Ransomware dilemma, huge cache of personal information found, FBI warning to auto industry and more
Welcome to Cyber Security Today. It’s Monday November 25th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
When a company or individual is hit with ransomware, sometimes the attacker copies the data before it’s scrambled. Then the attacker make a threat: Pay up or I throw all your data on the Internet for anyone to see. That poses a big dilemma, especially to a company. Is it an idle threat? Not for one firm. According to news site Bleeping Computer, data from a U.S. security guard and services firm called Allied Universal begun appearing on the Internet after it apparently refused to pay a $2.3 million ransom. If you’ve ever wondered why some companies pay ransoms, there are three reasons: One, they don’t have good backups. Two, it would cost more to restore data and clean hundreds of computers and severs than to pay a ransom — particularly if they can negotiate the ransom down. And three, they didn’t encrypt their data. So companies, if you have sensitive data why aren’t you encrypting it?
Like a good mystery? Here’s one: Who’s behind the collection of 1.2 billion records of personal information sitting open on the Internet and found recently by two security researchers? News of the discovery came out late last week. Someone or company collected all that data — names, addresses, phone numbers as well as LinkedIn and Facebook profile information — and left it on a server. Was it information stolen by hackers? Maybe. But there’s another theory: It’s a pile of information initially assembled legally by data brokers. Data brokers have lists of information they sell to marketing and advertising companies gathered from Websites and stores where you’ve given permission, or personal information that’s easily obtained. Like LinkedIn profiles that are open for everyone to see. Here’s why I mention data brokers: That cache of 1.2 billion records includes four databases with short names that could stand for the names of two known U.S. data brokers. Both companies denied that they owned the open server that the researchers found. But the data itself looks like the stuff marketed by those companies. So, were those records stolen, or do they belong to a company that legally bought or obtained the data and was merely careless in protecting it? The only good thing is there was no really sensitive data found, like passwords or credit card numbers. That makes me lean towards a clumsy company employee. However, a criminal would like a lot of personal profile information, the better to mount targeted phishing attacks.
By the way, Canada’s privacy commissioner is investigating the data broker industry here, and how it collects and protects personal information it holds. Of course, if a customer has lax data security that’s not the data brokers’ problem. Still, we look forward to seeing that report.
An American judge has given a four-year prison sentence to a man who created malware for stealing bank login passwords and money from victims’ bank accounts. The man, Stanislav Lisov, a Russian citizen, had been arrested in Spain in 2017 and extradited to the U.S. The malware was spread around the world through a network of infected computers called a botnet, which had lists of 1.7 million stolen usernames and passwords, which were used to break into victims’ computers. The malware then detected when they logged into a financial institution. Lisov was also ordered to pay $481,000 in restitution.
The FBI has quietly warned the U.S. auto industry to expect more hacking attempts. According to a news report, cyber attacks against this sector have been going up since late 2018. Why? Because they have a lot of customer data. This trend will only increase with the increasing sales of Internet-connected vehicles. This year attackers broke into a company through its employee login portal, the FBI says, stole employee passwords to get at data at another firm by exploiting unpatched software and stung executives at another firm through phishing email with malicious attachments. They also tricked officials into phony money transfers. Another trick was to break into the email accounts of several people and change settings so messages were automatically copied and forwarded to the hacker. The FBI advises the auto industry — and all companies — to do the security basics: This includes security awareness training, making sure computers and servers are patched, and making employees use multifactor authentication to log into systems.
Security on Twitter has gotten a bit better. If you wanted two-factor authentication on your account, the special code had to be sent to a standard text messaging app. That’s not completely secure, particularly if a thief can clone your smartphone. Now you can use a special secure app like Google Authenticator, LastPass Authenticator, Microsoft Authenticator or Authy. Or you can use a security key.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.