A patch warning from ConnectWise, the latest ransomware news, and more.
Welcome to Cyber Security Today. It’s Wednesday, February 21st, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
 |
 |
 |
Business applications provider ConnectWise is urging IT administrators to take quick action to patch two critical vulnerabilities. They are in on-premise versions of ScreenConnect, which is used by help desks for remote computer control. The vulnerabilities could allow an attacker to execute remote code on systems, or directly impact confidential data or critical systems. The holes affect ScreenConnect versions 23.9.7 and earlier.
As cybersecurity pros around the world celebrated the takedown this week of the LockBit ransomware gang’s infrastructure there was also some sobering news: Ransomware attacks continue. German infrastructure management provider PSI Software SE said it was hit by ransomware last week. IT systems including email were taken offline. The company says no PSI customer installations have been compromised. And a Pennsylvania county said it paid an unnamed ransomware gang nearly US$350,000 in cryptocurrency to get access back to scrambled data.
Researchers at Arctic Wolf looked at data from responding to customers last year and figured your firm is much more likely to be hit by a business email compromise attack — where an employee is tricked into sending money to a threat actor — than ransomware. On the other hand firms hit by ransomware are 15 times more likely to have to undergo an incident response investigation than those victimized by business email compromise scams.
The report also confirms — again — that two strategies can lower the risk of a successful cyber attack: enforcing robust identity controls through identity and access management, and setting priorities for patching the most vulnerable systems.
Here’s more from the report: Want to get or retain cyber insurance? Insurers are looking for three things: Do you monitor your cloud assets for security, do you have logging and network monitoring, and do you have a privileged access management process.
Colorado’s Department of Health Care Planning has updated the number of employees who are victims of the hack of the department’s MOVEit file transfer server. The number originally was just over 4 million current and former staff. Now it’s 4.6 million people. Data on an estimated 94 million people from over 2,700 organizations with MOVEit on-prem or cloud services have been stolen since the end of May last year.
Threat actors are increasingly using a phishing kit called Greatness in attempts to trick Microsoft 365 users into clicking on malicious attachments. The goal, say researchers at Trustwave, is to steal login credentials. Microsoft 365 is a popular cloud business productivity suite so it’s regularly targeted by attackers. The Greatness platform allows a threat actor to insert an attachment to phishing messages that capture usernames and passwords. If the user’s system requires multifactor authentication, the Greatness platform can prompt the victim to enter the codes sent to their smartphones or emails. This particular kit is a phishing-as-a-service offering, so almost any crook can sign up. The cost: US$120 a month in Bitcoin.
Speaking of phishing, the most likely email scams that employees will fall for have a theme of an unpaid invoice or payment coming. That’s according to researchers at Abnormal Security. They looked at customer data of employees fooled by phishing lures into entering their login credentials. Just over 18 per cent of emails had themes that money was owed or is coming. Other scams that worked encourage document sharing, such as ‘Please review these documents’; emails saying there’s an unread or new message; emails saying action is quickly needed; and messages claiming an email or some sort of account has expired. As part of employee security awareness training your staff should be reminded of these tricks.
Attention IT administrators using the Redis in-memory data structure as a database, streaming engine or mesage broker: There’s a new attack you need to be aware of. Researchers at Cado Security have discovered new malware that will install cryptomining software on Redis servers. The report doesn’t say exactly how a system is initially compromised, but the result is a disabling of Redis safety configurations so the attacker can send commands to the server. One way administrators can defend against this kind of attack is to regularly watch their Redis server configurations for signs of change.
Finally, the European Commission says TikTok may not be doing enough to protect minors from harmful content. An investigation was announced on Monday into possible violations of the EU Digital Services Act. That includes whether TikTok’s algorithms result in an addictive design that affects physical or mental well-being or encourages radicalization. The Digital Services Act requires service providers to put in place measures that ensure a high level of privacy, safety and security for minors.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
