Ransomware payments may have totaled hundreds of millions in the U.S., and more.
Welcome to Cyber Security Today. It’s Monday October 18th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Ransomware gangs may have collected $398 million in the United States in the first six months of this year. That’s the estimate of the U.S. Treasury Department after looking at suspicious ransomware activities as reported by American-based financial institutions. But that may not give the entire picture of the size of the ransomware business in the U.S. Consider this: The researchers identified 177 digital wallet addresses used by crooks for ransomware payments by the top 10 most common ransomware varients. Bitcoin valued at $5.2 billion flowed through those wallets. Not all of that was definitively related to ransomware payments, but it’s a pretty big number. Overall, financial institutions in the U.S. reported 635 instances of suspicious ransomware-related activity worth $590 million in the first six months of this year. That exceeds the value reported for all of 2020.
A former employee of a flight training school in the U.S. has been charged with hacking into the company and changing aircraft maintenance records after their dismissal According to the Vice.com news service, the accused was allegedly able to use username and password of their replacement to log into the system. Commentators at the SANS Institute said the alleged hack is a good reason why organizations have to move to multi-factor authentication to ensure passwords seen, shared or guessed of fellow employees can’t be used against them.
In August global IT consulting firm Accenture reported it was hit by a ransomware attack. At the time it said there was no impact on Accenture’s operations or on client’s systems. The Bleeping Computer news service says Accenture acknowledged in its latest regulatory report earlier this month that the ransomware gang stole what the company calls proprietary data.
The anonymity allowed by the internet enables all sorts of bad activity by criminals and countries. In the latest example, last week Twitter reportedly suspended two new accounts it believes were created by North Koreans pretending to be cybersecurity researchers. Google also says it confirmed those two accounts were directly related to a scam it identified in January. In that operation North Korean agents create fake personas on various social media platforms like Twitter, LinkedIn, Telegram and others trying to gain what looks like a legitimate background. Then they reach out and try to befriend real security researchers. The goal is to eventually infect those people’s computers with malware or spyware. It’s been said before, but you’ve got to verify everything on the internet.
That includes verifying the safety of anything you download, especially mobile apps. Researchers at Imperva discovered an app called AllBlock in the Google Chrome Web store promising to block ads. The problem is it did the opposite: It injected ads into the Chrome and Opera browsers. You may think ads are just annoying. Some, though, get money for scammers just by appearing on a device. And others secretly distribute malware. Just because an app or extension is in the Google or Apple stores doesn’t mean it’s safe. Both companies try hard, but sometimes crap sneaks through. Always check with others and look for reviews before downloading anything. If you are the type who likes downloading apps without checking, put a reliable antivirus app on your device.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.