Remember this ransomware resource, a new ransomware strain updated and vulnerabilities in another Kaseya product.
Welcome to Cyber Security Today. It’s Wednesday July 28th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Every IT manager worries about dealing with a ransomware attack, both before and after. But there are lots of free resources from cybersecurity companies and governments. One celebrated its fifth anniversary this week: The No More Ransom Project. Started by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee, it helps victims of ransomware retrieve their encrypted data without having to pay criminals. You upload an encrypted file and the project sees if one of its 121 free tools can unscramble it. The tools can decrypt 151 ransomware families. That’s not all of them out there, but it’s a lot. However, this week an executive of one of the project’s partners noted that even after five years a lot of organizations haven’t heard of it. They paid ransoms perhaps unnecessarily. So, tuck this site into your incident response plan: www.nomoreransome.org. By the way, you do have an incident response plan, don’t you …?
More ransomware news: A new version of the LockBit strain has been seen. The Bleeping Computer news service reports LockBit can now leverage Microsoft’s Active Directory to automate the spread of the ransomware/ through group policies. This means its more important than ever for Windows administrators to lock down access to Active Directory, which is a prime target in any cyber attack.
An insurance firm called Coalition notes the monetary demands by ransomware gangs has gone up substantially this year. The average demand made to its policyholders in Canada and the U.S. over the first six months of the year went to $1.2 million, up from $450,000. The report also notes cybercrime of all types is increasing. For example, what police call business email compromises – where crooks convince an employee to wrongly transfer money – increased 51 per cent over the same period a year ago. Small and mid-size companies aren’t immune: Cyber claims from companies with 250 employees or less increased by 57 per cent this year over the first six months of last year. Most important for IT departments and chief executives to note is that the rush to send employees home to work has come at a cost: The rate of policyholders who experienced a claim due to remote desktop attacks increased to 40 per cent from 29 per cent over the same period a year ago.
Organizations need to understand their risk profile and then take proactive steps to reduce their risk, says the insurer.
Personal information of patients, employees and students who work for or were seen at the hospital of the University of California at San Diego have been stolen. UC San Diego Health said this week it happened when several employees fell for a phishing scam. The attackers may have copied the data over four months starting last December.
As customers of Kaseya’s VSA IT monitoring service recover from the effects of a ransomware attack earlier this month comes word of vulnerabilities in another of the company’s products. The Dutch Institute for Vulnerability Research says there are problems with Kaseya’s Unitrends cloud backup and disaster recovery service. Those running versions 10.5.2 and earlier should not expose them to the Internet until Kaseya issues a patch.
Finally, many organizations use open source applications in addition to or instead of buying commercial products. However, these can have vulnerabilities as well. This week security vendor Rapid 7 disclosed nine vulnerabilities in three open-source projects: The EspoCRM customer relationship management suite, the Pimcore customer data management platform and the Akaunting accounting software. Disclosure is being made now because patches for all three were released at least two months ago. By now administrators should have installed them.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.