Ransomware gangs going after executives, US court management system attacked and more security updates available.
Welcome to Cyber Security Today. It’s Monday January 11th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
Cyber Security Today is brought to you by the new Cisco Security Outcomes Study, where we surveyed 4,800 cybersecurity and IT professionals.Visit https://cisco.com/go/SecurityOutcomes to read the results.Cisco Secure Insights Summit on January 21, 2021, at 10 a.m. Pacific Time.
Ransomware gangs have hit on an alarming new strategy: Targeting computers of executives. The ZDNet news service reports evidence that at least one gang is doing this in hopes of finding sensitive information they can use as extra leverage in a ransomware attack. As I reported before, increasingly ransomware gangs are pressuring victim firms by copying corporate data and threatening to release it unless the organization pays for data decryption keys. Apparently that doesn’t work all the time, so one gang has a new idea: Steal data that will likely be very sensitive from those high up in a victim firm — for example, plans for a merger or acquisition, or a new product. That would squeeze the firm even more.
As news of this gets out, expect other criminal gangs to adopt this strategy.
It’s clear that senior managers have to take their personal cybersecurity seriously. That means at the very least having multi-factor authentication on work and home devices for all applications to lower the odds a hacker can get into email and documents. They should also encrypt sensitive data on their computers and smartphones.
More on ransomware: The FBI notified firms last week that a relatively new ransomware group called Egregor has become a big threat. Egregor emerged last September to run a ransomware-as-a-service model. That means it’s a crime service for hire. It uses many tactics to get into networks, so IT departments can’t look for a single clue about an attack. The FBI advises organizations to take precautions for any ransomware — in fact for almost any cyber attack: That includes restricting remote access by employees or suppliers; using multifactor authentication for logins; patching software as fast as you can; regularly reminding employees to be careful clicking on attachments or links in emails; and making sure critical data is backed up offline.
More fallout from the SolarWinds Orion hack: The case management system used by the U.S. federal court system has been compromised, apparently through Orion. Last week the judiciary’s national policy-making body issued a statement saying vulnerabilities were recently found in the federal court electronic documents and case management system. This can be serious because some court documents in criminal cases and lawsuits are confidential. A source told security reporter Brian Krebs that the electronic system was “hit hard” by an attacker through Orion. Separately, as part of the Orion attack someone accessed the email accounts of a number of staffers at the U.S. Justice Department.
Attention IT administrators: Computers and servers running Linux are increasingly being targeted by threat actors. That’s the warning from AT&T’s Alien Labs cybersecurity service. In a report released last week researchers said a common technique used in Windows malware is now being seen in Linux attacks. That technique runs malware in memory, where it is harder to detect, instead of on a hard drive. Once in memory the malware can capture login usernames and passwords. The attackers also encrypt the malware to evade being detected by antivirus software. Make sure the defensive cybersecurity software your firm uses can detect this type of attack.
There are new security updates available now for a number of products that need to be installed. These include updates for the Chrome, Firefox and Edge browsers. Usually browsers update automatically, but it doesn’t hurt to check by going into the settings.
Graphics processor maker Nvidia has released security updates for its GPU Display Driver that fix a number of serious vulnerabilities in graphics cards.
And users of the Foxit PDF Reader should make sure they’re running the latest version.
Finally, tomorrow is Microsoft’s monthly Patch Tuesday, when it releases the latest security updates for Windows and other Microsoft products.
That’s it for today. Links to details about these stories can be found in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at cybersecurity professionals. Cyber Security Today can be heard Mondays, Wednesdays and twice on Fridays.
Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.