More SolarWinds news, UK law will tighten consumer internet device security and a warning to QNAP storage users.
Welcome to Cyber Security Today. It’s Friday April 23rd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
The number of organizations hit after the compromise of SolarWinds’ Orion network monitoring software last year may be more than originally thought. Security company RiskIQ took a closer look at the scheme and found 18 more servers for command and control than investigators first found. These servers would be used to distribute malware to compromised Orion installations. It was thought that of the 18,000 organizations that downloaded the compromised Orion security update perhaps 100 around the world had their systems hacked. But with the discovery that more servers were involved in the scheme there may be more victim organizations. The U.S., Canada and other countries say Russia’s intelligence service is responsible for the Orion compromise.
If your organization is going to create an app for its products the software had better be secure. According to a security researcher, until recently the app and website for tractor maker John Deere wasn’t. The researcher told Vice.com the vulnerabilities could have exposed data about John Deere customers including names, addresses, the equipment’s ID number and its vehicle ID number. The company has fixed the vulnerabilities, which it called “code misconfigurations.”
Many internet-connected consumer devices have poor security, including weak default passwords. In an effort to increase the cybersecurity of devices sold in the United Kingdom, the government this week promised new legislation with minimum product security requirements. No consumer-connected product will be allowed to be sold unless it has basic cybersecurity measures. These include a ban on default and easily guessable default passwords, having a way device owners can report vulnerabilities to the manufacturer and stating how long security updates will be available for a product. The government will create an enforcement authority to back up the law. It would apply to almost everything except laptops. There is no date on when legislation will be introduced.
CORRECTION: The original version wrongly said smartphones would be exempt from proposed regulation.
Attention owners of QNAP network-attached storage devices: You need to install the latest security patches. They close serious vulnerabilities that could allow the devices to be taken over, resulting in stolen data or scrambled data from ransomware. A ransomware campaign aimed at QNAP devices was detected this week. QNAP warns that if a device’s files have been encrypted already it should not be rebooted. Instead QNAP’s malware scanner should be run, then technical support should be contacted.
Lots of people use the Telegram instant messaging app. So do crooks, and not just for talking to each other. According to a report this week from Check Point Software, Telegram is increasingly being used for command and control over the automated distribution of malware. It works like this: A victim clicks on an email link and gets infected with a piece of malware. This in turn communicates silently with an automated Telegram service and begins stealing data from the victim’s computer or smartphone. Individuals should, as always, be careful with email attachments, particularly if the file has your name on it. IT managers in firms should be suspicious of traffic that goes to Telegram, particularly if it isn’t an approved company application.
That’s it for now. Don’t forget later this afternoon the Week In Review edition will be available. This week guest commentator Terry Cutler and I will discuss insider threats and how to lower the risk your organization will be a victim.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon