Data theft from the Red Cross, a US Labor Department scam and a new firmware bootkit found.
Welcome to Cyber Security Today. It’s Friday, January 19th. From Toronto, I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
The International Committee of the Red Cross is the latest victim of a supply chain cyber attack. The humanitarian agency said this week a sophisticated cyberattack against a provider hosting Red Cross servers compromised personal data and confidential information on more than 515,000 highly vulnerable people. These include people separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention. The firm hit was a Swiss provider the Red Cross uses to store data. The statement didn’t say if the data was encrypted. The agency urges the hacker to not share, sell, leak or otherwise use the data.
U.S.-based marketing and commercial printing giant RR Donnelly has acknowledged corporate data was stolen by a hacker in December. According to the Bleeping Computer news site, it was the result of a ransomware attack by the Coni gang. It may be a co-incidence, but the ransomware attack came just after Donnelly announced an agreement to be acquired by an asset management firm.
Organizations in the U.S. are being warned not to fall for phishing messages that appear to come from the Department of Labor. Researchers at INKY said this week emails have been seen inviting employees to submit bids for “ongoing government projects.” The messages have a PDF attachment that looks like it has bid details and a button to be clicked on to access the government’s procurement portal. However, the link in the button goes to websites that impersonate the Department of Labor. Victims are then asked to log in using their Microsoft or business email password — which is captured by the crook.
Two things to remember: First, the U.S. government does not typically send out cold emails to solicit bids for projects. And second, employees should know it makes no sense to be asked to log in with email credentials to view a document on a completely different network.
Finally, researchers at Kaspersky have discovered the third known firmware bootkit. The malware can hide in what’s called SP1 flash storage outside a hard disk. It will launch before the operating starts when a computer boots, making it hard to delete. It isn’t clear how the sample Kaspersky saw infected a computer. But the malware was used to archive files and gather network information. One way to protect computers is to make sure they have Windows Secure Boot capability, and that it is turned on.
Remember later today the Week in Review podcast will be out. My guest will be former U.S. cyber diplomat Christopher Painter, who will talk about cyberattacks on Ukraine, negotiating with Russia and China and the impending start of negotiations on an international cybercrime treaty.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.