World Backup Day advice, new malware targeting Linux and more
Welcome to Cyber Security Today. It’s Friday, March 31st, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Today is World Backup Day. I have a long story on ITWorldCanada.com which is tailored for IT department leaders in mid-to-large firms, so on this podcast I want to address IT leaders in small businesses. The good news is backup and recovery should be easier because your environment will be simpler compared to a multi-million dollar retailer. Still, some of the same rules apply: First, decide what data needs to be backed up, giving priority to sensitive information and how often it needs to be backed up. Second, make sure data is backed up off-site as well as on-site. And for extra protection, it should be encrypted. Third, make sure the off-site backup can’t be compromised by a hacker. One of the biggest failures of IT is to protect off-site backup from being encrypted, ruining any chance of data restoration. Fourth, document your backup procedures so when staff leave the knowledge doesn’t go with them. And last, have IT staff regularly practice restoring a backup. You’ll need that experience in a crisis.
Attention Linux administrators: New malware targeting Linux servers has been discovered. Researchers at the French firm Exatrack call it Melofee, and believe it was created by a group based in China. It drops a rootkit and a server implant. The implant can update itself, create a new socket for interaction, search for system information, read and write files and more. The implant hasn’t been widely seen, suggesting the attacker uses it only to go after high value targets.
University researchers say there’s a fundamental flaw in the Wi-Fi protocol that could affect devices running Linux, FreeBSD, Android and iOS. In a summary of the report, the Hacker News notes that the flaw could be used to hijack TCP connections or intercept client and web traffic. The power-save mechanisms in endpoint devices could trick access points into leaking data frames in plaintext.
Cisco Systems said attacks could be successful against its Wireless Access Point and Meraki wireless products. But Cisco also believes the information gained would be of minimal value in a securely configured network. To reduce the odds of success, TLS should be enabled to encrypt data in transit. In addition network access should be restricted.
Attention Instagram users: Crooks are hunting for subscribers who haven’t activated multifactor authentication. When they are found, the crooks either use a brute-force attack to figure out the passwords or use a phishing attack to trick the user into giving up their password. According to researchers at Group-IB, once the hacker has access they lock out the account owner by enabling multifactor authentication. Then they rename the hijacked Instagram account to make it look like it belongs to a financial institution to trick the account’s followers. This scheme was run in Indonesia, but it can be tried in any country. Instagram users are warned this is another reason to enable multifactor authentication.
That’s it for now. but later today the Week in Review podcast will be available. David Shipley of Beauceron Security and I will discuss a proposed delay on researching AI systems, the future of TikTok and more.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.