{"id":20329,"date":"2022-02-25T09:17:38","date_gmt":"2022-02-25T13:17:38","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=474411"},"modified":"2022-03-14T13:01:44","modified_gmt":"2022-03-14T17:01:44","slug":"cyber-security-today-feb-25-2022-a-new-ransomware-strain-found-watch-for-double-backdoors-a-new-sextortion-tactic-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-feb-25-2022-a-new-ransomware-strain-found-watch-for-double-backdoors-a-new-sextortion-tactic-and-more\/","title":{"rendered":"Cyber Security Today, Feb. 25, 2022 \u2013 A new ransomware strain found, watch for double backdoors, a new sextortion tactic and more"},"content":{"rendered":"<p>A new ransomware strain found, watch for double backdoors, a new sextortion tactic and more<\/p>\n<p>Welcome to Cyber Security Today. It\u2019s Friday, February 25th. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<br \/>\n<iframe loading=\"lazy\" style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/22246922\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\"  rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\"  rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\"  rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>A new ransomware strain<\/strong> has been spotted.<a href=\"https:\/\/news.sophos.com\/en-us\/2022\/02\/23\/dridex-bots-deliver-entropy-ransomware-in-recent-attacks\/\"  rel=\"noopener\"> Researchers at Sophos have dubbed it Entropy<\/a>. The significant thing I found in the report was how the attackers first got into victims\u2019 IT systems. In one case they exploited a known vulnerability in a Microsoft Exchange Server called ProxyShell. In the second case an employee clicked on a malicious email attachment that led to the delivery of the Dridex malware and ultimately the ransomware. There\u2019s two lessons here: In both cases attackers took advantage of vulnerable Windows systems that lacked current patches and updates. That\u2019s why fast patching is vital. And if employees had been required to use multifactor authentication it would have made things harder for the attackers.<\/p>\n<p><strong>The installation of a backdoor<\/strong> into IT networks by hackers isn\u2019t new. But <a href=\"https:\/\/unit42.paloaltonetworks.com\/sockdetour\/\"  rel=\"noopener\">researchers at Palo Alto Networks have discovered something that is:<\/a> Installing a backup backdoor in case the primary one is removed. The researchers dub this secondary backdoor SockDetour because it hijacks the internet connection of an existing network socket. As a result it\u2019s hard to detect. The hacker or hackers using this tool may be associated with an attack campaign that\u2019s been going on against organizations in the technology, energy, healthcare, education, finance and defence sectors. In one case the server that hosted a SockDetour backdoor was a compromised storage devices from QNAP. One defence: Keep Windows servers up to date with the latest patches. Some anti-malware software may detect this backdoor running in memory.<\/p>\n<p><strong>Hackers are sending<\/strong> threatening sextortion emails to people in France. The message claims to be from a government agency that has video evidence of a victim\u2019s visits to a porn site. It demands payment of a fine. This uses a tactic that attackers may try in other countries: <a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/02\/21\/french-cybercriminals-using-sextortion-scams-with-no-text-or-links\/\"  rel=\"noopener\">Embedding an image of a fake but official-looking government document<\/a> that isn\u2019t detected by email spam filters. Threatening email messages should be reported to police.<\/p>\n<p><strong>Finally,<\/strong> owners of recent Samsung Galaxy S-series smartphones should make sure the devices have the latest security updates. T<a href=\"https:\/\/www.theregister.com\/2022\/02\/23\/samsung_encryption_phones\/\"  rel=\"noopener\">his comes after Israeli researchers said they found Samsung<\/a> didn\u2019t properly implement encryption protection. Fortunately, the researchers told Samsung about this over a year ago and patches were released last August and October. If you haven\u2019t installed updates in a while, your data and communications may have been at risk.<\/p>\n<p>Don\u2019t forget later today the Week in Review podcast will be out. Today\u2019s guest commentator is ransomware expert Brett Callow of Emsisoft.<\/p>\n<p>Remember links to details about podcast stories are in the text version at ITWorldCanada.com.<\/p>\n<p>You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-feb-25-2022-a-new-ransomware-strain-found-watch-for-double-backdoors-a-new-sextortion-tactic-and-more\/474411\">Cyber Security Today, Feb. 25, 2022 \u2013 A new ransomware strain found, watch for double backdoors, a new sextortion tactic and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new ransomware strain found, watch for double backdoors, a new sextortion tactic and an alert to Samsung Galaxy smartphone owners<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-feb-25-2022-a-new-ransomware-strain-found-watch-for-double-backdoors-a-new-sextortion-tactic-and-more\/474411\">Cyber Security Today, Feb. 25, 2022 \u2013 A new ransomware strain found, watch for double backdoors, a new sextortion tactic and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389,388],"class_list":["post-20329","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today","tag-privacy-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/20329","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=20329"}],"version-history":[{"count":1,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/20329\/revisions"}],"predecessor-version":[{"id":20330,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/20329\/revisions\/20330"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=20329"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=20329"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=20329"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}