Beware of fake Windows 11 downloads, how an insurance giant was hacked, a ransomware gang attacked and more.
Welcome to Cyber Security Today. It’s Monday July 26th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
When major IT companies announce a new product cybercrooks are quick to pounce. This quickly happened after Microsoft released a preview version of the upcoming Windows 11, warns security firm Kaspersky. Crooks are spreading email messages with links to what is supposed to be a download for the preview. Instead, victims get infected with password and data-stealing malware. First, remember that the Windows 11 preview is restricted to those who participate in the Windows Insider program. To do that you have to register and download it from Microsoft. If you do Kaspersky also advises users not to run this test software on your main computer, because it’s test software.
An Estonian man pleaded guilty in an American court last week to two counts of computer fraud and computer abuse. He operated a botnet of 1,000 compromised computers and internet routers that were used to transmit spam created by crooks. He was arrested in Estonia in 2019 and extradited to the U.S. He’ll be sentenced in November.
Earlier this month I told you that insurance giant CNA Financial has begun sending notices to employees whose personal data may have been copied by hackers in a March ransomware attack. Well, in a letter the company filed with the New Hampshire consumer protection bureau it revealed some details about how the attack happened. IT leaders can learn some lessons. The attack started when an employee’s computer was compromised by a fake browser update. This update had been hidden on what was described as a legitimate website. Details are sketchy, but probably the employee saw a realistic message from Firefox or Microsoft or Google pop up on their screen saying their browser was out of date. All they had to to was click on the link to download the latest version. And whatever they downloaded let the attacker get into the employee’s computer. There were more steps to this attack, and I hope to discuss them on Friday during the Week in Review podcast with a guest commentator. But for now I want to make two points: First, employees need to be told updating software is the responsibility of the IT department. We don’t know, but this employee could have been working from home using their own computer, updating software was the employee’s responsibility. But the employee should have been taught that updates don’t come from warnings that suddenly pop up on the screen. The second lesson is to website administrators: You have to closely watch your sites for compromise. Hackers want to secretly infect legitimate websites so they can infect visitors.
Malware targeting Apple devices aren’t common, but they’re around. One piece of data-stealing malware dubbed XCSSET targets Mac computers, which are not only used by individuals but also by some organizations. A recent report by security company Trend Micro notes XCSSET has been updated. It’s important that users of Mac devices – or any internet-connected device – understand they should only download apps from official and legitimate software sites. Anywhere else and you risk being infected with malware.
Malware that targets both Windows and Linux machines also isn’t common. Microsoft has started a two-part series documenting one of them, which is dubbed “LemonDuck.” Its goal is to create a botnet and install secret cryptomining software. For security teams interested there’s a link to the report here.
Ransomware gangs don’t like the tables being turned on them. Someone recently demanded $5,000 from the Babuk gang. When it refused the gang’s forum for crooks was flooded over the weekend with gay orgy images. According to the news site The Record, the Babuk gang rebranded itself as Payload.Bin after a ransomware attack on the Washington, D.C. police department in April attracted too much attention from American cyber investigators. The gang has set up a new forum where crooks can do business, but this incident may cripple its efforts.
Finally, Apple last week released updates for iOS, watchOS, tvOS, iPadOS, and macOS. If you run an Apple device make sure it’s got the latest version of the operating system. One of the iPhone patches fixes a serious Wi-Fi vulnerability.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.