The FBI seizes alleged ransomware gang member’s funds, a cloud computing security report from Google and more malware found in the Android store.
Welcome to Cyber Security Today. It’s Wednesday, December 1st. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
The FBI continues to make some progress against ransomware groups. According to the Bleeping Computer news service, the feds seized bitcoin worth just over $2 million in August from a digital wallet in Texas. The money is allegedly traceable to attacks carried out by the REvil ransomware gang. The digital wallet allegedly belongs to a resident of Russia.
Separately, a report from the NCC Group says the use by ransomware gangs of the double extortion tactic is going up. In October there were 314 double-extortion victims around the world, an increase of 65 per cent over September. Double-extortion is stealing some data and threatening to release it to the public or sell it to other crooks in addition to encrypting the rest of an organization’s data. The report also notes that one threat actor, dubbed SnapMC, doesn’t bother encrypting data. It only steals data and holds it for ransom.
Cloud computing has several advantages for IT departments. One is that they don’t have to worry about rushing to install security updates. The cloud application provider — Gmail, Salesforce, Microsoft 365 — finds bugs and installs updates fast. However, organizations still have to make sure their systems aren’t vulnerable to misconfigurations and other errors by employees. In its first cloud threat intelligence report Google says many successful attacks on applications are caused by poor cyber hygiene and a lack of basic security controls. What kinds of problems can happen? Looking at its own service, the report says 86 per cent of compromised Google Cloud Platform instances were used for stealing compute cycles for cryptocurrency mining. Other abuses of Google Cloud included using resources to scan targets, to launch cyberattacks and to host malware. Forty-eight per cent of compromises were blamed on customer accounts that had either no password or a weak password. Another 26 per cent of compromises were due to vulnerabilities in third-party software that organizations installed themselves. One piece of advice Google offers for better security of its cloud customers applies to users of any cloud service: Employees should have to use two-factor authentication for logins. Google also provides a range of security services such as web scanning, a security command center and other capabilities. When IT departments look for cloud providers they should ask if similar services are available and what they cover.
I’ve said before that Google makes good efforts to keep malware out of the Android Play store. However, cyber crooks try just as hard to squirm past defences. A report this month from a Dutch cybersecurity company called Threat Fabric shows how some groups do it. They create mobile apps that include a dropper. A dropper is a small piece of code that calls back to a crook’s server to download malware onto a victim’s device. The small size of the dropper code makes it hard to detect. Researchers at Threat Fabric recently discovered 11 apps in the Play store able to infect victims’ Android devices with dozens of pieces of malware aimed at stealing bank login passwords. Threat Fabric believes the malware has been downloaded over 300,000 times. As is often the case these bad apps pretend to be utilities like QR code scanners, PDF scanners, cryptocurrency apps and fitness trainers. Crooks know that many people love finding new apps to play with on their smart phones. Always remember that when you want to download an app. Be sure from reading reviews and talking to people you trust that an app is trustworthy.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.