New ransomware data, a salary transfer scam that victimizes employees and more.
Welcome to Cyber Security Today. It’s Friday, July 23rd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Ransomware attacks keep increasing. According to the NCC Group, ransomware gangs claimed 436 corporate and government victims around the world in May. That compares to 352 in April. The spike was in-part driven by the emergence of 8base, a new ransomware player that has a double extortion strategy. This operator has published the data it says was stolen from 67 victims so far. Other new ransomware groups recently detected are Aikra, BlackSuit, MalasLocker and RAGroup.
More ransomware data this week came from researchers at Trellix, who looked at cybercrime trends for the first quarter of this year. The most common group of victims listed on ransomware gang data leak sites were mid-sized American firms with up to 200 employees. By the way, almost half of American companies hit by ransomware apparently paid the crooks to get access to their data back.
The researchers also found that many critical vulnerabilities used by attackers are made up of bypasses to patches for older security updates, supply chain bugs using outdated software libraries or long-patched vulnerabilities that were never properly installed on corporate networks.
Corporate HR and finance departments are being warned to watch for an old phishing scam. According to researchers at Avanan, crooks still hack the email of an individual, figure out where they work and then use the compromised email to ask the employer to change the bank where the staffer’s direct deposit salaries go. The funds go into an account controlled by the hacker. Only when the employee realizes the organization hasn’t deposited their salary do they discover the scam. So first, make sure your personal or company email can’t be hacked by using strong passwords plus multifactor authentication for added protection. Organizations should tighten their policies around requested changes to employee payments, such as extra verification in person or a listed phone number that’s not in a suspicious email.
One of the ways crooks get away with their cyber attacks is by disguising their malware so it can’t be detected. This is called crypting. According to cybersecurity reporter Brian Krebs, crypting services are something police ought to look into. He has a great article this week on one service, called Cryptor(dot)biz and who might be behind it. There’s a link to it here.
Finally, Apple released security updates for iPhones and iPads. Your devices should be on version 16.5.1. If your device can’t be updated because of its age think about replacing it.
That’s it for now. But later today the Week in Review podcast will be out. Guest commentator David Shipley of Beauceron Security will be here to talk about some of the recent news, including a warning from UPS Canada on a text scam.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.