Cyber Security Today, July 14, 2023 – Ransomware payments are up, Google is squeezing bad Android developers, and more

Share post:

Ransomware payments are up, Google is squeezing bad Android developers, and more.

Welcome to Cyber Security Today. It’s Friday, July 14th 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Ransomware gangs have pulled in almost US$450 million in the first six months of this year, considerabily more than the same period last year. That’s according to researchers at Chainalysis, who looked at cryptocurrency transaction flows to illicit web addresses. If the trend keeps up, the researchers predict 2023 will be the second biggest year for ransomware. That was in 2021, when US$940 million went into IP addresses controlled by gangs. Then there was a drop last year before going up this year. Why? It seems more gangs are going after big targets this year than they did in 2022. And the number of successful attacks on small organizations is also up.

The good news? Flows from other cryptocurrency-related crimes like scams are sharply down so far this year. It suggests that efforts by cybersecurity firms and law enforcement going after gangs and infrastructure that support cryptocurrency payments is paying off.

Google is taking another step to make it harder for crooks to plant malicious Android applications in the Play store. Starting August 31st anyone creating a new Play Console developer account for an organization will have to provide what’s called a D-U-N-S number. That’s a nine-digit identifier assigned by Dunn & Bradstreet. That allows Google to verify information about a business. Each app will also have to show more information about the developer, including possibly the app’s support email address or phone number and other verified identity information.

Threat actors have access to another free tool. According to SecurityWeek, someone has leaked the source code for the BlackLotus bookit for Windows on the GitHub platform. This bootkit can be used to load unsigned drivers. One advantage of having access to the code, however, is security researchers can get a better idea of how it works.

Administrators with Cisco Systems SD-WAN vManage application are urged to update it to the latest version. It closes a critical vulnerability that could allow an attacker to retrieve or alter configuration information.

Finally, government promises are worthless if there isn’t an implementation plan. Which is why Thursday’s White House announcement of an implementation plan for the U.S. National Cybersecurity Strategy is important. The strategy was announced in March. The implementation plan gives federal agencies a timeline for action to be completed. For example, updating the U.S. National Cyber Incident Response Plan is due in late 2024. It will have clear guidance to third parties on the roles and capabilities of federal agencies in incident response. The Office of the National Cyber Director has to create a National Cyber Workforce and Education Strategy by early next year.

That’s it for now. But later today the Week in Review edition of the podcast will be out. Guest commentator Terry Cutler of Montreal’s Cyology Labs will join to talk about recent news.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, July 14, 2023 – Ransomware payments are up, Google is squeezing bad Android developers, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Leverage best research and psychology to increase cyber security training results: Cyber Security Today, the Weekend for October 5, 2024

Unveiling the Truth: Insights into Cyber Security Awareness and Phishing In a special crossover episode of Cyber Security Today...

OpenAI raises big money. But can it ever make money? Hashtag Trending for Friday, October 4, 2024

Hi, it’s Jim.  One more reminder about CDW Canada Tech Talks. If you’re passionate about technology and innovation,...

National Vulnerabiity Database facing a huge backlog, update on CIRA study and more: Cyber Security Today for Friday, October 4, 2024

Hi, it’s Jim. Before we get into today’s episode, I want to tell you about another fantastic podcast:...

Is Linux the future of AI? Hashtag Trending for Thursday, October 3, 2024

Hi, it’s Jim. Did you get a chance to check out CDW Canada Tech Talks. If you’re passionate...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways