COVID-19 malware wipes hard drives, a warning from governments on coronavirus aid scams and a Microsoft alert over VPNs.
Welcome to Cyber Security Today. It’s Friday April 3rd. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast click on the arrow below:
It’s bad enough home users, businesses and governments worry about being victimized by COVID-19 malware that steals passwords and data. Now security researchers are also seeing malware that either wipes everything off the computers of victims, or corrupts the master boot record of Windows machines so the computer hard drive is unusable. There’s no financial gain from doing this. It seems some people like hurting others. A security company called SonicWall this week reported seeing the malware that will destroy the master boot record. Victims will know they’ve been hit if a message pops up saying coronavirus has been installed. This attack doesn’t delete data, but it will take an expert to rebuild the hard drive. The ZDnet news service also reports seeing coronavirus-themed ransomware. There’s no explanation of how machine are infected, but the usual way is by the victim clicking on an attached document or a link in an email or text. That’s why it’s important — especially these days with criminals creating lots of COVID-19 scams — to make sure your antivirus or antimalware software is up to date, and that all your software has the latest security patches. Security company Proofpoint estimates 80 per cent of email and text scams going out now have coronavirus themes like pretending to be messages from health organizations or from employers with information on how to deal with the disease.
The U.S. Internal Revenue Service issued warnings about COVID-19 related tax and emergency payment scams. No government will call, email or text you asking for personal information so you can quickly get financial compensation related to the pandemic. In the United States most eligible Americans will have funds sent as a direct deposit into their bank accounts. In Canada payments can go either into your bank account or by cheque. If you want the latest government information, go to a government web site by typing in its address. In Canada, that’s www.Canada.ca. In the U.S. it’s www.usa.gov. Don’t click on email or texts that supposedly come from governments. Never trust a service or a site that says it can get money to you fast.
Also this week Microsoft warned hospitals using enterprise-level virtual private networks to make sure these devices have the latest security updates. A VPN is used so remote workers can securely connect to company databases and file servers. Hackers are targeting vulnerabilities in VPNs made by Pulse Secure, Palo Alto Networks, Fortinet and Citrix. Some of these attacks involve ransomware. It’s not just hospitals that need to watch out. Any organization that uses a VPN server has to make sure it has the latest security patches. They also have to pay attention to who is logging into the system and look for unusual activity.
IT managers whose companies use Microsoft’s SQL Server database should make sure their servers are protected. A company called Guardicore has discovered a campaign to infect SQL servers that’s been going on for almost two years. The at-risk servers are connected to the Internet. The way these servers are being compromised is by brute force attacks — that means hackers try to get in by using combinations of stolen passwords, or just guessing. IT administrators have to realize that access to databases has to be tightened using multifactor authentication. Guardicore thinks attackers have infected 3,000 servers daily, although that may not mean each server’s data was copied. Many attackers were caught.
Finally, Google has issued a new security update for the Chrome browser. Be on the lookout for it.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.