Cyber Security Today, Jan. 17, 2022 – New backdoor found attacking servers, another ransomware campaign against QNAP storage devices, and more

New backdoor found attacking Windows, Linux and Mac systems, another ransomware campaign against QNAP storage devices, and more

Welcome to Cyber Security Today. It’s Monday, January 17th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

IT administrators are being warned a new backdoor has been discovered allowing a hacker to enter a system. The really bad news is that that can be installed on Windows, Linux and Mac servers. The alert comes from researchers at Intezer. Called Sysjoker, it isn’t clear how the backdoor gets loaded onto victims’ systems. One possibly is its an infected TypeScript file downloaded from an open-source library. A news report quotes another researcher saying the malware could have been hiding in a video transport stream. Whatever the source, IT administrators should use memory scanners to see if Sysjoker is hiding in memory, and leverage an endpoint detection or a security information and event management solution to search for indicators of compromise. In addition, all staff have to be reminded to only download files from trustworthy sources.

Another warning is going out to IT administrators with QNAP data storage systems. The hackers behind the Qlocker ransomware are again going after internet-connected QNAP network-attached storage devices, according to the Bleeping Computer news site. The new ransomware campaign started January 6th. Administrators are reminded that storage devices don’t have to be open to the internet.

Some people believe blockchain is the best thing since sliced bread. However, tight security has to be enforced for anything tied to a blockchain. Investors hoping to build an Ethereum blockchain-supported municipality called CityDAO in Wyoming found that out the hard way. According to Vice.com, investors lost over $100,000 in cryptocurrency after they were tricked into going to a phony website to buy land for the so-called digital city. They went there because a hacker took over the account of CityDAO on the Discord gaming chat platform, where messages about the digital city were posted. The crook made a fake screenshot suggesting the administrator of that Discord site was scamming people. Trying to show his innocence, the admin let the scammer see his Discord console. That enabled the scammer to get control of the Discord account even though it was protected with two-factor authentication. Then the crook published links to a fake website supposedly selling land for the digital city, where some investors deposited money. That money is now gone.

Finally, the COVID-19 pandemic has not only played havoc with the work of IT security teams. It’s also forced the cancellation of today’s opening session of a special United Nations committee meeting on cybercrime in New York. It was to start 10-days of meetings towards drafting an international treaty to help fight online crime. The final draft is scheduled to be presented the UN General Assembly in 2024. No date has been set yet for the start of the New York session. A second session is scheduled at the end of May in Vienna.

That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Sponsored By:

Cyber Security Today Podcast