Welcome to Cyber Security Today. It’s Monday January 24th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Once again administrators of WordPress installations are being warned that plugins have been compromised. The latest alert comes from researchers at a WordPress security provider called Jetpack. They say all WordPress plugins and themes from a provider called AccessPress contain suspicious code. AccessPress has acknowledged its websites were breached in September when a threat actor inserted a backdoor into extensions. The backdoors would give an attacker full control over a WordPress website. One report says 53 plugins and 40 themes were affected. Note that there’s no problem if the same extensions were downloaded from the WordPress.org directory.
Twitter’s head of security is no longer with the company, and its chief information security officer will be leaving in a couple of weeks. This is according to the New York Times. It’s one of a number of management changes that have come with new CEO Parag Agrawal. Both were hired after the 2020 compromise of Twitter accounts of celebrities. There’s lots of speculation on what the loss of these two men means.
On Friday I reported that the UniCC criminal website for selling stolen credit and debit cards had shut. There may be a reason why. According to the news site The Record, the alleged administrator was arrested by Russian police. However the Russian Tass news agency identified this individual as allegedly the founder of the Infraud Organization. Infraud, also a carding group, operated until 2018.
Some cyber insurance news to report: I’ve mentioned before that cyber insurance is harder to get. More evidence of that came in a memo published earlier this month by an Illinois public school district. It will pay just over $22,000 for cyber coverage this year. Last year it paid $6,661 — so this year’s coverage cost is a leap in one year of 334 per cent. By the way, what that insurance will cover is limited until the school district implements multifactor authentication to protect logins. That’s expected to be completed by the end of this quarter. Increasingly insurance companies are demanding customers implement things like multifactor authentication as a price of getting coverage.
Why are insurance rates soaring? Because of the number of cyber-related claims insurance companies are paying out. Here’s one of the latest: In December a New Jersey court dismissed an argument that the $1.4 billion in business interruption costs suffered by the pharmaceutical company Merck in the 2017 NotPetya malware attack was spread by Russia, and was therefore an act of war not covered by insurance. The court said under New Jersey law Merck’s all-risk policy covered all risks. The insurance company and Merck didn’t negotiate a clause excluding cyber attacks. The decision could be appealed.
Most experts believe the NotPetya worm was aimed at infecting organizations in Ukraine by compromising a computer tax program. However, it ended up spreading around the world.
Finally, lack of multifactor authentication was one of the biggest reasons why ransomware attacks succeeded last year, according to Cisco Systems’ Talos threat intelligence service. This comes from an analysis of the incident response calls it worked on last year. By the way, Cisco says it’s still hard to figure out how threat actors initially get into an organization because of deficiencies in the way IT departments log computer activities. IT managers should be warned. You’ll never figure out weaknesses without good log data.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.