An Australian company caught with poor backup procedures, Gentoo Linux distribution escapes damage from cyber attack, and Kaspersky and McAfee warn users that crypto-mining malware is increasing.
Welcome to Cyber Security Today. It’s Friday July 6th. To hear the podcast, click on the arrow below:
By now I hope you know about the importance of having a backup of your data. It’s also important, especially if you’re a business, to have an extra backup off-site and not connected to your network. An Australian digital marketing and web provider found that out that hard way last week when it was victimized by an attacker. Not only did the hacker infiltrate its server and destroy most of the prime data, leaving many customers without their Web sites, it also erased the backup because it was linked to the network.
The attack also illustrated a cunning technique used by the hacker: Distraction. The attack started by flooding the company Web site with what is called a distributed denial of service attack. While an IT staffer was distracted putting out that fire, the attacker slipped into the system. Once in the attacker was able to change their password access privileges to give them access to everything. That’s another lesson: Administrators need two-factor or multi-factor authentication so an outsider can’t get access to everything just by having one password.
This was a small, three-person firm. But might lose a lot of business.
Speaking of two-factor authentication, a Linux distribution admitted it was stung recently when an attacker took over its site and nearly did serious damage to the code. Gentoo Linux said that on Jun 27th someone got control of an administrator account on its GitHub developer site and removed all access. The attack could have been stopped if administrators had to use two-factor authentication, which is a second way of verifying the identity of a user beyond the standard username and password. By the way, there was also a backup problem. This incident could have been worse.
Finally, two major security companies are reminding people that criminals are increasingly planting malware on computers to steal processing power to mine digital currencies. In a recent reports Kaspersky and McAfee have noted the trend, sometimes called cryptojacking. McAfee said in the first quarter of this year cryptojacking lept to more than 2.9 million known samples, up from around 400,000 total known samples in the last quarter of 2017. Making your computer reap the benefits of free cryptocurrency is easier for some criminals than stealing data and then having to somehow sell it on the black market. Kaspkersky notes there are several ways you’ll know you’ve been hit: Your system response will slow because the device’s memory, processor and graphics adapter are bogged down. If you have a mobile device batteries will run down much faster than before, and devices may run quite hot. If the device uses a data plan, you’ll see data usage skyrocket.
It’s repetitive, but the best protection is download as few apps as possible, be suspicious of every email or social media attachment and keep your software up to date with the latest patches.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing.