A mysterious tactic from a ransomware gang, why phone numbers are bad WiFi passwords, and more.
Welcome to Cyber Security Today. It’s Wednesday October 27th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
The Conti ransomware gang has added a new tactic for trying to get money from victim organizations: It’s selling the IT network access of organizations it has already hacked into to crooks. What a buyer gets for that access is the ability to siphon off and directly sell, or threaten to sell, the victim firm’s data. Until now Conti has been the group holding an organization’s copied data for ransom after encrypting all of its data. The discovery of this added strategy was made by American cybersecurity reporter Brian Krebs. According to an IT World Canada source, one of the companies whose access is being sold is a British Columbia-based builder of residential and industrial properties. We aren’t naming the company because we haven’t confirmed it has been hacked. Krebs quotes an expert wondering if Conti is about to close and is essentially selling off its assets. Another possibility is Conti is getting out of the business of both selling and encrypting data to just focus on ransomware. The double extortion strategy has been profitable for a while for many gangs. But, one expert notes, the Ryuk gang has done fine by sticking with ransomware alone.
Attention IT administrators whose firms use the Discourse platform for online forums You’ve got to upgrade to the latest version. It closes a major vulnerability.
Experts regularly warn internet users to pick hard-to-guess passwords. Your cellphone number is a bad password – especially for your WiFi. Security firm CyberArk this week published a report explaining why. It was easy it is to use a specially-equipped laptop to scoop encrypted WiFi passwords from the air in Tel Aviv and break the ones using a phone number as a password. That’s because in Israel the prefix for all 10 digit phone numbers is 05. So a cracking program can assume those are the first two digits and only has to guess the other eight. And, of course, the other eight numbers each have only 10 options – the numbers zero to nine. If you chose a password largely with letters, each letter has 52 possibilities – 26 letters of both lower and upper cases. It’s harder to crack. Experts say passwords should be hard to guess, have a mixture of letters, numbers and symbols and be more than 10 characters long.
Hoping to land an IT job offered on the internet? Make sure it’s not from a company that’s a front for cybercrooks. Security company Gemini Advisory says a threat group known by researchers as FIN7 has created a phony company called Bastion Secure for hiring programmers. What the company really does is use unwitting victims for spreading malware. The gang’s phony company used to be called Combi Security.
Some organizations are eager to use facial recognition scanning as an alleged convenience for people. No more needing to fumble for credit or debit cards or remember PIN numbers, is the explanation. But when nine schools in Scotland last week began using a facial recognition-linked payment system so students could buy cafeteria food, privacy experts protested. Although the plan apparently was approved by parents, the U.K.’s Information Commissioner’s Office has asked the school board if maybe there’s a less intrusive way of paying for things.
Attention TikTok users: Videos that appear to be live streams from celebrities and well-known content creators may be phonies aimed at tricking you out of money. A researcher at security firm Tenable says scammers are using the stolen videos to peddle questionable products and drive users to adult dating websites.
Over 80 malicious Android apps have been found in and deleted from the Google Play store. These apps trick victims into signing up for expensive text messaging services that suck away their money. They were offered as custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters and games. When the victim opens the app they are asked to enter their phone number and or email address to unlock access. But that enrolls them in a premium SMS text service, which can charge upwards of $40 a month. As I’ve said before, Google tries to keep bad apps out of its store, but some still sneak in.
Do you use Craigslist for buying and selling goods? If so, don’t be fooled by an email warning that comes from Craigslist saying your ad has “inappropriate content.” The message instructs you to click on a button to fill in a form from DocuSign to avoid having your account deleted. It’s a scam, possibly aided by a crook hacking Craiglist, says a security firm called INKY.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.