Take the time to find ransomware, how a ransomware gang recruits partners and a Norwegian fund victimized for $10 million.
Welcome to Cyber Security Today. It’s Monday, May 18th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. For Canadian listeners, I hope you’re having a great long weekend and thanks for listening.
Ransomware is one of the more frightening cyber threats that an organization faces. As I outlined in a recent podcast, a number of big organizations are getting hit these days. Depending on the strain, ransomware infects and then scrambles computers on a firm’s network or it copies and steals data, then infects and scrambles devices on the network. The stolen data is used as extra leverage by the attackers: Pay up to get the keys to unscramble the data or they’ll embarrass your firm by releasing the stolen data.
But a blog by Cisco Systems notes ransomware these days doesn’t strike suddenly. It can take a hacking group as many as 14 days between the time the first computer is broken into and data is stolen, and in some cases another week before ransomware is deployed. That means the IT department may have two weeks to detect something odd is going on. The same is true for any kind of cyber attack. So, IT team members, you have to be looking for signs in logs and alerts. If you aren’t regularly manually or automatically scanning the data that security products kick off don’t be surprised if you’re a cyber victim.
Speaking of ransomware, the news site Bleeping Computer has learned a group behind a strain dubbed Netwalker is recruiting new criminal partners to spread their version of the malware. Netwalker is believed be the ransomware that infected an Australian transportation company called Toll Group in February. To persuade criminals to use its ransomware Netwalker developers are boasting they pulled in close to $1.5 million from one attack and almost $700,000 from another. Partners would get a big slice of any revenue. Netwalker is also offering an easy way for partners to publish any data they steal prior to launching the ransomware to heighten the threat. Now you know how cyber criminals work.
Here’s another example of a classic business email scam: Norway’s state investment fund has acknowledged criminals recently stole $10 million after spending months learning who was who in the fund. It started with the hacking of the fund’s email system and that of a financial institution in Cambodia which was supposed to receive a loan. The crooks were able to intercept email between the two, change messages and create fake documents. When it came time to send the money it went to the crooks’ account in Mexico on March 16th. To help avoid detection a fake email was sent from the fund to the Cambodian institution saying the money transfer was being delayed due to the COVID-19 pandemic. That’s why it wasn’t discovered until April 30th. After a while the Cambodian company probably said, ‘Where’s our money?’ and the Norwegian fund probably replied, ‘We sent it six weeks ago to the account you specified.’ Two lessons here: Email can’t be trusted for communications involving major financial transactions. And security wasn’t tight enough to prevent corporate email from being hacked.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.