A new gang adds data extortion to ransomware, a data theft for hire group found and watch for deepfake phone messages.
Welcome to Cyber Security Today. It’s Wednesday August 26th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
When one criminal cyber gang scores with a new tactic, others take notice and quickly follow. This is what’s happening with ransomware. Last December a group calling itself Maze began what can be called a double extortion: Not only does it encrypt data of a victim organization and demand money for the decryption key, it also steals data and threatens to release it and embarrass the company unless it pays up. Other gangs saw the advantages of increasing the pressure on victims and started running ransomware plus data theft operations. According to the ZDNet news service, another added the tactic last week. That makes 13 known ransomware groups using double extortion. At least five other cyber groups run ransomware attacks but haven’t yet added data theft to their tactics. Will that change? It’s hard for IT departments to prevent all cyber attacks from getting through. But experts say they must have strategies to prevent the spread of a successful attack especially because of this double threat. That includes watching internal computer network for suspicious traffic, segmenting the network to slow the spread of an attack, limiting the number of people who have administrative access to everything, and making sure all employees can only log into things with multi-factor authentication.
Among the latest Canadian corporate victims of ransomware are Brookfield Residential, a real estate developer, and delivery service Canpar Express.
A suspected hacker-for-hire group has been discovered by cybersecurity firm Kaspersky. Given the rather dramatic code name DeathStalker, so far it has been seen stealing information from companies on request of customers. That’s the conclusion because it hasn’t been selling stolen information on criminal websites. This group may have been quietly operating since at least 2018. Targets have included law and financial services firms. Evidence of attacks have been seen in the United Kingdom, China, Switzerland, Turkey, Israel and other countries. But that doesn’t mean the group’s sights haven’t or won’t turn to the U.S and Canada. The report says attacks start with targeted phishing emails with an infected attachment. There’s no specific or regular message this group uses, although it has been caught sending COVID-19 themed scams.
Organizations are worrying more about so-called deepfake video and audio recordings. These are messages that alter recordings of people giving public speeches for fraud. A typical scam involves a fake phone message from what seems to be an executive asking an employee to do something. It could be to change a bank account where money usually goes to, or to send money to a new supplier’s account or to change a password. According to a recent survey by a cybersecurity firm called Tessian, 74 per cent of IT leaders questioned think deepfakes are a threat to their firms. Sixty-one per cent of respondents said they are already educating their employees on the threat of deepfakes. It’s not an imaginary threat. A news report last year said cybercriminals impersonated a chief executive’s voice to defraud a British energy company of $243,000. A phone message may be suspicious if you’re asked to do something out of the ordinary. If you think something is odd, don’t be afraid to verify the request directly.
Finally, some security fixes were released this week. IT departments using Adobe’s Apache web servers should install the latest update. There are also new updates for the Chrome and Firefox browsers.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon