Good news and bad news about ransomware.
Welcome to Cyber Security Today. It’s Friday, June 30th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
There’s good news and bad news about ransomware. Researchers at backup provider Acronis looked at data from the first five months of the year and concluded the number of new ransomware samples is dropping. However, ransomware gangs are still breaching companies fairly easily. Ransomware gangs listed 809 victims on their data leak sites up until the end of May. The report also shows phishing malware and bad links included in email were up 464 per cent in the first five months of the year compared to the same period in 2022.
A new information-stealing malware has been discovered. Researchers at Fortinet call it ThirdEye. It harvests system information from compromised computers including details of their BIOS and hardware, files and folders and network information. Then it sends all that data to a command and control server where threat actors can decide what to do next. The report doesn’t say how ThirdEye is distributed, but most malware is tucked into email attachments that victims click on.
Many organizations use voice authentication applications to verify that calls from customers are authentic. They use a voiceprint recorded by each customer, which is compared to the voice of a caller. Fighting back, threat actors learned to create spoofing files that can evade voiceprint defences. But researchers at the University of Waterloo say many systems can be beaten. They created a method that can fool spoofing defences within six tries. Their research questions the security of modern voice authentication systems.
Separately, researchers at Trend Micro reported that crooks have been seen creating voice clones for what is called virtual kidnapping — claiming a family member has been kidnapped, using a voice clone for authenticity and demanding a ransom payment. They may get a victim’s voice from a YouTube or TikTok video. Unfortunately it’s another example of criminals using AI apps.
A threat actor has created a new piece of malware for attacking Apple computers running the macOS operating system. Researchers at Elastic Security found the malware when it ran against a Japanese cryptocurrency exchange. After breaking into a computer with the malware the attacker tried to bypass the operating system’s Transparency, Consent, and Control (TCC) permissions, which provide access control, and replace it with a TCC database of their own. Administrators have to make sure access to any macOS TCC database is locked down. According to BitDefender, there are Windows and Linux versions of this malware as well.
Finally, a lot of supposed AI apps can be found in mobile app stores. But many of them suck a lot of personal information from users to their developers. Reviewers at Home Security Heros tested 159 apps including games and productivity tools like digital photo enhancers and found three-quarters of them share users’ data with third parties. One of the apps monitors almost 43 per cent of users’ personal data. This may be a problem if you don’t know about or consent to this. So do your research before downloading.
That’s it for now. But later today the Week in Review edition will be out. Guest commentator Terry Cutler of Montreal’s Cyology Labs will join me to discuss a cyber attack on a major Canadian energy producer, the costs of a data breach and more.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon