A new ransomware strain discovered, a scam hijacks YouTube accounts and watch those open-source code libraries.
Welcome to Cyber Security Today. It’s Friday October 22nd. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
 |
 |
 |
Evil Corp., believed to be the gang behind ransomware strains called WastedLocker, Hades, Phenoix Locker and PayLoadBin, has created another brand. Called Macaw Locker, it is thought to be the ransomware strain that hit optical equipment maker Olympus and the U.S. Sinclair chain of TV stations this month. The discovery of Macaw Locker by security firm Emsisoft was reported by the Bleeping Computer news site. It says victims of the new strain have faced ransoms for up to $40 million. There is speculation that by adopting a bunch of different names Evil Corp. is trying to avoid U.S. sanctions forbidding American companies from negotiating with certain named groups
Creators of YouTube videos have a lot of fun, especially if their flicks pull in lots of followers, and, if they’re lucky, money. This is why their sites are targets for hackers. In a column this week Google – which owns YouTube – outlined how crooks are tricking thousands of YouTube creators into giving up control of their sites. The crooks, in turn, sell that control to others who use the sites to spread malware including cryptomining apps. Here’s how it’s done: The hacker sends emails with fake collaboration opportunities, like a link to a demo for anti-virus software, a virtual private network app, a music player or photo editing app. The pitch is something like, ‘Try our product, promote it and you’ll get more viewers and we’ll buy an ad.’ Some pitches are for COVID-19 news. When a victim downloads the software, it steals their YouTube login username, password and pieces of code called cookies from their browser. This kind of attack gets around a victim’s use of multifactor authentication for security. The scam works partly because many YouTube creators are looking for lots of viewers. In some cases the pitch looks genuine because the crook has created a copy of a legitimate company’s web page. Google has been trying since May to detect and remove these phony pitches. In addition, it has restored more than 4,000 YouTube accounts to their rightful owners. For their part YouTube content creators have to be smarter. If your browser or antivirus warns of suspicious activity, take it seriously. Never turn off antivirus even if an application says that has to be done to download software. After downloading any file or app and before installation scan it with your antivirus software. That’s what’s there for. And protect a YouTube account with multifactor authentication. Note that starting November 1 monetizing YouTube creators must turn on two-step verification on their accounts.
Hackers are increasingly trying to sneak malware into widely sold or distributed applications used by companies rather than directly infect organizations. The latest example was discovered by a security firm called Sonatype. In a blog this week Sonatype described how it found three malicious software libraries in the open-source NPM code registry. It’s a public collection of packages of code needed by JavaScript developers. Anyone with an account can contribute code packages. The three libraries disguised themselves as legitimate code, but in fact they launch cryptomining functions on victims’ Windows, macOS and Linux computers. They were quickly taken down after NPM was notified. But the incident is an example of why developers relying on outside code have to regularly scan for malicious code.
Canadians are getting phony recorded calls claiming to be from the Canada Border Agency. The recorded message says the agency has seized a package in your name. You’ll be asked to press a number so a support person can speak to you. What this scam is after is personal information, like your name and credit card number. If you get a recorded call like this, hang up.
Finally, later this afternoon the Week in Review podcast will be available. Today’s discussion will focus on how small businesses can lower their risk of being victimized by a cyber attack.
As always to details about podcast stories are in the text version at ITWorldCanada.com. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
