A huge cache of stolen passwords revealed by a security researcher, unique Android malware uses motion sensor and Linux attack goes after
Welcome to Cyber Security Today. It’s Monday January 21st. To hear the podcast, click on the arrow below:
Massive and unprecedented are some of the words being used to describe the huge cache of stolen usernames and passwords revealed last week by a security researcher. How big? The collection totals over 21 million unique passwords and over 772 million unique email addresses. That’s a lot of resources hackers can use to try and break into companies and governments with automated login attacks. However, this collection of data from breaches doesn’t seem to be from recent attacks. The most recent files appear to date back to 2015. So if you’ve changed your major passwords since then, it’s less of a worry. Still, as Tim Erlin of Tripwire notes, consumers should be aware that just because a breach occurred months or years back, that doesn’t mean the data won’t resurface today and in the future.
So what should you do? First, don’t use a password on more than one site. Got a lot of passwords? Use a password manager. You can find them by searching for “password manager.” Second, change major passwords — like your bank, company login, email — once a year. And I hate to be repetitive, but where possible use two-factor authentication, which means not only do you enter a username and password but also a numeric code sent to you in a protected way that you also have to enter. So if someone has your password, it’s useless unless they have the code.
More Android malware is floating around. Trend Micro reports that apps called Currency Converter and BatterySaverMobi that had been in the Google Play store were fronts for malware aimed at stealing bank login credentials. Interestingly, after installing the app this particular strain of malware uses the smartphone’s motion sensor to decide when infection will start. If the phone isn’t moving, the malware won’t run. Only at a certain point will the malware prompt the victim to download an update, which is the real infection. Trend Micro advises smartphone users to carefully read reviews on any app before you download it. Phony-sounding or poorly written reviews can be a tip-off. Be suspicious of any app that asks for banking credentials. If you do use mobile banking, be sure you are legitimately linked to your bank.
Finally, those who run Linux servers should be aware of a new strain coin mining malware that might install on your machines. According to Palo Alto Networks, the malware removes five different cloud security protection and monitoring applications from compromised Linux servers. Then the cryptomining malware is downloaded and installed. The attackers start by leveraging vulnerabilities in Apache Struts 2, Oracle WebLogic and Adobe ColdFusion. After getting inside a server they try to get full administrative control over it, uninstall security products and then install the malware. This technique has first been seen against servers running protection from Chinese cloud service providers, but there’s no reason to believe the tactics will be used against others. One defence is to make sure it isn’t easy to take over administrative IT accounts by protecting passwords.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon