The latest ransomware news, an accidental take-down of a botnet and more.
Welcome to Cyber Security Today. It’s Friday, December 2nd, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
The Cuba ransomware gang added 50 victims around the world in the first eight months of the year. That’s according to the U.S. Cybersecurity and Infrastructure Security Agency. It brings the total number of victims of this group to over 100. The agency figures that so far the gang’s operators have received over US$60 million in ransom payments. The numbers are in an updated report on the gang’s tactics and indicators of compromise. There’s a link to the report in the text version of this podcast.
Affiliates of the LockBit ransomware gang are increasingly using common and legitimate testing tools to compromise victim organizations. That’s the conclusion of researchers at Sophos. Affiliates do the initial compromise of victims before the ransomware is deployed. They have been seen using a hacking tool available on GitHub called Backstab, an anti-hooking utility GMER, the network probe Netscan and a tool called AV Remover. Defenders should note that evidence of these tools could be a sign their networks are under attack.
Researchers at Akamai admit they accidentally took down a crypto mining botnet last month. They were testing the botnet’s functionality and sent it an improperly formatted command. The bot doesn’t have error checking built in to verify that commands are properly formatted. So it crashed all the code running on infected machines. It isn’t known if the threat actor behind this bot can rebuild the system.
Developers using the Quarkus Java framework are urged to install the latest version of the application. Red Hat, which makes its own build of Quarkus, revealed the problem on November 21st. A fuller description was published this week by a researcher at Contrast Security. Briefly, a problem in a config editor is vulnerable to drive-by localhost attacks that could lead to remote-code execution on the developer’s computer.
Attention IT administrators and home users with video cards from Nvidia in their computers. The company has released a software security update for Nvidia’s GPU Display Driver. It solves vulnerabilities that could lead to systems being hacked.
Online games will be desired gifts for the holidays. However, they’re not just fun. Canada’s privacy commissioner issued a warning this week that because of the personal data they collect online games can also be risky. It offers these tips: Read and understand the games’ privacy policy. Make sure you understand when registering and creating a profile what personal data is needed and how it will be used. Remember, you may not have to enter your real name and date of birth when registering. Don’t list your home address or work-related details. Check the privacy settings. Safeguard your data by creating a strong password that hasn’t been used on any other website. Enable multifactor authentication to protect the password. And think before clicking on links within in-game chats. They may be phishing attempts. There’s a link to the full advice in the text version of this podcast.
There’s also a link here to Trustwave’s latest advice on safe online holiday shopping.
Later today the Week in Review edition will be available. In this episode David Shipley of Beauceron Security and I will talk about ethical hacking, the value of fines for data privacy offences and puzzling responses to a vendor survey.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.