FBI warning on ransomware, how the pandemic has affected IT security and a new botnet threat.
Welcome to Cyber Security Today. It’s Wednesday March 17. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
The FBI has issued a flash alert, warning of increased ransomware attacks on schools, colleges, seminaries and universities in the United States and the U.K. The gang behind this string of attacks will copy data from the institutions before encrypting all files. Then it uses the copied files to squeeze the victim organization into paying for a decryption key. If not the data will be sold to criminals. Usually the gang gets into organizations by getting passwords for remote access systems or by getting people to fall for phishing emails with infected attachments. The FBI reminds all organizations of the importance of patching, using multifactor authentication to protect logins to computer networks and disabling unused remote access ports.
The pandemic has forced a large number of people who use computers to work from home. A new survey of IT security decision-makers for Randori suggests firms that were unprepared had a lot of headaches. Forty-two per cent of respondents said their organizations were compromised because of unapproved or unsecured computers and smartphones connected to the network. Three-quarters said cyber attacks have increased in the past year. Just over half agreed protecting their organization from online attacks has become more difficult. One of the big problems is people who work from home don’t have the IT protection that enterprise-grade security systems provide from their offices.
Seventy-six per cent of respondents said prioritizing which applications to patch has become harder since the pandemic.
Just over half of respondents said they were able to get increased spending, and 44 per cent said they were able to hire more staff. However, 25 per cent of respondents said their organization had to cut security staff.
Another survey released this week has interesting information on attacks. HP looked back at threat trends in the three-month period ending in December and found new techniques used by hackers. For example, usually if a victim opens an infected document it triggers a hidden message to an outside server run by hackers where malware is waiting to be uploaded. Anti-malware software may detect that, so crooks are now making the process start after the victim closes the infected document.
Another recent tactic is to copy the contents of a victim’s email mailbox, then spoof the sender addresses of a person in a chain of back and forth messages. The crook uses that spoofed address to insert a message in the email conversation with an infected document. Those in the conversation think the infected message is from a participant in the email chain. It’s another example of why you always have to check email addresses of senders, among other things, before clicking on a link or attachment.
Finally, a report from Palo Alto Networks is another reminder to IT administrators of the need to patch applications and devices as soon as possible. In February its researchers detected attempts to exploit vulnerabilities in firewalls, virtual private networks, switches and routers. The goal of the attacks is to plant malware in the devices and join them in a botnet to distribute more malware. In some cases the attacks were launched hours after the vulnerabilities were published. Administrators have to better secure any device on a computer network with strong passwords and multifactor authentication. In addition devices have to be patched as soon as possible.
That’s it for today. Links to details about these stories are in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at cybersecurity professionals.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.