A tricky new botnet has been found, ignore Android smart phone popups and watch out for tunnels.
Welcome to Cyber Security Today. It’s Friday June 22nd. To hear the podcast, click on the arrow below:
A new chain of malware-infected Internet-connected devices called a botnet has been spotted, and it’s spreading viruses and other bad things. End point protection vendor Deep Instinct announced the discovery this week of the botnet, which it calls MyLoBot.
What makes this one different from others you may have heard about, such as the Murai botnet, is its complexity. After initially infecting a computer or smart phone, the code waits 14 days before downloading malware from a command server. Then, among other things, it erases any other malware it finds on your machine. And it has some techniques for evading your anti-virus software. Then it goes to work, shutting down things like Windows Update and taking over your computer. Hopefully, with the revelation of this discovery the maker of your anti-malware software has been looking for identifiers of this attack and updated your software for protection. As always the best protection against infections is to make sure your operating system and all other software is up to date.
Beware of popups on your devices that claim you’ve got a problem that needs to be cleaned up – just click here. That’s the warning from RiskIQ, which says the latest scam is aimed at Android smart phone users. The message says your device – which it identifies by model name – has a battery problem and the memory needs to be cleaned. Just click to install this free app. The message gives you a choice to install or cancel, but don’t hit either of them. If you do the app takes you to the Google Play store, where malware is installed. Among the purposes of this scam is hidden clicking on ads, which makes money for someone. The safest thing to do is disconnect from the Internet, or temporarily shut your phone off, and that should clear the warning.
Finally, a famous U.S. bank robber once said he picked financial institutions because that’s where the money is. Cyber criminals do the same. In a report issued this week a security company called Vectra reminds organizations that hidden virtual tunnels are being used to steal critical data and personal information. Looking at data from customers that use its software, the company detected significantly more hidden command-and-control tunnels per 10,000 devices in financial services than all other industries combined. Not a huge number, but it’s noticeable. The point is these tunnels can be used to evade strong company access controls, firewalls and intrusion detection systems.
One of the most common ways attackers infect an organization is by tricking a user to open a malicious email attachment. That malware often leads to the creation of these virtual tunnels to hide attacker activity. So security teams not only have to watch what people are downloading but also signs of hidden tunnels in network traffic.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.