Cyber Security Today, Oct. 27, 2023 – Malware hiding as a cryptominer may have infected 1 million PCs since 2017

Malware hiding as a cryptominer may have infected 1 million PCs since 2017.

Welcome to Cyber Security Today. It’s Friday, October 27th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Data-stealing malware miscategorized by security researchers as a cryptocurrency miner has been infecting computers since at least 2017. That’s the conclusion of researchers at Kaspersky. The amount of effort that went into creating the malware’s framework is truly remarkable, they say, and its disclosure is quite astonishing. The crypto mining module allows the other capabilities of this malware to evade detection. It isn’t known who is behind this malware, which Kaspersky calls StripedFly. But security pros should note it steals login credentials it can find every two hours, captures names and phone numbers, takes screenshots and turns on computer microphones. One piece of good news: This malware leverages the Windows EternalBlue exploit, a patch for which was released in 2017. Users and companies that patched that hole in 2017 are likely safe — if they did it before being infected. But Kaspersky believes over 1 million machines have been infected.

Healthcare IT administrators with the Mirth Connect open-source data integration platform are urged to update the application as soon as possible. Researchers at Horizon3 discovered that a recent patch to close a vulnerability doesn’t completely close the hole. You should be running version 4.4.1.

The Toronto edition of the Pwn2Own hacking contest has been running this week. Teams have to try to find and exploit devices like printers, routers and smartphones. At the end of Thursday just under $1 million in prizes had been awarded to teams. The contest ends today.

An English-speaking criminal gang has added ransomware to its arsenal, according to Microsoft. The group, known by researchers by a number of names including Octo Tempest, Scattered Spider and UNC3944, has become an affiliate of the AlphV/BlackCat ransomware gang. Lately, the report warns, Octo Tempest has been targeting organizations running VMware. Initial infection tactics include sending SMS phishing messages to employees and convincing wireless carriers to swap the smartphone SIM cards of targeted employees.

The United Kingdom’s Online Safety Act, which will make it a crime for social media platforms to carry content such as messages that promote terrorism, suicide, self-harm or eating orders, is closer to being implemented. This week the law received royal assent. Now the regulator, the Office of Telecommunications, has to create regulations that social media platforms will have to follow. Exactly how they will scan posts isn’t clear. But the law doesn’t cover misinformation or disinformation. Passage of this law follows the European Union’s Digital Services Act. Both the UK and the EU laws are being watched carefully by the Canadian government, which a while ago promised similar legislation.

Finally, people are still falling for phishing scams that leverage the names of well-known organizations. According to a report this week from Netscope, one of the biggest recent email campaigns pretends to be from Amazon. The message claimed the person’s Amazon account had been suspended for incorrect billing information. To fix the problem the alleged victim had to click on a link to allegedly update their payment. That link went to a fake website where the victim’s credit or debit card information would be stolen. If you get a message like that from any firm or government department and are concerned, don’t click on the link. Go to the organization’s main page yourself and log in to check your account.

That’s it for now. But later today the week in review will be available. Guest commentator David Shipley and I will discuss a hack at Okta, the risks of a shared IT services model and more.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Sponsored By:

Cyber Security Today Podcast