Name-and-shame ransomware attacks are up, so are digital gift card attacks, a new search tool from the Electronic Frontier Foundation and more.
Welcome to Cyber Security Today. It’s Wednesday July 15th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
I’ve spoken before about the recent change in tactics by ransomware gangs to add data theft to their tactics. They threaten to release or auction stolen data if organizations don’t pay a ransom for scrambled data on their systems. This name-and-shame tactic puts even more pressure on victim firms. Well, a blog this week from a security firm called Emsisoft suggests one in 10 ransomware victims are hit by this double attack. And because this change in tactics started only late last year that number will likely rise as more ransomware gangs adopt it. What should your organization do? Emsisoft urges IT leaders to implement multi-factor authentication for logins, limit the number of employees who have administration rights to widely access data, disable remote access if it isn’t needed, install software security updates promptly and run security awareness training for employees regularly.
Cybercrooks don’t only steal data, credit cards or break into bank accounts. They also like taking e-gift cards. These are digital gift cards that can be added to a mobile app or a digital wallet. Why go after them? Because they’re like cash. A security firm called PerimeterX issued a report this week saying since the COVID-19 lockdown started the number of digital gift card attacks has jumped tremendously, mainly against online food delivery services. Often attackers use chains of infected computers called bots to launch huge attacks against companies’ web sites. They use the power of the group of computers to guess passwords of cards, or to take over users’ accounts. A prime weapon is stolen usernames and passwords from other data breaches, hoping people use the same password for many things. If successful the e-gift card account is emptied or cards are loaded up for money laundering. PerimeterX advises companies to prevent digital card thefts make sure card numbers are had to guess.
Ever wonder how many American police forces use tools like facial recognition, drones and license plate readers? The Electronic Frontier Foundation has an online tool to answer the question. It’s a searchable database called the Atlas of Surveillance. It has several thousand data points on over 3,000 law enforcement agencies created with the help of the Reynolds School of Journalism at the University of Nevada. Data comes from news articles, press releases and social media posts. Click on a dot on a map or search by community and you can find out which police departments partner with Amazon’s Ring camera network or use facial recognition software. The goal is to help the public understand how widespread is the use of these technologies.
In upgrade news, yesterday was the monthly Microsoft Patch Tuesday, when security fixes for Windows products are released. Patches for some 122 vulnerabilities are part of the package, including 18 identified as critical. If your computer isn’t set to have updates automatically installed go to Settings and then Windows Update and do it yourself.
Separately, enterprise software provider SAP said it patched a critical vulnerability in the NetWeaver Application Server platform.
And Google released version 84 of the Chrome browser, which includes some security improvements. Among the enhancements is a warning if a site is trying to trick you into subscribing to malicious browser notifications. Allow certain notifications and you’ll end up getting spam, fake giveaways and malware. If your browser doesn’t automatically update, go into the settings, click on Help, and then About Chrome
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.