Cyber Security Today, March 8, 2023 – A new ransomware tactic, old DrayTek routers are exploited and more

A new ransomware pressure tactic, old DrayTek routers are exploited and more.

Welcome to Cyber Security Today. It’s Wednesday, March 8th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Today’s podcast has lots of ransomware news.

The Medusa ransomware gang has found a new tactic for convincing victim organizations it really has copied their files. According to threat researcher Brett Callow of Emsisoft, the gang created a 51-minute video of screenshots of data allegedly copied from the Minneapolis Public School system. Last month the board reported suffering what it says is an ‘encryption event.’

The Lockbit ransomware gang has listed a Florida county sheriff’s office as one of its latest victims. The gang says data it copied will be published if it isn’t paid by March 20th. According to Emsisoft, at least 15 local government agencies in the U.S. have been impacted by ransomware for far this year, and at least 10 of the 15 had data stolen.

Meanwhile a ransomware attack hit a hospital in Barcelona over the weekend, forcing the cancellation of 150 non-urgent operations.

Group 1001, which owns several American insurance companies including Delaware Life, says its IT systems are now back after suffering a ransomware attack early last month. The company says it didn’t pay a ransom.

Mastercard Canada has renewed its support for a Canadian university program training women to be cybersecurity leaders. The program is offered by Toronto Metropolitan University’s Rogers Cybersecure Catalyst. The first cohort of 30 women will graduate in April from the Catalyst’s emerging leaders cyber initiative. The Catalyst is a training and certification centre.

Some organizations, such as doctors’ offices, pharmacies and law firms, still use fax machines for sending and receiving documents. This week Canada’s privacy commissioner urged organizations to get rid of them. Fax machines are a privacy risk. They should be replaced with more modern, secure and interoperable digital alternatives like encrypted email attachments. Until your fax machines are replaced at least use a machine that encrypts transmissions and requires users to key in a password to access and print a fax. Keep fax machines in a secure area to prevent unauthorized people from seeing documents. And before sending a fax check the phone number the document is going to. A common privacy violation is a fax that goes to the wrong person.

Here’s another reason why your firm needs to inventory its hardware and get rid of unsupported devices: Old business-grade routers from DrayTek still connected to the internet are being infected and used by hackers. The affected models are the Vigor 2960 and 3900. Researchers at Lumen call the malware Hiatus. It enables a hacker to monitor traffic on infected routers including email and file transfers. But it also uses the routers to create a botnet to spread the malware. DrayTek sells its equipment around the world. The researchers have found about 100 infected routers, mainly in Europe and Latin America. They aren’t sure how the routers are compromised. But owners of office and home routers are urged to regularly monitor, reboot and install security updates and patches. Devices that are no longer supported should be replaced.

A new piece of information-stealing malware has been found. Researchers at Morphisec call the malware SYS01. The threat group using it is trying to hack Facebook business accounts. The method is by getting victims to click on Google ads and fake Facebook profiles by promoting things employees shouldn’t be clicking on, like games, adult content and cracked software. This leads victims to download a malicious file. That file loads SYS01 to steal passwords, cookies and Facebook business account information. If you’re an IT administrator, limit employees’ ability to download and install programs. And train staff how to spot email and text scams.

Finally, are you about to get on a video call with the Ukrainian Prime Minister? The guy on the other side of the screen is probably a Russian activist impersonating the politician. Researchers at Proofpoint say a group sympathetic to Russia is trying to trick public supporters of Ukraine, including government officials, to get on video calls. The victim thinks they are getting a chance to show their support for Ukraine. However, the goal is for the host to get the victim to say something embarrassing, An edited version of conversation is then posted on YouTube and Twitter. An embarrassing video would cheer Russians supporting the war. The scam starts with a prominent business person, donor or politician supporting Ukraine getting an email purportedly from the local Ukraine embassy or parliament asking for a video chat.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Sponsored By:

Cyber Security Today Podcast