Cyber criminals partnering, ransomware help, and Stripe phishing attack.
Welcome to Cyber Security Today. It’s Monday October 21st, I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast click on the arrow below:
If you want to know how cyber criminals work, a report from a security company last week gives a good view. Issued by a threat research firm called Advanced Intelligence, it says some criminals who have hacked into companies are now selling their secret backdoor network access to groups that make ransomware. So ransomware gangs don’t have to work to break into corporations, they just buy the access someone else has. Meanwhile the intruder gets money without having to worry about how they will cash in on their hard work. What’s the price of buying access? According to the report, one intruder is selling access for between $3,000 and $5,000 per victim. However, access to what was described as high access to systems at an international developer of advanced digital imaging solutions was going for $20,000. The research firm contacted the seller who it says provided evidence of the breaches. Then it contacted U.S. law enforcement.
This report backs up several things cyber security experts have been saying for some time: Many companies aren’t watching their computer systems carefully enough and don’t know they’ve been hacked.
Speaking of ransomware, just because you’re hit and your files are encrypted doesn’t mean you can’t get them back. Some security companies are able to break the code and are distributing solutions for free. The latest comes from a company called Emsisoft, and works on a variant of ransomware called STOP. However, it only works on files encrypted before August. All you have to do is upload to Emsisoft’s web site a copy of the encrypted file and the original file, which hopefully you have from a backup. By comparing the two files the solution trains itself to decrypt the scrambled file. There’s a link to the web site in the text version of this podcast at ITWorldCanada.com
Do you have a business using an internet payment service called Stripe? Well, according to security company Cofense there’s an email scam going on you should watch for. Victims are usually account administrators. They get a message that pretends to come from “Stripe Support” saying there’s an account problem and you need to click on a link that says “Review your details.” Usually you can check if a link is suspect — that it’s going somewhere legitimate – by hovering over it with your mouse. That shows the real destination of the link. This scam, however, has modified the link so it only repeats the words “Review your details.” That’s a clue something’s phony. Anyone who clicks on the link goes to a phishing page that looks like the Stripe customer login page. It and the following pages steal usernames, passwords and bank account numbers.
Finally, attention Android users: Beware of the video downloading app called Snaptube. Security company Secure-D says Snaptube’s real purpose is secretly getting money by delivering invisible ads, generating fake clicks and purchases, and then reporting them as real activity to the advertising networks that pay for them.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon