More Canadian firms hit with ransomware, Nobelium group attempting to infiltrate Canadian and U.S. firms, and a DreamHost data fumble.
Welcome to Cyber Security Today. It’s Monday June 28th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Three more Canadian companies have been listed on a ransomware group’s website as being victims of their attacks. The firms are an internet provider in southwestern Ontario, a engineering firm in eastern Ontario and an insurance broker in Quebec. The Conti ransomware group says it has stolen data from all three, and as proof posted copies of what it says are some of the files. I’ve called all three firms for comment. None have got back to me so I’m not naming them. However the Conti group has a reputation of not bluffing. The three are either small or medium sized-firms, more evidence that ransomware gangs and their affiliate partners — who actually do the targeting — aren’t just after big companies.
There were lots of headlines earlier this year when the U.S., Canada and other countries blamed a Russian-based threat group for being behind the compromise of the SolarWinds Orion network management platform. Well, despite all the attention the group is still active, according to Microsoft . The company said Friday that the group, which it calls Nobelium, has recently been trying to break into targeted organizations in Canada, the U.S., Germany and other countries. Although most attempts were unsuccessful, Microsoft admitted that the computer of one of its customer support staff was hacked. Stolen customer information from that hack was used by Nobelium to try to get into their organizations. Nobelium mainly targets IT-related companies and governments, but has also been seen going after think tanks and financial services firms.
In addition to using stolen information to try to get into organizations, Nobelium uses password spray and brute-force password attacks. Your organization can fights those tactics in three ways: Multifactor authentication as extra protection for logins; limiting the number of people who have privileged access to important data and segmenting data so it isn’t easily accessible by an attacker.
Users of the DreamHost and DreamPress service for hosting WordPress should know that an unprotected database with three years of information about customers has been found on the internet. The news site Website Planet and a security researcher found the database, which anyone could read if they knew where to look. The account information included administrator and user display names, email addresses and WordPress version and plugin information. Some of that could be used by an attacker. According to the news story, DreamHost closed access to the database when notified.
Here’s another report about unprotected data open on the internet: Information on about 1,000 customers and interested buyers of Mercedes-Benz vehicles held by an unnamed partner company was inadvertently left open to anyone who could find it. The car maker has acknowledged the data included persons’ names, dates of birth, credit scores and some drivers’ licences, social security numbers, and credit card information. These were entered online by people during an 18-month period that ended in June 2017. However, Mercedes-Benz says to view the information someone would need special software programs and tools.
Users of Zyxel virtual private network and firewall devices are urged to take precautions after the manufacturer detected targeted attacks on the appliances. The Hacker News says customers are being told to disable services allowing remote management of the devices, or allow access only from trusted locations.
Users of Western Digital’s legacy My Book Live and My Book Live Duo network-attached storage devices should disconnect them from the internet. This is because some users have reported a cyber attack triggered a factory reset and erased their data. Western Digital is working on a patch for these devices, which have been off the market for years.
Finally, an American judge has sentenced a Ukrainian man to seven years in prison and to pay $2.5 million in restitution for working for a hacking group. The group is known by researchers as FIN7 or the Carbanak group. Prosecutors said the man managed other hackers. According to the news site Recorded Future, the man said he joined what he thought was a cybersecurity company. The group so far has stolen 20 million credit or debit cards. The man was arrested in Spain in 2018 and extradited to the U.S. a year later.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.