Ransomware threat increases, no one getting high on this data theft and who’s the good guy taking down a botnet?
Welcome to Cyber Security Today. It’s Friday January 24th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
It’s more important than ever that companies take the threat of ransomware seriously and protect their data. That’s because criminals are not merely scrambling data and demanding money for the key to unlock it, they’re also stealing data before encryption and threatening to release it unless they’re paid. According to the news site Bleeping Computer, one of the most recent victims is a German-based global automotive parts company called Gedia Automotive Group. The attackers are threatening to release company product drawings, as well as data on employees and customers. This week a separate criminal group made good on their threat and released data from a U.S. medical diagnostic laboratory called MDLab and an American wire and cable manufacturer. One of the best ways to fight ransomware — or any data theft — is for private and public sector organizations to encrypt sensitive data on their own. That way thieves only get scrambled data. Yes, encrypting most of your data can be expensive. But it’s worth it. Remember, first the organization has to find all sensitive data. Many leaders think it’s all on one or two main servers. However, employees may legitimately have copies on other servers for legitimate reasons like data analysis. Managers have to make sure all copies are found.
Some people in the U.S. are getting high on the ability to legally buy cannabis in a number of states. Well, they may be feeling down after news that the personal data of 30,000 buyers was left unsecured on the Internet and open to being copied. Privacy researchers found the open database belonging to a company called THSuite, which sells software used to run cash registers at marijuana dispensaries in Maryland, Ohio and Colorado. In some states marijuana can only be sold for medicinal purposes, so some of the data not only included customers names, addresses and email addresses, it also included their medical ID number. There were also scanned government and employee IDs, and store sales data. It isn’t clear from the news story how long the data was open, but it was discovered just before Christmas and it took to January 14th for the company to secure the database.
Two of this year’s biggest sporting events will be the Olympic Games in Tokyo and the Euro Cup soccer tournament. But if you bought tickets recently online from two resellers, your payment card information may have been stolen. Two security investigators found evidence that the web sites of OlympicTickets2020.com and EuroTickets2020.com were compromised to skim off card data of buyers. In the case of the Olympic Tickets web site, the compromise could date back to December, while the Euro Tickets site may have been compromised during the first two weeks of this month. Anyone who bought tickets on these sites should watch their credit card statements,
Finally, I’ve told you about a botnet, which is a chain of thousands of unsuspecting infected devices like computers and routers being used to spread malware and spam around the world. Well, something odd has happened to one that security researchers call Phorpiex. The ZDNet news service reports researchers are hearing the Phorpiex malware on some infected machines is being deleted, seemingly by remote command. And users of those computers are getting a popup message to install antivirus software. That, of course, helpfully, would scan and find evidence of infections. Who would do this? One theory is a law enforcement agency or a good guy security researcher has taken over the botnet. Another theory is a rival criminal gang has hacked the botnet. Whoever, it seems initially someone has done a good deed.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon