Ransomware has not hit its peak, a ransomware strain is quickly updated and another reason to toughen those passwords and upgrade IoT devices.
Welcome to Cyber Security Today. It’s Wednesday July 18th. To hear the podcast, click on the arrow below:
There’s no shortage of reports about ransomware attacks, so here’s more bad news: They’re only going to get worse. A blog on Tripwire says that ransomware has not even remotely hit its maturity curve on the effectiveness for a hacker to utilize it as a major threat. Why? Because criminals get their money fast, instead of having to worry about how to sell stolen data like credit card numbers and passwords. The best way to prevent ransomware, says the author, is to be prepared, practice mock incidents, and implement a preventative security awareness training program to build a culture of security within your organization.
Let me give you an idea of how hot ransomware is in the criminal world. Fortinet reports a strain of ransomware called GandCrab just got updated to version 4.1, two days after version 4.0 was released. This new version contains an unusually long hard-coded list of possibly compromised websites that it connects to. It isn’t clear why this was done, as the listed sites don’t seem to be acting as sources for downloading the malware. Is it an experiment or a diversion? Regardless, the point is the people behind this strain of ransomware are regularly honing it.
Finally, another example has surfaced of people being careless with passwords. This time it comes from a researcher looking into vulnerabilities in the digital surveillance recording system made by a Chinese company, Dahua Technologies, sold around the world. Using an Internet of Things search engine called ZoomEye, administrative passwords for Duhua have been captured. The bug was fixed a while ago, but people can still find passwords for unpatched devices. Passwords like “123456” and “admin123.” Listeners. you’ve got to make sure to patch things you connect to the Internet – surveillance cameras, recorders, WiFi routers, thermostats, front door locks. And they’ve got to have strong passwords. Remember, sometimes devices have two passwords – one that lets you use the device, and a second administrative password.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon.