Maze ransomware gang says goodbye, more security updates released and GrowDiaries’ database exposed.
Welcome to Cyber Security Today. It’s Wednesday November 4th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
The operator of the Maze ransomware web site says the gang is calling it quits. Maze pioneered the double-squeeze strategy of stealing data and threatening to publicly release it as well as encrypting data to blackmail victim organizations. But suddenly a press release on their site appeared in broken English saying the Maze Team Project is “officially closed.” It goes on to say “the Maze cartel was never exists and is not existing now. It can be found only inside the heads of the journalists who wrote about it.” The statement suggests Maze was set up to teach organizations a lesson in cybersecurity. Well, the organizations that paid to get their data back would argue the purpose was criminal: To get money. Security researchers aren’t sure if those behind Maze are cashing in, changing their attack software, just getting new partners or are running from police. It doesn’t matter. Ransomware and other cyber attacks will continue. Organizations still need to be prepared.
Some security software updates to tell you about:
–Last week I told you that Oracle had released a security patch for its WebLogic Server as part of its October software updates. On Monday it issued another security patch for a different vulnerability. IT administrators who use this software should make sure both patches are installed;
–Oracle administrators should make sure all of those October patches are installed. According to security firm FireEye, a hacker is exploiting a vulnerability in the Oracle Solaris operating systems. This particular hacker is skilled at breaking into one company and using that door to get into others;
–IT administrators using the SaltStack infrastructure management solution should install the latest patch from VMware if they haven’t done so already. These fixes have been quietly available for several months;
–Adobe has released security updates for Acrobat and Acrobat Reader that should be installed as soon as possible. Attackers often use infected Acrobat documents to install malware;
–And Google has issued a new fix for the Chrome browser.
I often talk about the importance of securing databases of important information with passwords, especially if the databases can be accessed from the internet. But how organizations store and protect those passwords is also vital. If they are stored in plaintext, there is no protection from a hacker. Use an outdated password protection algorithm that can be cracked and there is no protection. That’s what happened at an online forum for cannabis growers called GrowDiaries. Security researcher Bob Diachenko says he discovered an unprotected database with usernames, email addresses and account passwords of perhaps a million GrowDiaries users. The passwords were encrypted using a technique called hashing. But, the hash used an outdated algorithm called MD5. If a hacker found the database and cracked the passwords the email addresses could be used for spam. GrowDiaries members should change their passwords just in case.
There’s another angle to this: The database Diachenko found was compiled by using a tool called Elasticsearch. Elasticsearch is a search engine used by authorized employees, including IT staff, to search for data across many databases and files in a company. To manage Elasticsearch data IT staff use a tool called Kibana. But Kibana has to be password-protected or blocked from the internet. In this case it wasn’t, which is how Diachenko found the database. This incident is another reminder to managers that data security is complex and requires strict security processes to be taught and followed.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals.
Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon