Hackers are using YouTube to flog pirated software, and more.
Welcome to Cyber Security Today. It’s Friday, May 26th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Hackers are using YouTube to publicize pirated software. According to researchers at Fortinet, videos advertising cracked software are uploaded by verified YouTube channels with a large number of subscribers. Victims who think they’re saving money are instead downloading apps that install malware to steal passwords and cryptocurrency. Infosec leaders need to remind employees to beware of anything advertised for free that usually carries a price tag. Don’t let ‘free’ be another word for ‘sucker.’
Separately, Fortinet released a report on cyber attacks on operational technology networks. These run things like pipelines and factories. Three-quarters of the 507 OT professionals surveyed said their firm had at least one intrusion in the last year. Nearly one-third of respondents said their firm was hit by ransomware.
Barracuda Networks released a survey on spear phishing trends. These are targeted emails aimed at an identifiable employee or company. Half of the organizations surveyed said they were victims of spear-phishing last year. Twenty-two per cent said their organization had at least one email account compromised. Barracuda estimates spear-phishing messages are responsible for 66 per cent of data breaches.
Apria Healthcare, an American firm that sells home medical equipment, is notifying over 1.8 million people their personal information may have been stolen. The security breaches took place in the spring of 2019 and the fall of 2021. The letter to customers says Apira believes the purpose of the hack was to fraudulently get money from the company and not to steal data. However an investigation was unable to confirm personal information was not accessed.
The Week in Review news roundup for March 31st mentioned that NCB Management Services, an account receivables firm, was notifying over a half million American residents of a data breach. That number has now been updated to over 1 million people.
A warning to infosec professionals: The Legion hacking tool for stealing usernames and passwords from misconfigured servers has been updated. According to researchers at Cado Labs, a new function extracts username and password pairs and then tries to log into a server through a secure shell, or SSH, protocol. It seems this tool is going after cloud services like AWS. The best way web servers can be protected is by making sure they’re not misconfigured.
That’s it for now. But later today the Week in Review edition will be available. Guest commentator Terry Cutler of Montreal’s Cyology Labs will join me to discuss the data breach of a U.S. company that was aided by employees sharing credentials to an email account, why companies hold data for so long and more.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.