Industry News

Companies that use certain Microsoft software products should take steps to ensure they’re protected against older vulnerabilities

By James Langton |

 

A new cybersecurity alert for the investment industry highlights a couple of the latest threats circulating online, including ransomware targeting Microsoft Corp.'s products and a cheap, new password-stealing tool.

According to the latest cybersecurity brief from the Financial Services Information Sharing and Analysis Center (FS-ISAC), the recent "Petya: malware attacks, "highlight the need for good cyberhygiene practices, including upgrading operating systems and timely patch management as well as participating in information sharing."

The report indicates that an analysis of these attacks, which occurred in late June, shows that the malware permanently encrypts data, effectively destroying it.

"Members should ensure that they are protected against older vulnerabilities in certain Microsoft software products," it says, noting that the attackers are using tools released by a group known as the "Shadow Brokers" and that Microsoft has released patches for these vulnerabilities.

"As a result of the new release of hacking tools that target closed networks as well as Internet activity, FS-ISAC recommends members review all published information related to these threats. This will help ensure they are protected, especially from campaigns using older vulnerabilities and targeting unsupported software," the report says.

The FS-ISAC has also released a tip sheet on ransomware that provides advice on isolating infected systems from networks, keeping operating systems and antivirus software up-to-date, testing backups in a real-world environment and reporting any ransomware to law enforcement.

The report also notes that researchers at Proofpoint have discovered a new malware tool named "Ovidiy Stealer," which is "an effective password-stealing tool that can snatch credentials from web browsers such as Opera and Google Chrome" that is being distributed as executable email attachments.

"The attacker, who goes by the name ‘TheBottle', also gets access to a web-based dashboard that provides updates on attack campaigns, reviews log files from infected computers and tech support from the malware's hacker," the report says. "Researchers state that the malware is not as advanced as others, but its low price of US$13 gives it potential to be a much more widespread threat."

The alert says that firms should take measures to prevent this malware from invading their systems, "such as ensuring all software and hardware have the latest patches, improve password policy to include longer length passwords that contain a combination of letters, numbers and special characters; implement two-factor authentication on all user accounts and blacklist/block the ‘ovidiystealer[.]ru' domain, which is utilized by the malware."

The Investment Industry Association of Canada — along with the U.S. Securities Industry and Financial Markets Association and the International Council of Securities Associations — provides the alert.

Photo copyright: beebright/123RF