Ransomware news roundup, Black Friday warning and European COVID app cracked.
Welcome to Cyber Security Today. It’s Monday November 1st. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Twelve people in Ukraine and Switzerland have been detained for their alleged roles in attacking 1,800 companies around the world. Police in eight countries, including the FBI, were involved in the investigation. According to the news site The Record, the 12 people detailed had done work for the LockerGoga, MegaCortex and Dharma ransomware-as-a-service platforms. The Europol police co-operative said the 12 played different roles including the penetration of victim organizations, moving laterally within compromised networks and deploying malware.
More on ransomware: The Toronto Transit Commission continues recovering from a ransomware attack that forced it to use a backup radio system to communicate with drivers. In the U.S., Schreiber Foods has returned to full operation after a ransomware attack forced it to temporarily close. Researchers at ESET are warning firms that the Hive ransomware strain can now encrypt Linux and FreeBSD servers.
Meanwhile people who play the Minecraft video game are being cautioned about clicking on and downloading files from so-called alternative or ‘alt’ lists on Minecraft forums. Players go into alt lists to get stolen accounts so they can legitimately attack other gamers. But there’s evidence that ransomware is being spread through Minecraft forums in Japan to infect individuals. Hackers may get the idea to spread ransomware that way in other countries.
The official three-day blitz of online bargains that starts with Black Friday and continues with Cyber Monday is still weeks away. But security company Fortinet is already warning consumers to be on the lookout for scams. Be especially vigilant for goods touted on Amazon with prices that are too good to be true and for products that are supposedly unavailable, like PlayStation and Xbox gaming consoles. Also don’t be tricked by downloading a supposed free Amazon gift card generator. This is really malware aimed at stealing the victim’s money.
Crooks are still taking advantage of people’s reluctance to be vaccinated against COVID-19. According to researchers at Kaspersky, scammers are selling forged Green Pass digital certificates for smartphones that will verify the user has been vaccinated in Europe. It’s not clear how these fake digital certificates can fool the Green Pass system because the certificates need to be digitally signed to be valid. But it’s more evidence that developers creating vaccination verification apps have to use the best security practices in creating their applications.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.