Avaddon ransomware group apparently gives up, a retailer’s shortcut backfires and a warning to Samsung device owners.
Welcome to Cyber Security Today. It’s Monday, June 14. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
This podcast is brought to you by Terranova Security, helping you discover how to build an effective security awareness training program and train the world’s cyber heroes from a lineup of cybersecurity experts. Register now for the 2021 Security Awareness Virtual Summit by clicking here.
The Avaddon ransomware gang is apparently walking away from the scheme behind all the money they’ve pulled in. The news site Bleeping Computer says it was sent a file last week with a bunch of decryption keys for unscrambling data messed up by the Avaddon ransomware. That’s one sign. Those keys have been verified as authentic. The security firm Emsisoft quickly released those decryption keys online so any organization hit by this strain of ransomware can recover its data. Who else but that gang would have sent those keys? Another sign is the gang’s sites on the dark web Tor network are no longer accessible. A third sign is that last week Avaddon was reportedly squeezing victims for money and settling quickly.
One Canadian victim listed on Avaddon’s site is an Ontario council of construction-related unions.
It’s not uncommon for ransomware gangs to shut. There’s speculation those behind Avaddon are worried law enforcement authorities, particularly in the United States, are getting more aggressive in going after ransomware gangs. After some of its infrastructure was seized, the Darkside group said it was closing. However, crooks with cyber skills know they’re valuable. With ransomware so lucrative the developers of Avaddon and Darkside may create new and what they hope are more secure versions of their scheme. Or they just may work for other groups.
Another one of those oopsy moments has tripped up an online store. According to a website called VPNMentor, this time it’s a huge baby clothing retailer called Carter’s. Anyone who bought goods from the online store has to receive and then click on a link to confirm the order. But that link was long string of numbers and letters, so Carter’s used a link shortening service from a third party to send customers a short link to click on. However, proper cybersecurity wasn’t followed by those involved in the process, including not adding authentication to verify that only the person who made the purchase could visit the confirmation page, which had person and financial information of buyers. Knowledgeable hackers could found the links, got into confirmation pages and copied buyers names, physical and email addresses, phone numbers and items ordered.
The lesson is adding a simple thing to a business process can have security implications if they aren’t carefully thought through by a critical development team.
Finally, Android smartphone and tablet manufactures often add their own tweaks and utilities to the operating system. But these bundled apps may have vulnerabilities if they’re not written right. A security firm called Oversecured says that’s what’s happened with a bunch of apps that come with Samsung devices. They can allow an attacker to access and edit a victim’s contacts, calls, text messages as well as install malware. Samsung has been made aware of these issues and issued patches in April and May. So if you’re a Samsung device owner, make sure your phone or tablet has the latest updates.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.