A record year for ransomware attacks predicted, and warnings from Microsoft and Cisco Systems.
Welcome to Cyber Security Today. It’s Monday August 2nd, I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
It’s a holiday in Canada today, so thanks for tuning in.
Ransomware attacks are soaring. That’s the conclusion of security vendor SonicWall in its analysis of recent threat attacks seen. The volume of ransomware around the world hit just over 304 million attempts in the first six months of this year. That was equal to the number of attempts for all of 2020. In the second quarter alone there were almost 189 million attempts. The report argues that the more organizations that pay ransoms the greater the incentive ransomware groups have to launch attacks. Organizations may be paying through their cyber insurance with the goal of containing costs of the attack. But, the report suggests, that only shows threat groups that ransomware pays. And paying doesn’t eliminate the chance that a ransomware group will strike a victim again, the report adds. The United States is by the far the country the biggest target of ransomware attempts. And for some reason, most of them are aimed at organizations or residents in Florida.
Cybersecurity teams are being warned that the Solarmarker password and information-stealing malware aimed at Windows systems has been improved. According to Cisco Systems’ Talos threat intelligence service, the unknown threat actor developing this malware has made some changes to hide its activity. It still asks victims to download an infected PDF or Microsoft Word file. One example is a file for application developers or IT departments with the title, ‘Changes in Hardware Software Documentation.” One way to limit the spread of this malware is to educate employees on the risks of downloading files and software send to them from unexpected sources. Windows administrators also have to restrict the use of PowerShell, which is used to execute this and many other types of malware.
Some organizations are finding smartcard-enabled printers, scanners and multifunction devices don’t work. It may be because of a problem with the July security patches Microsoft issued for Windows Server. Microsoft says IT departments should make sure the latest firmware and device drivers are installed. If that doesn’t solve the problem, it offers a temporary mitigation.
Separately, Microsoft is warning that malware being spread through fraudulent call centres is more dangerous than first thought. The scheme involves tricking people into calling a support line by sending them an email saying they will be charged a fee for a service unless they call in. The malware they are fooled into downloading, dubbed BazaLoader, installs a backdoor on their computer for sneaking into systems. In addition, Microsoft says, it also gives a hacker hands-on-keyboard control of the victim’s computer. That could lead to the installation of more malware or ransomware. You should ignore email threats like this, particularly if you have never signed up or downloaded trial software. As always, carefully look at the full sender’s email address. Usually this will contain clues it’s not from a legitimate company.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.