Cyber Security Today, Nov. 21, 2022 – More ransomware strains found.
Welcome to Cyber Security Today. It’s Monday, November 21st, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Ransomware creators aren’t being intimidated by international efforts to stamp out the malware. The evidence? Three new strains of ransomware have been detected by researchers at Cyble. AXLocker not only encrypts several file types it also steals the login tokens of subscribers to the Discord messaging platform. The creators of a strain called Octocrypt run it as a ransomware-as-a-service operation. And there’s a strain dubbed Alice, because the creators advertise it as “Alice in the Land of Malware,” complete with a sketch of a girl who looks like Alice in Wonderland. This strain also sold as a service to crooks, with prices starting at US$600 a month. The service offers crooks the ability to make custom ransomware notes. Responsive software support is promised. The report on this says organizations need to stay ahead of the techniques used by threat actors and implement best practices and security controls or they will become victims.
More on new ransomware: A threat actor than Microsoft calls DEV-0569 that has been deploying various pieces of malware is now pushing out the Royal strain of malware. This strain was first detected in September. As described by Microsoft, this gang is a wily bunch. It uses many tactics to distribute malware, including phishing, fake forum pages and malvertising, trying to get victims to download fake and infected software and updates. These include fakes of applications like Team Viewer, Any Desk, Adobe Flash Player and Zoom. Late last month it also started using links in Google Ads for distributing malware.
There is good news to report. For the past two years a New Jersey cybersecurity firm has been quietly helping victims of the Zeppelin ransomware strain recover their encrypted files after cracking the ransomware code. The company, Unit221b, needed the help of 20 servers with 40 processors to do it. For those of you who are calculating, yes, that’s 800 CPUs in total. It took them less than six hours to find a solution. The company has now gone public with its success. Here’s the thing: The company told law enforcement agencies about this two years ago so they could notify victims where to go for help. This is one of the reasons why if you’re hit with ransomware, let police know. They may be able to point to resources that can help the IT department recover.
Attention Microsoft Exchange administrators: If you haven’t yet installed the Exchange security updates to plug the vulnerabilities called ProxyNotShell you’re in trouble. According to the Bleeping Computer news site, a security researcher has publicized a proof-of-concept exploit that attackers have been using for some time to compromise Exchange servers. The patches were released November 8th. Even still, administrators should have taken mitigation action before that because attackers have been trying to leverage these holes since the end of September.
Ten people have been charged in the U.S. with allegedly being involved in a multi-million dollar Medicare and Medicaid email scam. The Department of Justice said the scam involved sending emails to public and private health insurance programs that looked like they came from real hospitals. The insurers were asked to send payments to the hospitals’ new bank accounts. Unknown to the insurers, the bank accounts were set up by crooks. The charges are another example of why staff in finance and accounting departments have to be regularly trained not to trust email messages involving changes of regular procedures in handling money. Any requested bank account changes have to be independently verified.
The European Union is closer to launching a constellation of satellites that will give member countries more internet resilience. The EU Council last week reached a provisional agreement on a regulation establishing a secure connectivity program including the IRIS satellite network. Separately, the EU Council voted to support a proposed regulation to ensure a high common level of cybersecurity across the 27 countries in the union. The regulation would promote co-operation in responding to cyber incidents. It still has to be passed by the European Parliament.
Finally, Atlassian has patched critical vulnerabilities in its Crowd identity management and Bitbucket Data Center and Server products. Both fix critical vulnerabilities.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.