Cyber Security Today, July 14, 2023 – Ransomware payments are up, Google is squeezing bad Android developers, and more

Ransomware payments are up, Google is squeezing bad Android developers, and more.

Welcome to Cyber Security Today. It’s Friday, July 14th 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Ransomware gangs have pulled in almost US$450 million in the first six months of this year, considerabily more than the same period last year. That’s according to researchers at Chainalysis, who looked at cryptocurrency transaction flows to illicit web addresses. If the trend keeps up, the researchers predict 2023 will be the second biggest year for ransomware. That was in 2021, when US$940 million went into IP addresses controlled by gangs. Then there was a drop last year before going up this year. Why? It seems more gangs are going after big targets this year than they did in 2022. And the number of successful attacks on small organizations is also up.

The good news? Flows from other cryptocurrency-related crimes like scams are sharply down so far this year. It suggests that efforts by cybersecurity firms and law enforcement going after gangs and infrastructure that support cryptocurrency payments is paying off.

Google is taking another step to make it harder for crooks to plant malicious Android applications in the Play store. Starting August 31st anyone creating a new Play Console developer account for an organization will have to provide what’s called a D-U-N-S number. That’s a nine-digit identifier assigned by Dunn & Bradstreet. That allows Google to verify information about a business. Each app will also have to show more information about the developer, including possibly the app’s support email address or phone number and other verified identity information.

Threat actors have access to another free tool. According to SecurityWeek, someone has leaked the source code for the BlackLotus bookit for Windows on the GitHub platform. This bootkit can be used to load unsigned drivers. One advantage of having access to the code, however, is security researchers can get a better idea of how it works.

Administrators with Cisco Systems SD-WAN vManage application are urged to update it to the latest version. It closes a critical vulnerability that could allow an attacker to retrieve or alter configuration information.

Finally, government promises are worthless if there isn’t an implementation plan. Which is why Thursday’s White House announcement of an implementation plan for the U.S. National Cybersecurity Strategy is important. The strategy was announced in March. The implementation plan gives federal agencies a timeline for action to be completed. For example, updating the U.S. National Cyber Incident Response Plan is due in late 2024. It will have clear guidance to third parties on the roles and capabilities of federal agencies in incident response. The Office of the National Cyber Director has to create a National Cyber Workforce and Education Strategy by early next year.

That’s it for now. But later today the Week in Review edition of the podcast will be out. Guest commentator Terry Cutler of Montreal’s Cyology Labs will join to talk about recent news.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.