Warning of rise of crypto-mining, American university student admits changing his grades guilty and Russia blamed for infrastructure attacks.
We’re bringing you the latest cyber security news Welcome to Cyber Security Today. It’s Wednesday April 18th. I’m Howard Solomon.
 |
 |
 |
Criminals are increasingly using your computer or smart phone to mine for crypto-currencies. That’s the conclusion of a report this week from security vendor Comodo after looking at customer data. During the first three months of this year, crypto-miners surged to the top of detected malware incidents. For a time, they have displaced ransomware as the number one threat. Through malware, crypto-mining software gets secretly installed on your device, then uses the processor power in the background to crunch calculations that earn hackers digital currency. One way you’ll notice you’ve been infected is if your device slows down. There are variations of crypto-mining malware that don’t install files. Instead they run in memory.
The report also warns that password stealing malware is getting more sophisticated and cunning.
Our recommendation: Make sure your devices have good anti-malware protection.
Speaking of stealing passwords, a University of Iowa student has pleaded guilty to hacking into university systems and changing grades for him and five other students. The Daily Iowan newspaper reports professors’ usernames and passwords were stolen through a key logger to accomplish the switch.
The incident cost the university about $68,000 in breach discovery and fixing costs. The student will be sentenced in August.
In a joint technical alert the FBI, the U.S. Department of Homeland Security and Britain’s National Cyber Security Centre have issued an alert accusing Russia of supporting groups that exploit network infrastructure devices such as routers and switches. The goal is espionage and intellectual property theft. Rather than install malware, the attackers take advantage of holes in the network equipment, including the fact that some are old and aren’t getting security patches any more.
Network devices are ideal targets. Taking over an organization’s gateway router gives the opportunity to monitor, modify, and deny traffic to and from the organization. Taking over an internal router does the same.
What companies and government departments have to do is follow basic cyber security practices: That includes changing default passwords on devices, and replacing them with strong passwords. It also means not allowing Internet access to the management interface of any network device. Manufacturers have to make network products that only support encrypted communications. And Internet service providers should replace old equipment as soon as possible.
Finally, this week Microsoft announced a hardware and software solution to the pesky problem of insecure Internet-connected devices like home surveillance cameras and the like. I have a detailed story on ITWorldCanada.com.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.