Cyber ​​Security Today, December 1, 2021 – FBI Seizes Funds From Suspected Ransomware Gang Member, Google Cloud Security Report And More

FBI seizes funds from suspected ransomware gang member, a Google cloud computing security report, and other malware found in the Android store.

Welcome to cybersecurity today. It’s Wednesday December 1st. I’m Howard Solomon, contributing author on cybersecurity for ITWorldCanada.com.

The FBI continues to make progress against ransomware groups. According to news service Bleeping Computer, the federal government seized bitcoin worth just over $ 2 million in August from a digital wallet in Texas. The money is believed to be attributed to attacks carried out by the REvil ransomware gang. The digital wallet is believed to be owned by a resident of Russia.

Separately, an NCC Group report indicates that ransomware gangs’ use of double extortion tactics is increasing. In October, there were 314 double extortion victims worldwide, an increase of 65% from September. Double extortion involves stealing certain data and threatening to make it public or sell it to other crooks in addition to encrypting the rest of an organization’s data. The report also notes that a threat actor, dubbed SnapMC, doesn’t bother to encrypt the data. It only steals data and keeps it for ransom.

cloud computing has several advantages for IT departments. The first is that they don’t have to worry about rushing to install security updates. The cloud application provider – Gmail, Salesforce, Microsoft 365 – finds bugs and installs updates quickly. However, organizations still need to ensure that their systems are not vulnerable to misconfigurations and other employee errors. In its first cloud threat intelligence report, Google says many successful app attacks are caused by poor IT hygiene and a lack of basic security controls. What kinds of problems can arise? Looking at its own service, the report finds that 86% of compromised Google Cloud Platform instances were used to steal compute cycles for cryptocurrency mining. Other abuses of Google Cloud included using resources to scan targets, launch cyber attacks, and host malware. Forty-eight percent of the breaches were attributed to customer accounts that had no passwords or a weak password. Another 26% of compromises were due to vulnerabilities in third-party software that companies themselves had installed. One tip Google offers for better security for its cloud customers applies to users of any cloud service: Employees should use two-factor authentication for logins. Google also provides a range of security services such as web analytics, a security command center, and other features. When IT departments look for cloud providers, they should ask if similar services are available and what they cover.

I already said that Google goes to great lengths to prevent malware from entering the Android Play Store. However, cyber crooks try just as hard to bypass the defenses. A report released this month by a Dutch cybersecurity company called Threat Fabric shows how some groups are doing it. They create mobile apps that include a dropper. A dropper is a small piece of code that reminds a crook’s server to download malware onto a victim’s device. The small size of the dropper code makes it difficult to detect. Researchers at Threat Fabric recently discovered 11 apps in the Play Store capable of infecting victims’ Android devices with dozens of malware aimed at stealing bank login passwords. Threat Fabric believes the malware has been downloaded over 300,000 times. As is often the case, these bad apps pretend to be utilities like QR code scanners, PDF scanners, cryptocurrency apps, and fitness trainers. Scammers know that a lot of people like to find new apps to play with on their smart phones. Always remember this when you want to download an app. Make sure by reading reviews and talking to people you trust that an app is trustworthy.

That’s it for now Remember that the links to the details on the podcast stories can be found in the text version at ITWorldCanada.com.

Follow Cyber ​​Security Today on Apple Podcasts, Google Podcasts, or add us to your Flash Briefing on your smart speaker.

Comments are closed.