Ransomware attacks on big targets, clutch your laptops, no updates from this Android app and more
Welcome to Cyber Security Today. It’s Wednesday May 13th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. There’s a lot of news today, so let’s get going.
Organizations continue to be unprepared for ransomware attacks. Among the latest: Package delivery service Pitney Bowes, which suffered its second ransomware attack in the past seven months. The company told the Bleeping Computer news service that it was able to stop files from being scrambled. However, some company and employee data were stolen by the group behind the attack. It is threatening to release that information unless Pitney pays up.
The state of Texas said last week its court system was hit. A spokesperson said the government was able to limit the impact by disabling its network. As of Tuesday the court website was still offline.
Diebold Nixdorf, which makes ATMs for banks and point of sale systems for retailers has admitted it was hit in April. It told cybersecurity reporter Brian Krebs that the attack only affected its corporate network. The story notes that this attack apparently began on a Saturday night. That’s common. After initially infecting a company computer network attackers wait until a weekend when few staff are around to trigger the infection so it will spread without many people being aware. IT managers should note that.
And attackers are threatening to release documents from a New York City law firm with celebrity clients like Lady Gaga, Drake and Madonna after a ransomware attack.
To get some perspective on ransomware a security firm called Sophos this week released a survey of 5,000 IT managers in 26 countries. Among the findings: Half of the respondents said their firms were hit last year. Of those about three-quarters of the attacks were successful. Just over 25 per cent of victims whose data was encrypted paid the ransom. But just over half of the victims didn’t have to pay because they had data backups. Here’s why being prepared is important: For companies that didn’t pay a ransom the average cost to recover after an attack — such as replacing equipment and lost time — was about $730,000. For those who did pay it ended up potentially costing them twice as much to sanitize their systems, including the ransom.
But remember this: Ransomware gangs are increasingly stealing data and threatening to release it unless the ransom is paid, so making data backups alone is no longer a complete defence against ransomware. As many experts say, ransomware today has to be treated as a data breach.
A security researcher has found a way an attacker can hack Intel-powered computers made before 2019 with a Thunderbolt connection. That’s the oval-shaped connector where you plug in printers and stuff. But, there’s a lot of ifs: If you leave your computer unattended and in sleep mode and if the attacker gets into your home or hotel room and if they have five minutes, they can open the back of the computer, install a device to copy some code, close the computer, modify the code, go back and plug in another doohickey that will hack your computer. Or … don’t put your PC into sleep mode if you have to leave it unattended. Turn it off. And if you’re away from home with your computer, never let it out of your sight.
Here’s another example of why Android users have to be careful of the apps they download: An app on the Google Play store called ‘Updates for Android’ had nothing to do with updates. Instead, after installation it secretly modified the mobile devices of those who downloaded it and used them to launch attacks on websites. One of them was the site of the cybersecurity firm called ESET, which notified Google and had the app removed. The way the app was described in the Google Play store gives you an idea how criminals try to leverage people’s hunger for new apps. Calling it ‘Updates for Android’ makes the app sound useful. The listed developer’s name was ‘System apps.’ That made it sound more legit. To many it would seem like Google had created the app. Actually, that name was a tip-off of something suspicious. Because if an app really was a system app, it would come with Android and already be on your phone. Another tip-off of something suspicious is that the description said the app contains ads. Despite these clues the app was downloaded at least 50,000 times. As I’ve said before, just because an app is in the Google Play store doesn’t mean it’s been screened and is not harmful. In fact, this app was initially benign when put into the store last September. It only became malicious in January when the developers added attack functionality. Do some research before downloading an app.
Finally, a couple of security updates to tell you about: Samsung smartphone owners should make sure their devices are up to date. A fix has been issued that plugs a hole in devices dating back to 2014. WordPress administrators who use the Page Builder plugin should install the latest update, which patches two vulnerabilities. Adobe has released patches for Acrobat and Acrobat Reader. And yesterday was Microsoft’s monthly Patch Tuesday, when patches for Windows and other products are released. Thirteen critical bugs were fixed. Make sure the latest have been installed by going to Windows Update on your computer.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.