New Linux malware, a new hacking group and a thick advisory report from Microsoft.
Welcome to Cyber Security Today. It’s Friday October 8th.. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
There’s a new family of malware being used against Linux systems. Several security firms have recently written about it, including Avast and Laceworks. The latest report came this week from researchers at ESET. This malware installs backdoor or rootkit modules in victims’ servers. The goal is to steal passwords, and after that steal data. Linux malware isn’t as common as Windows malware, so Linux administrators should pay attention.
A cyber espionage operation targeting aerospace and telecommunications companies for three years has been uncovered by Cybereason. The threat actor dubbed MalKamak has been operating since 2018. It installs remote access malware that can evade antivirus and other security tools. Victim companies have been in the United States, Russia, Europe and the Middle East.
Cybersecurity companies sometimes release detailed reports on threat groups. The latest comes from Mandiant, which used to be called FireEye. It’s on a financially motivated group it dubs FIN12, which has been behind a number of ransomware attacks. What marks this group is it often goes after hospitals and medical clinics. Typically, victim organizations have more than $300 million in revenue. Also notable is that the group works fast: It’s not uncommon for it to deploy ransomware less than three days after an initial compromise. That’s because it usually doesn’t do the time-consuming thing of stealing data before launching ransomware that other groups do. It just turns on the ransomware and demands money.
As part of Cybersecurity Awareness Month this week Microsoft released a 134-page Digital Defense Report for executives and information security professionals. The goal is to help organizations find the best ways to defend their firms. There’s lots of information about the state of cybercrime, nation-state threats, and the risks posed by an organization’s partners and IT products – what’s called the supply chain. What readers may find most useful is the advice that basic security hygiene protects against 98 per cent of attacks. These are the things that lots of experts say have to be done: Turn on multifactor authentication to make it harder for attackers to leverage stolen passwords; limit the data access of employees and partners to only what each needs so a hacker can’t use one password to access everything; make sure applications have the latest security patches; install anti-malware software and protect sensitive data with tools like encryption.
Finally, don’t forget later today the Week in Review edition of the podcast will be out. I’ll be talking with an expert about romance scams, the Facebook outage and how to educate employees about cybersecurity.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.