More statistics on ransomware, infected Excel files, an exploited Chrome bug, and more
Welcome to Cyber Security Today. It’s Friday, March 25. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
ransomware payments hit a new record last year, according to a report this week from Palo Alto Networks. The average ransom demanded in cases the company’s incident response teams worked on jumped 144 percent last year to $2.2 million, while the average payout jumped 78 percent to just over $54,000. . These numbers are in US dollars. As usual, organizations in the United States were by far the most targeted, followed by Canada, the United Kingdom, France, and Germany.
also this week The FBI released its annual Internet Crime Report. Last year it received just over 3,700 ransomware complaints, with adjusted losses of more than $49.2 million. Of those complaints, 649 of the victims were US providers of critical infrastructure. The largest number were in the health field such as hospitals and clinics. The second largest were in the financial sector. Overall, the FBI received just over 847,000 reports of suspected Internet crimes. That’s a seven percent increase from 2020. Reported losses exceeded $6.9 billion.
These reports follow a ransomware survey of Canadian organizations published earlier this month by telecommunications provider Telus. On my Week in Review podcast this afternoon, I’ll discuss that report with a guest commentator.
in the meantime A town near Toronto reports that its phone and email networks are down due to a virus. A ransomware gang called Cuba claims on its website that it copied financial documents, correspondence with bank employees, tax documents, and more. I do not name the municipality because I have not been able to confirm the attack.
there’s a new wave malware that spreads via infected Microsoft Excel files. Security researchers at Morphisec Labs say the files contain a known Trojan called JSSLoader that allows a hacker to remotely access systems. As is often the case, the files are in email attachments. Victims who click on the file will see a pop-up asking for installation approval because the file does not include a security digital signature. If the victim approves a plugin, the file will be downloaded. It is imperative that staff are trained not to approve the installation of files or attachments that they have not requested.
Google updates regularly your Chrome browsers to close vulnerabilities, but sometimes it’s not fast enough. This week it acknowledged that two North Korean threat groups had exploited a hole that was patched on February 14 for more than a month. The groups targeted US-based organizations, including media outlets, domain registrars, web hosting companies, financial and cryptocurrency companies. Other companies and countries may have been attacked, says Google. Some targets received emails with bogus potential job opportunities claiming to come from recruiters at Disney, Google, and Oracle. Using the browser exploit, one of the goals was to fingerprint victims’ computer systems for future attacks.
Finally, In an age of citizen activism, it can be tempting for people to launch cyberattacks against one side or the other in the Russian-Ukrainian war. For example, on Monday’s podcast I mentioned an open source developer who inserted cleaning software into his application library with the goal of crashing the computers of people in Russia and Belarus who downloaded the package. However, Matt Olney, director of threat intelligence for Cisco Systems’ Talos intelligence service, has a caveat: A country doesn’t know if a cyberattack is coming from an individual or from another nation. A major cyber retaliation may not be the response that an individual, or her country, wants. There is a risk, he says he, of an escalation of the crisis. In my Week in Review podcast this afternoon, I’ll talk about another angle, the reputational risk of the open source software development community.
Remember that the links to details about the podcast stories are in the text version at ITWorldCanada.com.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts, or add us to your Flash Briefing on your smart speaker.