MOVEit victim numbers climb higher, news on spyware, and more.
Welcome to Cyber Security Today. It’s Friday, July 21st, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
The number of victims of the hack of Progress Software’s MOVEit file transfer software continues to soar. By the estimation of researchers at Emsisoft, over 380 organizations have been listed by the Clop gang or have publicly admitted they were involved. They include Britain’s Office of Communications, the country’s communications regulator. By Emsisoft’s count, 70 schools in the U.S. are on the list.
Meanwhile there is some evidence many MOVEit customers are taking the threat of the vulnerabilities in the applications seriously since news emerged at the end of May. Researchers at Bitsight say internet scans suggest 77 per cent of the organizations it initially found with vulnerable MOVEit installations have been patched or are no longer open to the internet. That could mean, however, 23 per cent are still vulnerable.
On Wednesday’s podcast I reported that JumpCloud, a U.S.-based identity and access management solution, had been hacked by an unnamed country. Since then security researchers at SentinelOne and Mandiant narrowed the attacker down to an unnamed North Korean-based threat actor, while Crowdstrike blames North Korea’s Lazarus Group. JumpCloud now says fewer than five of its corporate customers were hacked, and fewer than 10 employee devices were compromised.
Researchers at Lookout this week published a background blog on a Chinese-based threat group that has been implanting spyware into Android apps it creates. The group is dubbed APT41 by researchers. Their spyware may be found in what is marketed as an Android system app, an adult video content app, a food delivery app, what claims to be keyboards or messaging apps. Note that Google says no apps with this malware are in the Android Play store. So they are likely being sent to victims through email and social media posts. These are untrustworthy ways of getting applications.
Speaking of spyware, check out an investigation by Tech Crunch into sales of the TruthSpy stalkerware and how its developers were able to evade detection by creating fake identities in the U.S. for cashing out purchases. There’s a link in the text version of this podcast.
That’s it for now. But later today the Week in Review edition will be out. Guest commentator David Shipley Beauceron Security and I will discuss a big vulnerability in Microsoft’s cloud, why developers leave secrets in Docker containers, Google’s plan to restrict internet access to some employees, and, of course, ransomware.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.