How a Spanish cellular carrier’s network was knocked offline, and more.
Welcome to Cyber Security Today. It’s Monday, January 8th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
 |
 |
 |
Despite all the money organizations spend on cybersecurity, some continue to shoot themselves by ignoring basic cybersecurity practices. The latest example is last week’s compromise of cellular carrier Orange Spain. How was it done? A threat actor infiltrated the computer of an administrator and stole their login credentials to a regional IP network co-ordination centre called RIPE. Never mind the administrator’s password was ‘ripeadmin,‘ which could have been guessed. Worse is that — according to researcher Kevin Beaumont — this IP network account wasn’t protected with multifactor authentication. Let me repeat that: Login to a service that looks after internet routing of a telecommunications provider had no multifactor authentication protection. By the way, the stolen administrator credential had been available for sale on a criminal marketplace since last August to any threat actor. It isn’t known how the admin’s computer was compromised so the password could be stolen. But they likely fell for a phishing or social media scam, which allowed malware to be planted on their machine. Fortunately all that happened was Orange Spain customers lost connectivity for several hours.
Meanwhile, all telecommunications providers in Europe, the Middle East and Asia that use the RIPE network should note there are thousands of stolen credentials for accessing this system being sold on dark web marketplaces. You have been warned.
A midwife service for expectant mothers in Southern Ontario is notifying women it suffered a data breach last April. CBC News says Midwives of Windsor is telling clients that one of its email accounts was compromised. An unknown number of names, mailing addresses, phone numbers, dates of birth and other personal information of mothers and children may have been copied.
Someone was able to compromise the flight information displays at Beirut International Airport on Sunday and post anti-Hezbollah messages. Hezbollah is an Islamist political party and militant group in the country. According to the Associated Press, those in the airport hoping to see departure and arrival times instead saw a message accusing Hezbollah of putting Lebanon at risk of an all-out war with Israel.
Some organizations are already implementing solutions to protect their encrypted applications from future quantum computer attacks. However, researchers are warning one solution already has a vulnerability that has to be patched. The solution is CRYSTALS, a set of algorithms approved by the National Institute of Standards and Technology (NIST). Within CRYSTALS is a security key encapsulation mechanism called Kyber, and that’s where the problem is. According to Bleeping Computer, researchers found Kyber has two vulnerabilities. One was patched on December 1st, the other on December 30th. If your application uses Kyber as part of its CRYSTALS solution this has to be looked after.
And by the way, if your application handles encrypted sensitive or financial data you need to be investigating quantum-safe solutions now before quantum computers can unscramble them.
Pharmaceutical manufacturer Merck & Co. has reached a settlement with insurers over hundreds of millions of dollars it was claiming for damages in the 2017 NotPetya cyber attack. You may recall that was the cyber attack aimed at Ukraine by compromising an accounting program used in that country. But the destructive worm escaped to ravage unpatched Windows computers around the world, including Merck’s systems. A New Jersey appeal court ruled insurers had to pay Merck about US$700 million for computer damages the company suffered. Last week the insurers were about to fight that decision before the New Jersey Supreme Court. But Bloomberg Law says there was a last-minute settlement. The terms of that settlement are confidential. The appeal court ruled the insurers had to pay under Merck’s all risks property coverage. While the policies basically said there was no payout for damages caused by war-like actions, the appeal court said the wording only applied to traditional forms of war and not cyber attacks. The language for insurance policies is tighter these days.
Five years ago the U.S. seized control and laid charges in the operation of the online xDedic criminal marketplace. Last week the government said its investigation has peaked. Seventeen people were charged. All were convicted. Eleven got sentences ranging from 78 to 12 months in prison. One was sentenced to five years probation. Five others are awaiting sentencing. The marketplace sold stolen login credentials to more than 700,000 servers around the world as well as stolen personal information.
A New York State healthcare provider has agreed to pay US$450,000 and spend US$1.2 million to strengthen its cybersecurity following a ransomware attack two years ago. An attacker claiming to be the Lorenz ransomware gang accessed the data of 250,000 people held by Rafuah Health Centre. New York’s attorney general’s office found the health centre failed to encrypt patient information, failed to use multifactor authentication to protect logins, failed to decommission inactive user accounts, failed to rotate user account credentials and failed to restrict employee’s access to data to only those who needed it..
A San Francisco law firm that specializes in technology now says the personal information of over 630,000 people was copied in a cyber attack it suffered early last year. Originally the firm of Orrick, Herrington & Sutcliffe LLP reported to Maine’s attorney general’s office that 152,000 people were impacted. Then the number rose to 461,000. The attacker got into a file share where certain client files were stored including emails and email attachments. Stolen data could have included peoples’ names, dates of birth, Social Security numbers, government-issued identification numbers, passport numbers, financial account information, medical information and more. Last month the law firm reached a proposed settlement in a class action suit stemming from the data breach.
Finally, do you have an idea of how to detect the use of voice cloning for audio and video crimes? You have until Friday to submit a solution to the U.S. Federal Trade Commission. It’s running a contest to find ways of stopping threat actors from defrauding victims or spreading disinformation. Voice cloning uses text-to-speech technology originally developed to help people who have lost their voices from accidents or illness. But crooks are using it to impersonate people. The contest winner gets US$25,000.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
