Welcome to Cyber Security Today. It’s Friday May 21st. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
The Conti ransomware gang is trying to mend its dented reputation for scrambling the data of Ireland’s healthcare system. Yesterday it published a link to a free decryptor, which will allow the system to unscramble the files. That will be a relief to people worried about the loss of important medical or employee information. Makes the gang sound like good guys, right. Nope. You see, before files were encrypted a lot were copied, and the gang is still demanding the equivalent of about $20 million or they will sell that data to other crooks or release it publicly.
Congratulations to two teams from Toronto’s William Lyon Mackenzie Collegiate. They finished first and second in the annual CyberTitan national cybersecurity competition this week for Canadian high schools and middle schools. Third place went to a team from Toronto’s Earl Haig Secondary School.
Cybersecurity experts regularly warn IT leaders of the importance of patching applications as possible once security updates are released. That’s because threat actors move fast once they learn of a vulnerability. How fast? According to a report this week from Palo Alto Networks, it could be minutes. A research team looked at the activities of hackers during the first three months of the year and found hackers scanned for vulnerable applications open to the internet in as little as 15 minutes after a patch was announced. When Microsoft announced vulnerabilities in the on-premise version of Exchange Server in March, hackers were scanning within five minutes. IT departments have to do three things: Know all the software and hardware assets they have, only expose those necessary to the internet, and patch fast when a vendor releases a security update.
Crooks use all sorts of tricks to sucker individuals and employees. A report by a security company called Armorblox this week is a reminder that clicking on an infected attachment isn’t the only action an attacker may want. Some are sending out emails for apparent invoices of products to get victims to call a support phone number. People might call because the product was never ordered, or, if they work in a finance department, don’t know about a product ordered by someone else. Presumably the crook at the other end of the call would try to get the victims’ credit card number or other sensitive information. Some of the fake emails appear to come from Amazon. If you’re sure you didn’t order a product ignore this kind of email. If you feel you have to call the support number, don’t give away any personal information. Just tell the person to cancel the order.
Finally, more poorly-secured Android apps have been found. Researchers at Check Point Software found 13 Android apps with misconfigured user databases. These could give a hacker access to people’s passwords, email addresses, private chats and location depending on the app. Some of them are in the Google Play store. Some but not all of the apps developers tightened their configurations when warned. One way to protect yourself is to use an antivirus app on your mobile device. Another is to make sure you only download apps made by reputable developers you’ve researched. Or limit the number of apps you have to a trusted few.
That’s it for now. Remember as always on Fridays later in the afternoon the Week In Review edition will be available. Today’s edition will feature more on ransomware.
Links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other cybersecurity stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.