Welcome to Cyber Security Today. It’s Monday November 29th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
International furniture retailer Ikea has been fighting a cyberattack through its email system. According to the Bleeping Computer news service, a hacker is using the legitimate email addresses of employees to spread malicious attachments to other Ikea employees. These phishing emails may also appear to be coming from Ikea partners and suppliers. Usually the victims click on a file that contains a malicious Microsoft Excel document. To execute the document the victim has to then click on a button to Enable Content or Enable Editing. Most smart IT departments have turned off this capability because it’s how malware is spread. Employees have to be repeatedly warned that malware can come in attachments in emails that look like they are from co-workers, friends and business partners. They should be trained to always ask a knowledgeable IT worker before disabling the safety features in productivity suites like Microsoft Office.
Drug manufacturing and research organizations in the life sciences and biotechnology sectors are being warned their IT systems may face an attack by a very sophisticated threat actor. This alert from the Bioeconomy Information Sharing and Analysis Center comes after the discovery in October of advanced persistent malware in a company. It was the second found in a facility this year. According to researchers, the first detection came following a ransomware attack. They think this particular complex malware is specifically aimed a biomanufacturing and research organizations. Researchers say organizations must ensure proper segmentation between corporate and manufacturing or operational networks. Phishing defences are paramount.
Finally, threat actors try to hide their malware in a number of places on IT systems to prevent it from being detected. Researchers at a cybersecurity company called Sansec found a remote access trojan hiding in new location in several online shopping systems: Tucked away in the calendar subsystem of Linux servers under the date “February 31st.” As you all know, February doesn’t have 31 days, so few IT security systems would detect it. The real purpose of this malware is to steal credit and debit card data of shoppers. Usually cyber crooks try to inject this kind of data-stealing malware into a browser. However, increasingly they are hiding payment card stealing malware in servers.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.