Ransomware attack took only 8 hours, Peatix users should change passwords and MobileIron administrators reminded to install updates
Welcome to Cyber Security Today. It’s Wednesday November 25th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
IT and security teams used to have several weeks to detect a successful cyber attack before malware was launched. No longer. Some hackers can work faster. According to a service called The DFIR Report a threat group recently launched its ransomware package eight hours after first compromising an organization. The attackers got into the firm’s Windows domain controller by somehow knowing the username and password of the administrator. The report doesn’t say if the credentials were stolen or the administrator was tricked into giving them away. Regardless, the account wasn’t secured with two-factor authentication. And the account was senior enough that the attacker could move to other internal systems, which yielded their passwords. It seems like the security of this organization wasn’t very good because the attacker could disable security tools on systems. Some data files were also stolen. After only seven hours of looking around the ransomware was spread. The ransom note demanded about $88,000 in bitcoin.
A couple of lessons from this attack. Having passwords and some security like antivirus isn’t enough for any firm. Second, forcing two-factor authentication for all users is vital. Third, systems have to be set up to prevent an attacker doing what this one did — move across systems. Fourth, automated systems have to be installed to watch for suspicious activity on the IT network. And finally, every organization with valuable data needs an experienced IT security pro — either full time or an advisor — look over their entire system to see where the flaws are. Flaws like, ‘If someone can get into this system, can they get into that one?’ Cybersecurity takes time and money. If you don’t spend it then in eight hours you could be out of business.
Users of the Peatix event organizing mobile app are being warned to change their passwords after the company admitted its user database had been hacked. According to the ZDNet news service, which alerted the company earlier this month, names, email addresses and scrambled passwords of some 4.3 million users is available on several hacking forums. Peatix says there is no evidence payment information has been compromised. Nor is there evidence users historical data of events they participated in, such as concerts, was accessed. Still, the stolen email addresses could be used for phishing attacks so the company is warning users to be careful with email they receive, particularly from people claiming to be from Peatix that include links aimed at making them give up their passwords.
Some users of the Spotify music service have been quietly forced by the company to reset their passwords over several weeks this past summer after independent security researchers discovered something suspicious. The researchers at vpnMentor found a database on the Internet in July holding perhaps 300,000 valid Spotify login usernames, passwords, and email addresses. The news was withheld until now for security reasons. It isn’t known who took the time to assemble the database, or how long it may have been used. The Bleeping Computer news service noted that for years Spotify users have complained their passwords were changed by someone. The information in the database could have been used for that, or to trick Spotify subscribers for fraud or identity theft. Hackers could also have tried the username and password combinations on other sites. Which is why you should never use the same password more than once.
Finally, IT administrators whose firms use the MobileIron mobile management system are being warned to install the latest security patches to the system. These patches were released in June. But the United Kingdom’s National Cyber Security Centre is reminding organizations of the need to update MobileIron to the latest version after seeing recent successful attacks that exploited unpatched systems. Every organization needs a patch management process to make sure all software is up to date.
That’s it for Cyber Security Today. Links to details about these stories are in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals.
Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.