More fall-out from the Kaseya ransomware attack, privacy worries over the Audacity audio editor and more bad Android apps.
Welcome to Cyber Security Today. It’s Wednesday July 7th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
The success of a ransomware attack on the Kaseya VSA remote monitoring suite has a number of experts worried. For example, Richard Blech, founder of an encryption company called XSOC Corp., says this attack will only embolden other ransomware groups. The attack quickly spread ransomware to some 1,500 organizations around the world through about 60 of Kaseya’s managed service provider customers. This is not merely another example of a third party or supply chain attack. The number of victim organizations caught in aftermath of a single attack is notable. That’s why IT departments must have robust malware detection strategies. While this attack took advantage of unknown zero-day vulnerabilities in the on-premise version of Kaseya VSA, the ransomware was spread to desktop computers and servers. These need advanced protection. Sophos noted that the tactics used by the REvil ransomware gang to avoid detection were very sophisticated. However, it adds, the ransomware itself was detected by a number of anti-malware products. So you are not defenceless against ransomware.
For more on ransomware protection there’s a link here to advice from the Canadian Centre for Cyber Security. This link is specifically for Kasaya VSA users.
Executives thinking cyber insurance will help cover the costs of ransomware should think again. An insurance company told the Reuters news agency last week that its rates have recently gone up by as much as 40 per cent because of ransomware claims. Some insurers may now refuse to cover ransomware payments. They may also limit how much damages they will pay for any successful cyber attack.
Meanwhile a new ransomware strain has been discovered. Researchers at Fortinet have dubbed it Diavol and suspect it’s linked to a criminal group researchers call Wizard Spider. The bad news is that group operates the widely distributed TrickBot malware. This new strain of ransomware has some similarities to other strains. One of them is ransomware called Conti. In fact, when Fortinet discovered the Diavol ransomware in an attack on one of its customers a Conti ransomware file was also part of the package. Researchers will be on the lookout for more evidence of this new strain.
The new owners of the free and open-source Audacity audio recording editor have caused an uproar over changes in its privacy and data collection policy. The Russian-based company said the application now collects a user’s operating system name and version, the type of CPU, the country where the software is being used based on its IP address as well as “data necessary for law enforcement litigation and authorities’ requests.” To policy also says the company is “occasionally required to share your personal data with our main office in Russia and our external counsel in the USA.” This has led some on social media to say the application is now spyware. An official of the new owner (the Muse Group, whose parent company is based in Russia) told the news site Motherboard that the reaction of users is overblown. But some users are trying to create a new version of the open-source suite. Others are talking of abandoning it.
After I recorded this podcast I came across this article, which noted the Muse Group promised in May it would self-host its telemetry sessions rather than using third-party libraries and hosting.
As I’ve said many times, you’ve got to be careful downloading any app, especially mobile apps. Google and Apple do a pretty good job of keeping bad apps from their stores, but sometimes developers sneak in malware. The latest examples were found by an antivirus company called Dr. Web, which discovered nine data-stealing apps in the Google Play store posing as utilities. They include a photo effects editor, an application lock, a rubbish cleaner, a fitness app and two horoscope programs. What they really do is steal Facebook logins and passwords. Don’t download anything without checking with friends or reliable software review websites.
Finally, this alert to administrators of QNAP’s network-attached storage devices: If you’re still using version 3 of the Hybrid Backup Sync software make sure the latest patches are installed. There’s a serious vulnerability that needs to be fixed.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.