a lot of stolen credentials that can access business applications. How much? According to researchers at Flare Systems of Montreal, over 376,000 logs with credentials for accessing applications such as Salesforce, Hubspot, AWS, Google Cloud Platform and Okta authentication are being pedaled by criminals. These logs have been compiled by information-stealing malware such as Redline, Racoon and others packed into phishing links that employees fall for. These information stealers look for credentials, operating system information, cryptocurrency wallets and potentially confidential or sensitive files. Forty-six per cent of the logs studied had access to Gmail credentials, representing more than 8 million infected devices. Two lessons from this report: First, security awareness training for employees is more important than ever. Second, phishing-resistant multifactor authentication is vital in case employees make a slip.

IT administrators with computers running AMD Zen 2 processors should apply BIOS updates from their PC or server manufacturers as soon as possible. They close a vulnerability that under specific circumstances could allow an attacker to gain access to sensitive information. Affected are certain EPYC and Ryzen CPUs.

Is your IT department taking advantage of the email security protection offered by DMARC protocols? Maybe not, according to a survey done by researchers at SendLayer. Forty-one per cent of the domains of banks they looked at had no DMARC protocols set up. Sixty-six of the largest global companies had domains with no DMARC protection. Only 35 per cent of the domains attached to government organizations had DMARC enabled. DMARC stands for Domain-based Message Authentication, Reporting & Conformance. Why is this important? Because DMARC helps email systems identify phony messages sent from unauthenticated domains.

The number of malicious software packages dumped into open-source repositories like NPM and PyPI continues to increase. Researchers at Phylum said the number of packages with known malicious URLs went up 59 per cent in the second quarter compared to Q1. As I’ve said before, developers have to be careful of what they download from open repositories.

Speaking of open-source repositories, researchers at Checkmarx recently found two infected packages in the NPM platform aimed at infecting specific banks. In both cases, to help sucker an employee into downloading the packages, the attacker created a fake LinkedIn profile. The report doesn’t say how that profile was used, but reading between the lines I think there was a link in NPM to the developer that a curious downloader could check to see if the author was legitimate. Again, this is another example of how developers not only have to check before downloading but also scan everything they download.

Crooks are doing anything they can to create convincing deepfake videos to fool victims into falling for scams. The latest example: On Sunday CBC news anchor Ian Hanomansing reported that someone is spreading a video that makes it look like he’s endorsing an investment scheme. The crook took comments Hanomansing made during an interview on ChatGPT — he says, “I hadn’t used it at all until yesterday” — and made it look like he was talking about a money-making scheme. This is another form of fake news and misinformation that governments have been warning about. If your organization hosts forums make sure they aren’t sources for this junk. Organizations should also be searching social media sites for misinformation to protect their brands. See these reports from the Canadian Centre for Cyber Security and ISC2 on identifying misinformation. There’s also a link to Ian’s report.

Apple has released security patches for 16 vulnerabilities affecting iPhones, Macs, and iPads. The patches come in the release of iOS and iPad 16.6 and updates for watchOS, tvOS and macOS. Two of the bugs may have already been exploited.

Finally, Norway continues investigating a cyber attack that hit 12 government ministries earlier this month. The attackers took advantage of a vulnerability in an unnamed software supplier, the government said on Monday. Not affected are the IT services of the Prime Minister’s office, the defence, foreign affairs or the justice ministries.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, July 26, 2023 – Reports on successful ransomware attacks, on stolen credentials for accessing business applications, and more first appeared on IT World Canada.

Leave a Reply