Rubrik is the latest victim of the GoAnywhere MFT hack, 3 million Americans notified of a data leak, and more.
Welcome to Cyber Security Today. It’s Wednesday, March 15th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Another company has acknowledged being victimized by the compromise of the GoAnywhere managed file transfer service. Data protection provider Rubrik said Tuesday an unnamed attacker accessed one of its non-production IT testing servers through the hack. That server had sales information including customer names, business contact information and some purchase orders. No personal information or customer data was accessed, the company said. Nor was there a compromise of any other system. The Clop ransomware gang has taken credit for hacking GoAnywhere MFT.
Another company that uses third-party data trackers on its websites is telling customers of a data leak. In this case three million Americans who used a mental health online consulting provider called Cerebral are being notified some of their personal information may have been copied by companies like Google, Facebook, TikTok and others over the past three years depending on how they configured their devices and browsers. The data would have been exposed when they created a Cerebral account and if they completed an online mental health self-assessment.
Meanwhile over one million Americans are being notified by a manufacturer of medical equipment called Zoll Medical Corp. that their personal information may have been copied by a hacker. In a letter to victims the company says on January 28th it detected a cyber attack. Information accessed included peoples’ names, addresses, dates of birth and Social Security number. Zoll products include patient monitors, ventilators and wearable defibrillators.
Crooks are taking advantage of people’s worries about the failure of Silicon Valley Bank. According to a number of threat researchers, including the SANS Institute, there’s been an increase in phony email pitches relating to the incident. These may be email, text or voice messages pretending to be from a regulator or another financial institution. They may make an offer for the recipient’s business or a loan, or just a link to a document with supposed helpful information. Some will have links to websites that have the initials “svb” to make them look legitimate. Whatever the pitch the goal is to infect a victim’s computer or smartphone. So be wary of messages from unfamiliar sources with Silicon Valley Bank-related information.
Security experts have repeatedly warned that crooks take advantage of weakly-protected websites to launch attacks on other targets. The latest example of this comes from researchers at BlackBerry. They say the Russian-based group called Nobelium (or Cozy Bear) uses a compromised online library website in El Salvador to host infected documents. That document was supposed to be a Polish ambassador’s schedule for visiting the U.S. last month. An email message was sent to targeted people who’d be interested in the agenda. The gang hoped the legitimate-looking link to the agenda would fool email scanning defences and the recipient of the email. The same compromised library site hid a compromised document supposedly from the European Commission. These incidents are another reminder that organizations not only have to protect their sensitive data from compromise, they also have to protect all parts of their IT systems. For those who forgot, Nobelium is the group behind the SolarWinds Orion compromise.
Business email compromise scams continue to be a prime worry for organizations. The FBI said this week in its annual internet crime report it received over 21,000 complaints about this type of online fraud last year, with adjusted losses of over US$2.7 billion. This type of scam involves an attacker compromising an email account to convince a victim to transfer money to an account controlled by the crook. Often the crook pretends to be a legitimate business partner of the victim firm claiming there’s been a change in the bank account money is usually sent to. The FBI says firms need to put procedures in place to verify payments and purchase requests outside of email communications, which can be faked. Employees also need to be warned that phone numbers appearing on phone displays can be spoofed by crooks. Last year the FBI received more than 800,000 cybercrime-related complaints, with losses totaling over US$10 billion.
Attention teenagers: Sending intimate messages and images to someone is dangerous. It can lead to sextortion, which is another word for blackmail. This week Canada’s privacy commissioner issued short but pointed guidance on sexting: Don’t put things online unless you’re OK with everyone seeing it — your classmates, your family and a stranger thousands of miles away. Remember, your control over what’s on the internet stops with the ‘send’ key. When you hit ‘send’, it’s gone. There’s a link to the full advisory in the text version of this podcast at ITWorldCanada.com.
Finally, yesterday was Microsoft’s Patch Tuesday for March. There are about 80 Windows vulnerabilities that need looking after, particularly one in Outlook. Adobe also issued a critical patch for its Cold Fusion web development platform. And SAP issued 19 security notes, including five rated as Hot News.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.