World Backup Day advice, malware expands in NPM library and a new distribution method for a trojan.
Welcome to Cyber Security Today. It’s Wednesday, March 30th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Tomorrow is World Backup Day. Hopefully at your firm and at home you backup your data more than once a year. Seriously, it’s a day to remind IT departments and individuals not just that you need to regularly backup your data, but to do it in a disciplined way.
First, inventory all the applications and sources of data so nothing is missed. IT departments then have to work with management to determine how often you need to backup data – once a minute, once an hour, or once a day? Where do you backup – on-premise or in the cloud? Do you need a full backup every time, an incremental backup (where only the data changed since the last full backup is added) or a differential backup (which is faster and takes up less space)? Do you need multiple backups – if your only backup fails, what will you do? Is your backup separate from the live network so it’s protected from being compromised if your live data is compromised? Do you encrypt the backup for extra protection? Why not? Do IT staff regularly test backed-up data to make sure it’s intact? And does staff test data restoration procedures to make sure they can do it when needed?
Businesses and individuals should note that some cloud services, like Gmail, don’t backup your data. You have to do it yourself. When signing up for a cloud service make sure to ask if data backup is included or is an available option.
Individuals – especially those running a home business – need to take data backup seriously as well. Your smartphone, tablet and main computer all need to be regularly backed up.
There are lots of free resources with backup strategy advice available from security vendors as well as the Canadian Centre for Cyber Security and the U.S. Cybersecurity and Infrastructure Security Agency.
On Monday’s podcast I reported on malware hidden in the NPM open source library. It turns out that was only part of a bigger scheme. Researchers at Checkmarx said this week that the same attacker who created those corrupt packages is also behind two other efforts to shove malicious application packages into the NPM site. The attacker is doing it by automating the creation of new accounts on the platform with multiple usernames. That lengthens the time it takes for malicious packages to be detected and taken off NPM. Meanwhile the bad code gets installed in many applications that can be later leveraged in supply chain cyberattacks. Open-source repositories like NPM have to take more security measures to stop threat actors from abusing their platforms. And, as I said last time, developers downloading packages from open source libraries have to take care and scan before installing them in their apps.
Personal data of roughly 820,000 current and former New York City public school students was compromised earlier this year, it has now been revealed. The New York Daily News said the grading and attendance system provided by a company called Illuminate was hacked. The education department believed all student data was encrypted. However, only some data was protected. Data accessed by crooks included students’ names and birthdays.
Organizations worry about the cyber theft of personal information of customers by crooks. But nation-states and their proxies are also on the prowl. They are after company secrets. According to an international survey released this week by Trellix, 86 per cent of IT respondents believe their organization has been targeted by a nation-state-backed cyberattack. Here’s a worrisome statistic: Ten per cent of the IT decision-makers surveyed said their organizations don’t have a cybersecurity strategy – that included nine percent of critical infrastructure providers.
Finally, I’ve reported before about cyber attackers hijacking business email threads to deliver malware. The victim thinks an email message is part of string with one or several people so they trust the attachment that’s included in one of them. The latest example of this scam was detailed this week by researchers at Intezer. They discovered a threat actor is compromising Microsoft Exchange servers to deliver the IcedID trojan for spreading malware, including ransomware. This particular campaign uses infected attachments that are labeled as a password-protected zip file. The password for unlocking the file is included in the email message. As I said, the message appears convincing because it looks like it’s a reply to a previous message in a thread. It may be something like, ‘This is to remind you there’s an unprocessed payment for the recent contract.’ When the victim uses the password to unlock the file the malware is launched. Employees have to be reminded not to trust attachments without checking the source, even if they appear to come from someone they know.
That’s it for today. Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
Thanks for listening. I’m Howard Solomon