PowerPoint delivers malware, the overwhelming majority of people fear that they personally will be victims of cyber attacks and some great visual tools to understand the impact of ransomware. Welcome to Cyber Security Today. I’m Jim Love, CIO of IT World Canada sitting in for Howard Solomon.
Hackers using PowerPoint files to deliver malware
We’ve all heard the phrase “death by Power Point” – but what about “cyber attack by Power Point?”
Bleeping Computer has reported that hackers thought to be working for Russia have started using Power Point as a means of distributing malware. This new technique does not require execution of macros to download and deliver the attack. Instead it uses the movement of the mouse in Microsoft PowerPoint presentations to trigger a malicious PowerShell script.
In the sample provided, opening the document in presentation mode is no protection, as the victim hovers the mouse over a hyperlink, a malicious PowerShell script is activated to download a JPEG file from a Microsoft OneDrive account.
The JPEG is actually an encrypted DLL file. The DLL is downloaded both to the data storage and a registry key is created to ensure persistence.
The resulting payload, referred to as Graphite is used to download malware which “allows remote command execution by allocating a new region of memory and executing the received shellcode by calling a new dedicated thread.”
The majority of individuals feel they will be victim of a cyber attack
As we approach into Cyber Security Awareness month, one of Canada’s largest banks has conducted a study of Canadians and their attitudes toward’s Cyber Security. The poll identified that the vast majority are concerned:
Four in five are concerned with unauthorized access to their online accounts or personal information (79 per cent)
Identity theft (77 per cent)
Seven in 10 are concerned about having their email or social media accounts hacked (74 per cent)
Being the victim of online fraud or scam (73 per cent)
Those 35 and older are much more likely to have taken some kind of action – updating antivirus software i (45 per cent of those 35 and older and 67 per cent over 55) or changing their passwords periodically (about 50%)
Younger people in the 18-34 age group are significantly more likely than their older counterparts to say they are knowledgeable about most threats to their safety and security of their personal information. However, they are not more likely to take protective measures:
Only 34 per cent of people in the 18-34 age group have updated antivirus software installed on their devices and only 35 per cent change their passwords periodically.
Link to the bank’s site with some good advice will be in the text version of the podcast.
Getting the “big picture” – an interactive map of ransomware attacks
We get used to reading statistics about growth in ransomware but as has been said, many times, a picture is worth a thousand words. Comparitech, which describes itself as a “pro-consumer” research company has created a world-wide map of ransomware attacks. They state that it is “updated daily” and pinpoints the location of attacks from 2018 to the current day. They get this data from searching “through country reports, industry news, and cybersecurity databases to find the latest ransomware attacks on worldwide businesses, healthcare organizations, educational institutions, and government agencies.”
The map is interactive allowing the user to pull back and take in the big picture or drill down to specific areas and right down to individual attacks. Each attack has additional information including the industry, the number of records, the ‘strain’, the date and even whether, to the best of their research, the ransom was actually paid.
The map uses colour coding to look at industries. It allows the user to filter by year and whether the ransom was paid.
Their site has a number of other graphical displays of data. One of these shows the number of attacks by Ransomware Strain. We have a link to that site on the text version of this podcast.
That’s Cyber Security Today for Wednesday Sept 28. Get Cyber Security Today where ever you get your podcasts – Apple, Google or other sources. You can also have it delivered to you via your Google or Alexa smart speaker.
Links from today’s podcast will be posted in an article on itworldcanada.com on our podcast page on the menu or go to itworldcanada.com/podcasts
I’m Jim Love, CIO of ITWC, publishers of ITWorldCanadal.com, TechNewsDay.com in the US and creators of the ITWC podcasting network. You can catch me on the weekend with a regular interview on our Hashtag Trending podcast. I also host two regular series – Deeper Dive where we do an in depth, no hype look at things like the metaverse and other topics of interest, or my Leadership podcast with up close and personal interviews with Technology leaders. You can find all of these at itworldcanada.com/podcasts and anywhere you get your podcasts. Howard will be back on Friday, great being with you this week.