Crooks using virtual meetings to trick employees, details on a new botnet, and more.
Welcome to Cyber Security Today. It’s Friday, February 18th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Cybercrooks are increasingly using virtual meetings to trick company employees into transferring money to criminal-controlled bank accounts. That’s according to an alert sent out this week by the FBI. Usually these types of scams use email messages pretending to be from a senior executive of the employee’s firm to ask for a money transfer. However, the FBI says crooks are also scheduling online meetings with a victim. But instead of the executive appearing live the crook inserts a still photo of the CEO and uses a computer-generated fake audio voice that sounds very much like the chief executive to give instructions. A so-called deep-fake voice can be generated by recording speeches or presentations someone has made online. The FBI says employees should be careful of virtual meetings arranged with supposed company officials on a platform that isn’t normally used by the organization. And before transferring funds confirm the more with another person or use two-factor authentication to verify requests for changes in bank account information.
Someone or group is assembling a new botnet of compromised computing devices to spread malware. Researchers at ZeroFox call it Kraken. The botnet has been undergoing bouts of development since last fall. Aimed at devices running Windows, it tries to install malware that steals passwords and other information about infected devices. It also installs cryptocurrency mining software, collecting around $3,000 a month. And it steals any cryptocoin that victims have in digital wallets on infected computers. IT security teams should make sure all employees use multifactor authentication to block phishing and credential stuffing attacks. They should also monitor network logs for suspicious activity.
IT administrators, hardware makers and application developers should watch for software and firmware updates from Intel. It has released 22 security advisories for various products. Vulnerabilities could allow a range of problems from denial of service to disclosure of user information. Products include the Quartus Prime design software and the Intel Trace Analyzer and Collector.
Finally, administrators of Cisco Systems’ Email Security Appliances should install the latest security updates. A vulnerability could lead to a blocking of email communications.
Remember later today my Week in Review podcast will be out, with a guest commentator on some of the week’s events
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.