Cyber Security Today, Dec. 1, 2021 – The FBI seizes alleged ransomware gang member’s funds, a cloud computing security report from Google and more

The FBI seizes alleged ransomware gang member’s funds, a cloud computing security report from Google and more malware found in the Android store.

Welcome to Cyber Security Today. It’s Wednesday, December 1st. I’m Howard Solomon, contributing writer on cybersecurity for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

The FBI continues to make some progress against ransomware groups. According to the Bleeping Computer news service, the feds seized bitcoin worth just over $2 million in August from a digital wallet in Texas. The money is allegedly traceable to attacks carried out by the REvil ransomware gang. The digital wallet allegedly belongs to a resident of Russia.

Separately, a report from the NCC Group says the use by ransomware gangs of the double extortion tactic is going up. In October there were 314 double-extortion victims around the world, an increase of 65 per cent over September. Double-extortion is stealing some data and threatening to release it to the public or sell it to other crooks in addition to encrypting the rest of an organization’s data. The report also notes that one threat actor, dubbed SnapMC, doesn’t bother encrypting data. It only steals data and holds it for ransom.

Cloud computing has several advantages for IT departments. One is that they don’t have to worry about rushing to install security updates. The cloud application provider — Gmail, Salesforce, Microsoft 365 — finds bugs and installs updates fast. However, organizations still have to make sure their systems aren’t vulnerable to misconfigurations and other errors by employees. In its first cloud threat intelligence report Google says many successful attacks on applications are caused by poor cyber hygiene and a lack of basic security controls. What kinds of problems can happen? Looking at its own service, the report says 86 per cent of compromised Google Cloud Platform instances were used for stealing compute cycles for cryptocurrency mining. Other abuses of Google Cloud included using resources to scan targets, to launch cyberattacks and to host malware. Forty-eight per cent of compromises were blamed on customer accounts that had either no password or a weak password. Another 26 per cent of compromises were due to vulnerabilities in third-party software that organizations installed themselves. One piece of advice Google offers for better security of its cloud customers applies to users of any cloud service: Employees should have to use two-factor authentication for logins. Google also provides a range of security services such as web scanning, a security command center and other capabilities. When IT departments look for cloud providers they should ask if similar services are available and what they cover.

I’ve said before that Google makes good efforts to keep malware out of the Android Play store. However, cyber crooks try just as hard to squirm past defences. A report this month from a Dutch cybersecurity company called Threat Fabric shows how some groups do it. They create mobile apps that include a dropper. A dropper is a small piece of code that calls back to a crook’s server to download malware onto a victim’s device. The small size of the dropper code makes it hard to detect. Researchers at Threat Fabric recently discovered 11 apps in the Play store able to infect victims’ Android devices with dozens of pieces of malware aimed at stealing bank login passwords. Threat Fabric believes the malware has been downloaded over 300,000 times. As is often the case these bad apps pretend to be utilities like QR code scanners, PDF scanners, cryptocurrency apps and fitness trainers. Crooks know that many people love finding new apps to play with on their smart phones. Always remember that when you want to download an app. Be sure from reading reviews and talking to people you trust that an app is trustworthy.

That’s it for now Remember links to details about podcast stories are in the text version at

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Follow this Cyber Security Today

More Cyber Security Today