Nova Scotia details MOVEit victims, a new ransomware strain found and more
Welcome to Cyber Security Today. It’s Friday, September 22nd., 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
The number of North Americans impacted by the theft of personal data by the exploitation of the vulnerability in MOVEit file transfer servers keeps climbing. On Thursday the province of Nova Scotia said the sensitive personal data of 165,000 people — which is roughly 16 per cent of the population — was stolen when a hacker exploited a vulnerability in its MOVEit servers at the end of May. So far the province has paid $2.8 million to give those victims five years of credit monitoring. Researchers at Emsisoft calculate just under 1,200 organizations worldwide were hit either directly or indirectly through companies that processed their data. Data on perhaps as many as 56 million people are in the hands of the Clop ransomware group, which discovered the vulnerability.
A new ransomware variant distributed by the BlackCat/AlphV gang has been spotted. Sophos calls it Sphynx. In one case the attacker was able to use the ransomware to encrypt an organization’s data stored in the cloud on Microsoft Azure. Briefly here’s how they did it: First, they were somehow able to hack into an employee’s LastPass password manager through the app’s browser extension. That got them the employee’s one-time password for accessing their Sophos Central account. It managed the company’s Sophos products for defence. With that access the attacker could modify security policies to get access to the Azure data storage. One lesson: Multifactor authentication isn’t a complete defence against cyber attacks. The IT and security team also has to constantly watch for suspicious network activity.
Earlier this week I moderated a panel discussion at the Swift network’s SIBOs conference in Toronto. One of the questions was is there a ransomware crisis. Terry Cutler will have thoughts in the Week in Review podcast which will be out later today. But here are numbers released this week by Trend Micro for you to think about: The number of victim organizations claimed by ransomware groups in the first half of this year was 1,999. That’s 45 per cent more than the same period in 2022.
Corporate and IT leaders should consider this: In the first half of this year businesses with 200 or fewer employees made up the biggest number of victims of the top three ransomware groups.
Apple released three security updates on Thursday to patch several zero day vulnerabilities. iPhone, iPad, Apple Watch and Mac users should make sure they have the latest patches.
Finally, last May I told listeners about a scam using PayPal’s free business invoicing service to fool people about a fake firefighter funding drive. Crooks continue to take advantage of PayPal’s generosity. Researchers at Netcraft have come across another version of this scam. A victim recieves an invoice purporting to be from PayPal claiming money is owed for for a purchase. The surprised victim has the option of paying or calling customer support. That’s the real goal. A fake PayPal employee will try to convince the protesting victim to install remote access software so they can look on their computer, or trick the victim into sending the crook money. Don’t fall for this scam. One tip-off: The person who sent the email is someone or a business you’ve never heard of. Another is if you click on the email address of the sender it shows the PayPal account is registered to a free email service like Gmail.
Later today the Week in Review podcast will be available. Guest commentator Terry Cutler of Cyology Labs will join me to discuss the ransomware attack on MGM Resorts, denial of service attacks and more.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.