Malware hiding as a cryptominer may have infected 1 million PCs since 2017.
Welcome to Cyber Security Today. It’s Friday, October 27th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Data-stealing malware miscategorized by security researchers as a cryptocurrency miner has been infecting computers since at least 2017. That’s the conclusion of researchers at Kaspersky. The amount of effort that went into creating the malware’s framework is truly remarkable, they say, and its disclosure is quite astonishing. The crypto mining module allows the other capabilities of this malware to evade detection. It isn’t known who is behind this malware, which Kaspersky calls StripedFly. But security pros should note it steals login credentials it can find every two hours, captures names and phone numbers, takes screenshots and turns on computer microphones. One piece of good news: This malware leverages the Windows EternalBlue exploit, a patch for which was released in 2017. Users and companies that patched that hole in 2017 are likely safe — if they did it before being infected. But Kaspersky believes over 1 million machines have been infected.
Healthcare IT administrators with the Mirth Connect open-source data integration platform are urged to update the application as soon as possible. Researchers at Horizon3 discovered that a recent patch to close a vulnerability doesn’t completely close the hole. You should be running version 4.4.1.
The Toronto edition of the Pwn2Own hacking contest has been running this week. Teams have to try to find and exploit devices like printers, routers and smartphones. At the end of Thursday just under $1 million in prizes had been awarded to teams. The contest ends today.
An English-speaking criminal gang has added ransomware to its arsenal, according to Microsoft. The group, known by researchers by a number of names including Octo Tempest, Scattered Spider and UNC3944, has become an affiliate of the AlphV/BlackCat ransomware gang. Lately, the report warns, Octo Tempest has been targeting organizations running VMware. Initial infection tactics include sending SMS phishing messages to employees and convincing wireless carriers to swap the smartphone SIM cards of targeted employees.
The United Kingdom’s Online Safety Act, which will make it a crime for social media platforms to carry content such as messages that promote terrorism, suicide, self-harm or eating orders, is closer to being implemented. This week the law received royal assent. Now the regulator, the Office of Telecommunications, has to create regulations that social media platforms will have to follow. Exactly how they will scan posts isn’t clear. But the law doesn’t cover misinformation or disinformation. Passage of this law follows the European Union’s Digital Services Act. Both the UK and the EU laws are being watched carefully by the Canadian government, which a while ago promised similar legislation.
Finally, people are still falling for phishing scams that leverage the names of well-known organizations. According to a report this week from Netscope, one of the biggest recent email campaigns pretends to be from Amazon. The message claimed the person’s Amazon account had been suspended for incorrect billing information. To fix the problem the alleged victim had to click on a link to allegedly update their payment. That link went to a fake website where the victim’s credit or debit card information would be stolen. If you get a message like that from any firm or government department and are concerned, don’t click on the link. Go to the organization’s main page yourself and log in to check your account.
That’s it for now. But later today the week in review will be available. Guest commentator David Shipley and I will discuss a hack at Okta, the risks of a shared IT services model and more.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.