Some CISO salaries are up, LockBit gang has troubles and crooks take advantage of poorly-secured WordPress sites.
Welcome to Cyber Security Today. It’s Monday, August 22nd, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
The salaries of chief information security officers in the United States continue to rise. According to the annual CISO survey conducted by executive search firm Heidrick and Struggles, the median cash compensation of the American CISOs it surveyed in the spring was US$584,000. That was up 15 per cent over last year and 23 per cent over 2020. Median salaries were up four per cent in the United Kingdom as well. The survey also questioned the salaries of CISOs in Germany. Note that more than two-thirds of the respondents in the three countries worked for big firms that pulled in US$5 billion or more in revenue. The survey also questioned CISOs in a broader number of countries about organizational issues. Only eight per cent of respondents report directly to the CEO. The rest report to the CIO, CTO or another executive. Eighty-eight per cent said they also report to the full board, or a committee of the board.
The LockBit ransomware gang started releasing data over the weekend it says was stolen from security company Entrust in July. At least it did temporarily. On Sunday it was reported that LockBit’s data leak site was offline. LockBit claims it’s because of a denial of service attack. Did Entrust strike back? No one knows. Entrust is a big provider of identity verification solutions for payment cards, customers and employees. According to Security Week, Entrust has admitted threat actors accessed HR, finance and marketing information. Entrust says there’s no evidence that the operation or security of its products has been impacted.
Hackers take advantage of poorly-secured WordPress websites in a number of ways. According to researchers at Securi, the latest is to make fake CloudFlare denial of service warning messages pop up on users’ screens. When the user clicks on a prompt to download a verification code to access the site, malware is downloaded instead. How? An attacker gets into the WordPress site and installs a JavaScript program that compromises the website. The lesson is that WordPress administrators have tighten security. First, make sure all site software is up to date. Second, anyone who can access a WordPress site should be forced to use a strong password, backed up by multifactor authentication. Third, place your website behind a firewall. And fourth, regularly monitor your WordPress code for compromise.
Companies in the hospitality and travel sectors, including hotels, are being warned a criminal group is targeting them. The overwhelming number of phishing messages aimed at targeted firms by this group are written in Portuguese or Spanish. However, some are written in English. That means the number of American and Canadian targets could increase. Dubbed TA558 by researchers at Proofpoint, this group has recently begun sending emails with links to infected web pages or infected documents. Phishing messages may refer to a reservation or a phony QuickBooks invoice. Data theft appears to be the motive. Employees in the hospitality and travel sectors — in fact, any sector — should be careful handling messages with links and attachments. Better to ask advice than be victimized.
Finally, more malicious apps have been found in the Google Play Store. Researchers at BitDefender recently found 35 bad applications. The job of most of them is to serve ads to victims. What’s different about many of these apps is that after installation on a device they hide. How? By renaming themselves and changing their icon so it’s harder for you to find and delete them. For example, an app called ‘GPS Location Maps’ changes its label to ‘Settings.’ Google tries hard to screen apps. Most in the Play Store are good. But crooks sometimes slip by the defences. So remember: Don’t install apps you really don’t need; delete apps you no longer use; be wary of apps with a large number of downloads but few or no reviews; and be wary of apps that after installation request special permissions, such as access to the accessibility controls.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon