The latest ransomware news, an accidental take-down of a botnet and more.
Welcome to Cyber Security Today. It’s Friday, December 2nd, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
The Cuba ransomware gang added 50 victims around the world in the first eight months of the year. That’s according to the U.S. Cybersecurity and Infrastructure Security Agency. It brings the total number of victims of this group to over 100. The agency figures that so far the gang’s operators have received over US$60 million in ransom payments. The numbers are in an updated report on the gang’s tactics and indicators of compromise. There’s a link to the report in the text version of this podcast.
Affiliates of the LockBit ransomware gang are increasingly using common and legitimate testing tools to compromise victim organizations. That’s the conclusion of researchers at Sophos. Affiliates do the initial compromise of victims before the ransomware is deployed. They have been seen using a hacking tool available on GitHub called Backstab, an anti-hooking utility GMER, the network probe Netscan and a tool called AV Remover. Defenders should note that evidence of these tools could be a sign their networks are under attack.
Researchers at Akamai admit they accidentally took down a crypto mining botnet last month. They were testing the botnet’s functionality and sent it an improperly formatted command. The bot doesn’t have error checking built in to verify that commands are properly formatted. So it crashed all the code running on infected machines. It isn’t known if the threat actor behind this bot can rebuild the system.
Developers using the Quarkus Java framework are urged to install the latest version of the application. Red Hat, which makes its own build of Quarkus, revealed the problem on November 21st. A fuller description was published this week by a researcher at Contrast Security. Briefly, a problem in a config editor is vulnerable to drive-by localhost attacks that could lead to remote-code execution on the developer’s computer.
Attention IT administrators and home users with video cards from Nvidia in their computers. The company has released a software security update for Nvidia’s GPU Display Driver. It solves vulnerabilities that could lead to systems being hacked.
There’s also a link here to Trustwave’s latest advice on safe online holiday shopping.
Later today the Week in Review edition will be available. In this episode David Shipley of Beauceron Security and I will talk about ethical hacking, the value of fines for data privacy offences and puzzling responses to a vendor survey.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.