Cyber Security Today, Feb. 25, 2022 – A new ransomware strain found, watch for double backdoors, a new sextortion tactic and more

Share post:

A new ransomware strain found, watch for double backdoors, a new sextortion tactic and more

Welcome to Cyber Security Today. It’s Friday, February 25th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

A new ransomware strain has been spotted. Researchers at Sophos have dubbed it Entropy. The significant thing I found in the report was how the attackers first got into victims’ IT systems. In one case they exploited a known vulnerability in a Microsoft Exchange Server called ProxyShell. In the second case an employee clicked on a malicious email attachment that led to the delivery of the Dridex malware and ultimately the ransomware. There’s two lessons here: In both cases attackers took advantage of vulnerable Windows systems that lacked current patches and updates. That’s why fast patching is vital. And if employees had been required to use multifactor authentication it would have made things harder for the attackers.

The installation of a backdoor into IT networks by hackers isn’t new. But researchers at Palo Alto Networks have discovered something that is: Installing a backup backdoor in case the primary one is removed. The researchers dub this secondary backdoor SockDetour because it hijacks the internet connection of an existing network socket. As a result it’s hard to detect. The hacker or hackers using this tool may be associated with an attack campaign that’s been going on against organizations in the technology, energy, healthcare, education, finance and defence sectors. In one case the server that hosted a SockDetour backdoor was a compromised storage devices from QNAP. One defence: Keep Windows servers up to date with the latest patches. Some anti-malware software may detect this backdoor running in memory.

Hackers are sending threatening sextortion emails to people in France. The message claims to be from a government agency that has video evidence of a victim’s visits to a porn site. It demands payment of a fine. This uses a tactic that attackers may try in other countries: Embedding an image of a fake but official-looking government document that isn’t detected by email spam filters. Threatening email messages should be reported to police.

Finally, owners of recent Samsung Galaxy S-series smartphones should make sure the devices have the latest security updates. This comes after Israeli researchers said they found Samsung didn’t properly implement encryption protection. Fortunately, the researchers told Samsung about this over a year ago and patches were released last August and October. If you haven’t installed updates in a while, your data and communications may have been at risk.

Don’t forget later today the Week in Review podcast will be out. Today’s guest commentator is ransomware expert Brett Callow of Emsisoft.

Remember links to details about podcast stories are in the text version at ITWorldCanada.com.

You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Feb. 25, 2022 – A new ransomware strain found, watch for double backdoors, a new sextortion tactic and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Hashtag Trending Feb.28- OpenAI says New York Times hacked ChatGPT; Apple cancels plans to release electric car; Your Voice is Power teaches indigenous youth...

Sponsor: Hashtag Trending is sponsored by Dalikoo.com (Spell). The founder is a big supporter of our podcast and is not only a sponsor but he has offered to provide $20,000 in Azure credits for two to three of our listeners who have a unique idea for an Azure based project. The credits can be applied

Russian threat actor expanding its target list, warns Five Eyes report

APT29 is increasingly going after cloud services in mo

Canada’s privacy watchdog investigating hack at Global Affairs

Inquiry will look into adequacy of data safeguards at the federal

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways