Cyber Security Today, September 21, 2022 – Spreading browser malware, Emotet botnet offers different ransomware, and more
Browser malware spreads, Emotet botnet offers different ransomware, and more.
Welcome to Cyber Security Today. Today is Wednesday, September 21, 2022. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
More malware circulating that infects browsers, according to researchers from VMware and Microsoft. VMware says it’s seeing a new version of an infection it calls ChromeLoader. An earlier version simply stole usernames and passwords from browsers. The latest version not only injects ads into browsers for click fraud but can also be used to spread different malware like ransomware. Often victims are infected by clicking on ads or files that promise pirated or cracked versions of games or software.
Microsoft said the victims of the malware he sees are affected when they click on a malicious advertisement or a link in a YouTube comment. IT security teams should warn employees about the risks of clicking and downloading files from sources promising free or pirated versions of games and software. IT departments and individuals should always ensure that the latest security updates for browsers are installed. Using a good antivirus or anti-malware is also essential.
American airlines admitted to having suffered a data breach in July. The Bleeping Computer news service says the airline has begun notifying customers that attackers may have copied employees’ and passengers’ personal information. This includes their names, mailing addresses, email addresses, phone numbers, driver’s license numbers, passport numbers, and possibly medical information. The airline said a “very small number” of victims were involved. He said the data came from the email accounts of several employees who were compromised after receiving a phishing message.
The Emotet botnet is now used to spread Quantum and BlackCat ransomware strains. Advanced Intelligence researchers said the botnet specializes in the Conti strain of malware. But after that gang disbanded in June, botnet officials found new ransomware to distribute. Typically, hackers create a package of phishing emails to send to victims. Those who click on the attachment are first infected with a Cobalt Strike beacon, which results in a computer network being taken over. From there, the attacker downloads ransomware.
In separate news, Bitdefender, Europol and the NoMoreRansom project have announced that a free decryptor for the LockerGoga ransomware strain is now available. You know you have been affected by this strain if the encrypted files have the “.locked” extension. The alleged operator of this strain has been detained pending trial.
To finish, NordVPN researchers looked at the popularity of Google searches that include the word “hack”. Nearly two million searches from 50 countries were analyzed. Fifty percent of Canadians who use this term were looking for “how to hack” Facebook, Instagram or WhatsApp. Other popular searches were how to hack Wi-Fi, Snapchat and Gmail. We don’t know who is doing the research or why. Are there a lot of people who want to break into other people’s apps? Is this research from people looking for ways to protect themselves against piracy? Are there millions more scammers than we suspect? Lots of unanswered questions.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.