Cyber Security Today, Oct. 22, 2012 – A new ransomware strain discovered, a scam hijacks YouTube accounts and watch those open source code libraries

A new ransomware strain discovered, a scam hijacks YouTube accounts and watch those open-source code libraries.

Welcome to Cyber Security Today. It’s Friday October 22nd. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

Evil Corp., believed to be the gang behind ransomware strains called WastedLocker, Hades, Phenoix Locker and PayLoadBin, has created another brand. Called Macaw Locker, it is thought to be the ransomware strain that hit optical equipment maker Olympus and the U.S. Sinclair chain of TV stations this month. The discovery of Macaw Locker by security firm Emsisoft was reported by the Bleeping Computer news site. It says victims of the new strain have faced ransoms for up to $40 million. There is speculation that by adopting a bunch of different names Evil Corp. is trying to avoid U.S. sanctions forbidding American companies from negotiating with certain named groups

Creators of YouTube videos have a lot of fun, especially if their flicks pull in lots of followers, and, if they’re lucky, money. This is why their sites are targets for hackers. In a column this week Google – which owns YouTube – outlined how crooks are tricking thousands of YouTube creators into giving up control of their sites. The crooks, in turn, sell that control to others who use the sites to spread malware including cryptomining apps. Here’s how it’s done: The hacker sends emails with fake collaboration opportunities, like a link to a demo for anti-virus software, a virtual private network app, a music player or photo editing app. The pitch is something like, ‘Try our product, promote it and you’ll get more viewers and we’ll buy an ad.’ Some pitches are for COVID-19 news. When a victim downloads the software, it steals their YouTube login username, password and pieces of code called cookies from their browser. This kind of attack gets around a victim’s use of multifactor authentication for security. The scam works partly because many YouTube creators are looking for lots of viewers. In some cases the pitch looks genuine because the crook has created a copy of a legitimate company’s web page. Google has been trying since May to detect and remove these phony pitches. In addition, it has restored more than 4,000 YouTube accounts to their rightful owners. For their part YouTube content creators have to be smarter. If your browser or antivirus warns of suspicious activity, take it seriously. Never turn off antivirus even if an application says that has to be done to download software. After downloading any file or app and before installation scan it with your antivirus software. That’s what’s there for. And protect a YouTube account with multifactor authentication. Note that starting November 1 monetizing YouTube creators must turn on two-step verification on their accounts.

Hackers are increasingly trying to sneak malware into widely sold or distributed applications used by companies rather than directly infect organizations. The latest example was discovered by a security firm called Sonatype. In a blog this week Sonatype described how it found three malicious software libraries in the open-source NPM code registry. It’s a public collection of packages of code needed by JavaScript developers. Anyone with an account can contribute code packages. The three libraries disguised themselves as legitimate code, but in fact they launch cryptomining functions on victims’ Windows, macOS and Linux computers. They were quickly taken down after NPM was notified. But the incident is an example of why developers relying on outside code have to regularly scan for malicious code.

Canadians are getting phony recorded calls claiming to be from the Canada Border Agency. The recorded message says the agency has seized a package in your name. You’ll be asked to press a number so a support person can speak to you. What this scam is after is personal information, like your name and credit card number. If you get a recorded call like this, hang up.

Finally, later this afternoon the Week in Review podcast will be available. Today’s discussion will focus on how small businesses can lower their risk of being victimized by a cyber attack.

As always to details about podcast stories are in the text version at ITWorldCanada.com. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Sponsored By:

Cyber Security Today Podcast