Ties are alleged between ransomware and extortion gangs, and a warning to app developers.
Welcome to Cyber Security Today. It’s Monday April 18th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Organizations receiving a ransomware or extortion threat have to make a tough choice: Pay to get access to their data back, or don’t pay and suffer angry customers and employees — plus the risk of crippling reputational damage. However, paying has to come with a promise: The organization won’t be hacked again and the crooks don’t keep or release any of the stolen data. The question is, can you trust crooks? Not if they’re the Karakurt, Conti or the Diavol ransomware gangs. That’s the argument made in a new report from researchers at Tetra Defence, a division of Arctic Wolf, and Chainalysis. Karakurt is an extortion gang that steals data. Unlike a ransomware gang it doesn’t encrypt the data of a victim organization. Karakurt is believed to have hit 55 organizations in the U.S. and eight in Canada. How? The researchers say there’s evidence those behind the Karakurt gang are using Conti gang resources, including network access to previous Conti victims. By a funny coincidence a company hit by Karakurt had just been victimized by Conti, the report says. They also believe Diavol ransomware is deployed by the same people behind Conti and Karkurt. The researchers’ conclusion: Think carefully before paying any data ransom demand. It may not protect you from being hit again.
Application developers using certain versions of the Heroku Dashboard as well as the Travis CI continuous integration application testing service are being warned their projects may have been copied and compromised. In a blog on Friday GitHub’s said it came to this conclusion after investigating unauthorized access to GitHub’s NPM production infrastructure. NPM hosts open-source projects. The access was gained through a compromised AWS API key. It is believed that key was obtained when an attacker stole OAuth tokens for accessing software using Heroku and Travis-CI. Projects stored on NPM and GitHub.com may be affected. Developers using Heroku and Travis CI need to go through their audit logs and user account security logs for suspicious behavior.
Crooks have found a new way to monetize stolen corporate data: They’re offering to sell it to a firm’s competitors. According to the Bleeping Computer news site, a website called Industrial Spy has been created where companies can buy stolen trade secrets, manufacturing diagrams, accounting reports, and client databases. “Premium” stolen data packages cost millions of dollars. Lower-tier data can be bought as individual files for as little as $2.
As I’ve mentioned many times, crooks use SMS text messages as well as email to trick people. One of the latest ways is by spoofing the victim’s phone number in a text message, so it looks like they’re getting a message from themselves. That gets around the victim ignoring a text from an unknown phone number. According to the U.S. Federal Communications Commission, victims are getting messages that appear to come from their cellphone provider thanking them for paying their bill, and offering a gift as gratitude. All they have to do is click on a link. That, of course, leads to malware being downloaded, or the victim’s phone number being added to lists other scammers can use. If you get a text message like this, report it to your carrier, the police and the communications regulator in your country.
Finally, this is tax deadline day in the U.S. Crooks are paying attention too, by sending phishing email and text messages to consumers about email or text messages purporting to be from the Internal Revenue Service. The IRS does not use email, text messages or social media to discuss personal tax issues, such as those involving bills or refunds. The same in Canada. In Canada this year’s tax deadline is May 2nd for individuals. It’s also the same day for those who are self-employed and owe money. Otherwise the deadline for those self-employed is June15th. Revenue Canada doesn’t send text or email messages asking for personal information.
That’s it for this edition. Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.