Cyber Security Today, Sept. 24, 2021 – A new hacking group discovered, another COVID text scam found, ransomware advice and more

A new hacking group discovered, another COVID text scam found, ransomware advice and more.

Welcome to Cyber Security Today. It’s Friday September 24th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

A new threat group has been found whose recent favourite weapon is exploiting holes in unpatched installations of Microsoft Exchange. The discovery was made by security firm ESET, which said the group is leveraging the ProxyLogon vulnerabilities revealed earlier this year. Other software exploited includes Microsoft SharePoint and Oracle Opera suite for running hotels. ESET has nicknamed the group FamousSparrow. It says the group’s targets are largely hotels, but also include governments, law firms and companies in the U.S., Canada and other countries. ESET thinks this group has been quietly operating since 2019. Because targets include governments the suspicion is the group’s goal is espionage. Best protection includes making sure all of your organization’s applications are patched.

Speaking of patching, if your organization runs VMware’s vCentre server management suite make sure its got the latest security update. VMware issued a warning this week about a new vulnerability.

Attention Android device users in Canada and the U.S.: Scammers are sending COVID-19 related text messages trying to trick you into clicking on malicious attachments. The messages may pretend to be about pandemic regulations or a vaccine appointment. If a victim clicks on the link a notice pops up saying their Adobe Flash Player is out of date and needs updating. Clicking on that downloads the malware. According to security company Cloudmark, the malware vacuums up users’ contacts and call logs, steals passwords and takes over the device’s camera and microphone. Think carefully before clicking on links in text messages and emails, even if they appear to come from someone you know. After all, their device might have been hacked, which is how they got your address.

The U.S. government has again urged the private sector not to give into the financial demands of ransomware or extortion gangs. In an updated advisory this week the Treasury Department reminded organizations that some cyber criminal groups are under government sanction. Sending money to groups or persons on the blocked list is prohibited and could result in fines. Payments may also be forbidden under certain American regulatory laws. In fact this week the Suex virtual currency exchange was added the sanctions list for facilitating cryptocurrency transactions of ransomware gangs.

The advisory urges organizations to focus on improving their cybersecurity. Don’t know where to start? The U.S. Cybersecurity and Infrastructure Security Agency has a ransomware guide. So does Canada’s Centre for Cyber Security.

The Canadian government also says paying a ransom isn’t recommended. It points out that paying doesn’t guarantee access to your files will be restored. And even if it is your copied files may have been spread or sold anyway to other attackers.

Speaking of ransomware, this week the U.S. Cybersecurity and Infrastructure Security Agency released a background paper for IT professionals on the workings of the Conti ransomware. It also includes advice on lowering the odds of your firm being victimized by ransomware. Number one is protecting logins with multifactor authentication. Number two is segmenting IT networks to make it harder for ransomware to spread. Number three is keeping all operating systems and software fully patched. There’s more advice as well.

Finally, later today the Week in Review edition will be online. A guest and I will talk about the expanding number of distributed denial of service attacks, the FBI allegedly withholding a ransomware description key and users misconfiguring a platform for building online events.

Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard SolomonA new hacking group discovered, another COVID text scam found, ransomware advice and more.

Welcome to Cyber Security Today. It’s Friday September 24th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

A new threat group has been found whose recent favourite weapon is exploiting holes in unpatched installations of Microsoft Exchange. The discovery was made by security firm ESET, which said the group is leveraging the ProxyLogon vulnerabilities revealed earlier this year. Other software exploited includes Microsoft SharePoint and Oracle Opera suite for running hotels. ESET has nicknamed the group FamousSparrow. It says the group’s targets are largely hotels, but also include governments, law firms and companies in the U.S., Canada and other countries. ESET thinks this group has been quietly operating since 2019. Because targets include governments the suspicion is the group’s goal is espionage. Best protection includes making sure all of your organization’s applications are patched.

Speaking of patching, if your organization runs VMware’s vCentre server management suite make sure its got the latest security update. VMware issued a warning this week about a new vulnerability.

Attention Android device users in Canada and the U.S.: Scammers are sending COVID-19 related text messages trying to trick you into clicking on malicious attachments. The messages may pretend to be about pandemic regulations or a vaccine appointment. If a victim clicks on the link a notice pops up saying their Adobe Flash Player is out of date and needs updating. Clicking on that downloads the malware. According to security company Cloudmark, the malware vacuums up users’ contacts and call logs, steals passwords and takes over the device’s camera and microphone. Think carefully before clicking on links in text messages and emails, even if they appear to come from someone you know. After all, their device might have been hacked, which is how they got your address.

The U.S. government has again urged the private sector not to give into the financial demands of ransomware or extortion gangs. In an updated advisory this week the Treasury Department reminded organizations that some cyber criminal groups are under government sanction. Sending money to groups or persons on the blocked list is prohibited and could result in fines. Payments may also be forbidden under certain American regulatory laws. In fact this week the Suex virtual currency exchange was added the sanctions list for facilitating cryptocurrency transactions of ransomware gangs.

The advisory urges organizations to focus on improving their cybersecurity. Don’t know where to start? The U.S. Cybersecurity and Infrastructure Security Agency has a ransomware guide. So does Canada’s Centre for Cyber Security.

The Canadian government also says paying a ransom isn’t recommended. It points out that paying doesn’t guarantee access to your files will be restored. And even if it is your copied files may have been spread or sold anyway to other attackers.

Speaking of ransomware, this week the U.S. Cybersecurity and Infrastructure Security Agency released a background paper for IT professionals on the workings of the Conti ransomware. It also includes advice on lowering the odds of your firm being victimized by ransomware. Number one is protecting logins with multifactor authentication. Number two is segmenting IT networks to make it harder for ransomware to spread. Number three is keeping all operating systems and software fully patched. There’s more advice as well.

Finally, later today the Week in Review edition will be online. A guest and I will talk about the expanding number of distributed denial of service attacks, the FBI allegedly withholding a ransomware description key and users misconfiguring a platform for building online events.

Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including ITBusiness.ca. Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Follow this Cyber Security Today

More Cyber Security Today