Tips to protect against expected Russia-Ukraine cyber retaliation, and more.
Welcome to Cyber Security Today. It’s Monday, February 28th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Firms in countries imposing sanctions on Russia for invading Ukraine are bracing for possible retaliatory cyber attacks. Some threat groups are taking sides. For example the Conti ransomware group is threatening to attack those against Russia. Over the weekend researchers at Cisco Systems warned there may be cyber operations against Western countries. The goal will be to erode public support for sanctions against Russia through attacks against critical infrastructure like banks or energy companies. What IT departments should remember, the report says, is that poor cybersecurity hygiene, and out-of-date systems and software will lead to successful attacks. However, Cisco says, broad use of multifactor authentication by employees to protect logins, network segmentation, visibility of network traffic, having complete knowledge of where your sensitive data is, prioritized patching and intelligence programs that actively drive changes in your defenses are all key to successfully weathering attacks.
Graphics card and chip maker Nvidea has been fighting a cyber attack since last week. Nvidia told the BleepingComputer news service that the incident is still being evaluated but its commercial activities were not affected. However, the Lapsus$ hacking group claims it has stolen 1 TB of data from the company. On the other hand, Lapsus$ reportedly says Nvidea struck back and apparently encrypted some of the gang’s stolen data. Lapsus$ claims it has a backup.
By the way, some makers of graphic cards – including Nvidea — have crippled some of their lower-end products to make it harder for them to be used for mining cryptocurrency. In response, people post allegedly special drivers to get around the limitations. However, installing drivers that aren’t from a manufacturer’s website is risky. The Ars Technica news service found a report that tested one anonymous driver. It concluded the code alters Windows for no good reason.
Axis Communications, a video surveillance system manufacturer based in Sweden, is still dealing with a cyber-attack from last weekend. Although many of its websites around the world are now up, as of Sunday the Device Upgrades portal was reporting a major outage. In its latest status update, published last Thursday, Axis said there was no indication so far any customer or partner data was affected. The company says it was able to stop the attack before it was completed.
The operators of the TrickBot malware botnet have shut down their server infrastructure. That’s according to a report from The Record news service. That’s the good news. The bad news is that the Conti ransomware gang has reportedly recruited several top members of the TrickBot gang to develop one of the malware’s backdoor modules into a new weapon. TrickBot started out as malware that stole bank login usernames and passwords from victims and evolved into a hacking toolkit with modules that cybercrime gangs could use to add things like ransomware and data theft capabilities. In the fall of 2020 U.S. authorities and cybersecurity firms took down much of its server delivery infrastructure. But the botnet delivering TrickBot carried on until last December. Until this month’s dismantling, the botnet had been inactive.
Finally, the Canadian Anti-Fraud Centre is warning people with Instagram accounts to beware of phishing emails with links to fake Instagram login pages. Victims tricked into logging into these pages give away their usernames and passwords. Then the scammers try to blackmail the victims into recording a video of themselves promoting fake cryptocurrency platforms. If they do, the video is posted on the victim’s social media accounts with a link in the hopes the victim’s followers will trust the cryptocurrency site is legit and they’ll make a fraudulent purchase. First, don’t click on links or download documents in text messages or emails unless you are sure who sent them. Be suspicious of a link that leads to any site that you have to log into. And to protect against your username and password being stolen and used by crooks, enable multifactor authentication as an extra step needed when you login to Instagram.
That’s it for now. Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
Thanks for listening. I’m Howard Solomon