The latest ransomware news, and more.
Welcome to Cyber Security Today. It’s Wednesday, August 9th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
 |
 |
 |
Today’s podcast starts with three reports on ransomware:
Ransomware gangs are increasingly finding or buying zero and one-day vulnerabilities. That’s according to an analysis of recent attacks by researchers at Akamai. The report also notes that it’s not uncommon for the same victim organization to be attacked twice by different ransomware groups. While a victim firm is distracted from mediating the initial attack, other ransomware groups that are scanning for potential targets will take advantage. The report also notes that unpatched Log4Shell and Microsoft Exchange Server ProxyLogon vulnerabilities — both two years old — are still being exploited by ransomware gangs.
What can IT security teams do? What experts have been saying for years: Isolate critical systems through network segregation; limit user access to those systems; keep all software, firmware and operating systems patched with the latest security updates; and invest in regular employee security awareness training.
Here’s an odd trend in ransomware: Gangs that use leaked ransomware code to build their own variants demand significantly less from victims than from bigger groups. That’s according to researchers at Cisco Systems. Over the past three years there have been leaks by anonymous people of ransomware source code. Maybe they come from competitors. Maybe they come from white hat hackers. In some cases a gang leaks its code or builder deliberately. Whatever the reason, it has allowed new families like MortalKombat, RA Group, RTM Locker, ESXiArgs, Chaos 4 and others to emerge. The thing is, say the researchers, the crooks behind these repurposed strains are demanding a lot less from victims than established gangs to get access to encrypted data back — like a couple of thousand dollars in Bitcoin versus millions. Ultimately to the victim firm it doesn’t matter — their data is still stolen. And if they pay even a small amount, it just encourages the crooks.
A ransomware gang called TargetCompany is using fully undetectable packers in their binaries to evade detection. That’s according to researchers at Trend Micro. Those behind this strain focus on exploiting vulnerable SQL servers. After initially installing the Remcos backdoor, the attackers download the TargetCompany ransomware wrapped in an undetectable or FUD packer. Defenders are warned to watch for signs of these packers through unusual network behaviour.
CardioComm Solutions, a Canadian provider of heart monitoring technologies, is still recovering from a cybersecurity incident last week. When I checked Tuesday the company’s full website was still unavailable. A request for the latest status had not been answered by the time the podcast was recorded late yesterday afternoon.
SAP has released 20 security patches. These include two new HotNews notes and eight High Priority notes. One HotNews note has a CVSS score of 9.8. The patch fixes two vulnerabilities in SAP Power Designer. It affects customers who have the PowerDesigner Client connecting to the shared model repository through a PowerDesigner Proxy. Another patch deals an improper Authorization Check vulnerability in SAP Message Service. Researchers at Onapsis say this issue may affect the majority of SAP customers.
I reported earlier on a vulnerability in the PaperCut print management software. Well, updates are now available for PaperCut NG and MF.
Chinese military hackers compromised Japan’s classified defence network as far back as 2020, the Washington Post reported on Monday. The U.S. National Security Agency made the discovery, which notified the Japanese in hopes they would take swift action. But a year later the intruders still had access. Since then Japan has boosted government cybersecurity spending, the news story says.
In the United Kingdom, the Electoral Commission says the names and addresses of anyone who registered to vote between 2014 and 2022 — which could be tens of millions of people — were copied by an unknown attacker in August, 2021. In addition, the hackers got into the commission’s email system. The breach was only discovered just over a year later.
Finally, yesterday was Microsoft Patch Tuesday for August. The security updates address 74 vulnerabilities, six of which are classified as critical. One of them is in Exchange Server, two are in Microsoft Teams and three are in Microsoft Message Queuing Service. The zero-day hole is in .NET and Visual Studio. Also released for those who need it were Windows 10 and 11 cumulative updates for the second half of 2022.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
