A holiday ransomware warning, ManageEngine patches needed and be careful downloading software.
Welcome to Cyber Security Today. It’s Friday, December 3rd. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
IT leaders know that the November-December holiday season is a time when crooks increase their attempts to steal credit and debit card data. But according to researchers at Darktrace it’s also a time of increased ransomware attacks. In the last three years the average number of attempted ransomware attacks in November and December went up 30 per cent compared to the rest of the year. And the largest rise in attempted ransomware attacks occurred between Christmas and New Year’s Day. That’s probably because many IT teams give staff time off. These numbers are another reason why IT teams have to be extra vigilant this month for signs of intrusions.
Here’s another reminder to be careful where you download software from. According to researchers at Cisco Systems, consumers in Canada, the U.S. Australia and Europe have been falling for ads pushed up when people search for popular desktop and mobile software. What victims get instead of legitimate software is malware that steals personal data and passwords or installs a backdoor for secret access. Half of the victims in this campaign that’s been going on since 2018 are from Canada. The researchers suspect victims start by using a search engine to hunt for software, then click on an ad for that application with a link to the promised software. What they should be doing is going to the developer’s website where legitimate software is found. One of the fake apps is WeChat. Listeners should remember some search engines, like Google, list ads at the top of their results. And they are clearly marked as ads. Consumers should be careful downloading software from links in ads. IT departments need to remind employees that using company computers for downloading software without approval is forbidden.
Attention IT administrators: If your organization uses IT help desk software called ManageEngine ServiceDesk Plus, make sure it’s got the latest security patches. A report from Palo Alto Networks says an advanced threat group recently began targeting this application. In fact this is the second ManageEngine product from a company called Zoho to be targeted by this threat group. The other product is called ADSelfService Plus In the past three months 13 organizations have been compromised through one or both ManageEngine products. Both applications need to be patched.
IT administrators using the Nginx web server should be on the lookout for a compromise. A security firm called Sansec has seen malware on Nginx-powered e-commerce servers that install a backdoor for stealing credit and debit card data from product purchasers. This malware has been seen in servers in the U.S., Germany and France. Click here for instructions on removing the malware
Having the latest updates isn’t a guarantee all security problems are fixed. A recent study of Wi-Fi routers for home and small business use found there can still be security issues buried in the firmware, in outdated functions and in weak default passwords even in newly-patched routers. The study was done by a German cybersecurity company, IoT Inspector, for a magazine. One lesson: Change the default password to something strong when you first install a router. The manufacturers of the devices studied, including TP-Link, Asus, Netgear and Linksys, released new security patches as a result of the research.
Finally, remember that later today my Week in Review podcast will be out. Today IT World Canada CIO Jim Love and I will discuss some of the cyber attacks from the past week.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.