Canadian researchers find evidence of mobile spyware, European police report on cyber crime released and update your Apple devices)
Welcome to Cyber Security Today. It’s Wednesday, September 19th. To hear the podcast click on the arrow below:
The University of Toronto’s Citizen Lab says it has found suspected evidence of an Israeli company’s iPhone and Android spyware in devices in 45 countries. These include Canada, the United States, Mexico, the U.K., France, Turkey, Israel and the United Arab Emirates. The spyware, called Pegasus, is made by NSO Group. Data analysis suggests 33 operators are running the spyware, some of whom may be doing so lawfully as police or intelligence agencies. However, says the report, evidence of Pegasus can be found in countries with a history of abusing spyware to target civil rights groups and activists. Ten of the operators appear to be targeting people in other countries, the report adds. Citizen Lab said the NSO Group responded to the report by saying its product is licensed to government and law enforcement agencies for the sole purpose of investigating and preventing crime and terror. NSO does not sell its products in many of the countries listed in the report, the company added. You can read the report at CitizenLab.ca
Ransomware and cryptojacking attacks will increase. That’s the forecast from Europol, the European police co-operative that operates the European Cybercrime Centre, in its just-released annual Internet Organized Crime Threat Assessment. Attackers will increasingly target ransomware against companies and governments rather than spread it through random spam, says the report. The other major trend, cryptojacking, involves secretly taking over Internet attached devices like home security cameras and routers and using their processing power to mine cryptocurrencies for criminals. They then cash in the money to further support crime. In the last half of 2017 cryptojacking overshadowed almost all other malware threats, says the report. Both ransomware and cryptojacking can be fought by having up to date software on anything that connects to the Internet, backups of your data and being careful of what you click on.
Speaking of ransomware and cryptojacking, Palo Alto Networks has discovered a new malware tool it calls Xbash, which combines the threats into one piece of malware. It targets and delete Linux-based databases, while installs coin mining software on Windows servers. One thing it looks for are weak passwords to exploit. You’ve been warned.
Finally, this week Apple released iOS12, the latest version of its operating system for iPhones and iPads, a new Safari browser, as well as new versions operating systems for Apple Watch and Apple TV. These may be automatically installed on your devices, but check to be sure. They include security updates. For example, iOS12 will alert users if they have already used a password for another service. If you have an older Apple device that doesn’t qualify for an update, think carefully about whether you need to replace it. If not, because I know a new device is expensive, just be careful where you go on the Internet.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing.