Administrators urged to update PowerShell, ransomware reports to read and a hacker gets seven years in prison.
Welcome to Cyber Security Today. It’s Wednesday October 20th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Attention system administrators: You need to update PowerShell as soon as possible to the latest version to make sure it can’t be used to get around a Windows Defender vulnerability. PowerShell is a task automation tool that runs operating system commands. As a result it’s a favourite target for hackers. Anyone who gets access to PowerShell can run anything. Unfortunately PowerShell isn’t patched automatically through Microsoft Update so it has to be done manually.
Threat analysts may be interested in a report from Kaspersky on the innards of the Trickbot malware. It started off as a trojan aimed at stealing bank login usernames and passwords of victims. Lately its modules are being used by hackers to penetrate the IT networks of organizations to spread malware, and steal any passwords it can find in a Microsoft Active Directory. That’s where the passwords of all corporate users are managed. There’s a link to the full report in the text version of this podcast at ITWorldCanada.com.
The BlackMatter ransomware group emerged in July to launch attacks on a number of high-profile organizations. This week, as part of their regular background alerts on threat groups, U.S. cyber agencies released a report on the workings of this strain of ransomware. It includes detection signatures for IT teams, as well as general ransomware advice for reducing the risk of being victimized by ransomware – or any malware. There’s a link to this report in the text version of this podcast.
In addition, Trustwave released an in-depth analysis of the BlackByte ransomware strain. Trustwave also released a decryptor to help those hit by this strain reverse the encryption strangling their files.
Speaking of ransomware, an Israeli hospital had to cancel non-emergency procedures last week following a ransomware attack. The Hillel Yaffe Medical Center said over the weekend it is gradually able to use what it calls alternative technological systems for hospital work. Separately, Israel’s Health Ministry urged all hospitals in the country to print out patients’ medical files in case of a cyberattack.
And the American Sinclair Broadcasting Group, which has 185 TV stations as well as 21 sports networks, is recovering from a ransomware attack that hit it last week.
More on ransomware: A cybersecurity company called ThycoticCentrify released a state of ransomware report. Of the 300 U.S.-based IT decision-makers surveyed, 64 per cent said their organization had been victims of ransomware in the last 12 months. The report includes advice on fighting ransomware.
Computer maker Acer is having trouble with cyber attacks. The Bleeping Computer news site reports Acer has been hacked twice in the past seven days by the same threat actor. Acer said one attack hit its customer support systems in India, while the latest attack hit a system in Taiwan. Earlier this year Acer was victimized by ransomware.
Finally, a U.S. man was sentenced to seven years in prison for hacking into and stealing the personal information of 65,000 employees of the University of Pittsburgh Medical Centre eight years ago. He sold the stolen information on dark web forums to crooks, who filed hundreds of false tax returns. The money they got was converted into Amazon.com gift cards, which were then used to purchase Amazon merchandise which was shipped to Venezuela.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.