How secure is your videoconferencing platform, ransomware advice and COVID-19 shipping scams
Welcome to Cyber Security Today. It’s Wednesday April 29th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
To hear the podcast, click on the arrow below:
With more people using videoconferencing during the COVID-19 pandemic crisis, many want to know which platforms are secure? Well, part of the answer is deciding how much security you need. Are you talking to family and friends, a doctor or your company? Obviously you want better security if you’re going to be online discussing sensitive information. To help guide consumers The Mozilla Foundation, which makes the Firefox browser, studied the privacy and security policies of 15 popular platforms. It has doubts about three including Houseparty, Discord and Doxy.me, which is a telemedicine app. For example, Houseparty allows a minimum of 5 characters in a password, which most security practitioners believe is way too few. And it allows the very insecure password ‘12345’. Discord’s minimum password length is six characters, and allows the very insecure password ‘111111’. Only healthcare providers need to create a password for Doxy.me, but, the report says, it can be as weak as ‘123.’
How sensitive are companies to the criticism? Very. Asked for comment by the news site ZDNet, Discord said it had just strengthened its password rules. Doxy.me said it is working on improving its password strength. Houseparty said users are encouraged to use strong passwords.
Mozilla’s rating system is subjective, but it’s a place to start when considering any communications or social media platform. There’s a link to the full report here.
A ransomware gang apparently feels guilty that for the last six years it has forced victims to pay to get their scrambled data. Known by security researchers as the Shade group, on the weekend the operators posted an apology and released the 750,000 encryption keys used to scramble the data. With the keys antivirus companies can create free decryption keys to unlock the data — if companies and users have kept copies of the scrambled files. It isn’t clear why the group is being so good-hearted. Shade actually stopped distributing its ransomware last December. Was the group’s operations taken over by a good Samaritan By law enforcement? Or has the group moved on to a better version of malware? Who knows.
Meanwhile, other ransomware attacks continue. One of the latest victims is the U.S. pharmaceutical giant ExecuPharm. Earlier this month it notified the attorney general of Vermont that its servers were hit in March. As usual, someone fell for a phishing email. Before launching the ransomware the attackers copied personal information of ExecuPharm employees and those of a partner company, Parexel, which conducts clinical trials. The copied data including social security numbers, drivers licence numbers bank account and credit card numbers — all the stuff needed to impersonate people. The news site TechCrunch has learned the attackers have published some of the stolen data, including company emails and financial information. That usually happens when the victim refuses to pay to get the encryption keys.
Having a safe backup copy of company data used to be a good defence against ransomware. All you had to do was delete the scrambled data and restore with the copy. No more. Organizations have to assume a ransomware attack means data has been stolen.
By the way, this week Microsoft released advice for IT professionals on reducing the risk of ransomware attacks. A lot of it is basic cybersecurity practices, like making sure applications are patched. There’s a link to the page here.
Finally, another COVID-19 scam to tell you about. Security vendor Kaspersky says criminals are sending fake emails from delivery services about packages that have to be picked up at a warehouse because of the coronavirus outbreak. Or the package went to the post office after failing to be delivered. Details about the warehouse location are in an attached document. Click on the document and your computer is infected. Don’t be fooled if the email includes a small image of what looks like a legitimate shipping document. Don’t be fooled if the email says something like ‘This message was scanned by a mail security solution and has no malware.’ Don’t be fooled if you click on a link and you go to a web site that looks a lot like a real shipping company’s site. These sites ask you to enter your username and password for tracking packages. To avoid being taken in by these scams, look carefully at the sender’s email address. If it came from a free email service, like Gmail, or it has a bunch of meaningless characters, it’s likely a fake. Watch for bad grammar or crookedly formatted text. Don’t click on attachments in email from delivery services. If you have an account with FedEx or DHL or whoever, go to the website yourself and check the tracking number. And beware of shipping messages that mention coronavirus.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.