Cyberattack hits Ottawa medical clinic, FBI email server hacked, and a record DDoS attack.
Welcome to Cyber Security Today. It’s Monday, November 15th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
An Ottawa medical clinic has been struck by a cyberattack that knocked out its IT systems. The victim is the Rideau Valley Health Centre. A message on its website says, “Unfortunately the incident is beyond our control, and has also affected other parties.” Not only can’t patients’ records be accessed the clinic’s phone system has been affected, meaning staff are having trouble answering calls. So far, the website says, there is no evidence patient information has been accessed or compromised. Most doctors are seeing already scheduled appointments. But the clinic may not be able to fit in urgent care. Patients may have to go to another walk-in clinic, or a hospital.
IT professionals were alarmed Saturday when a message sent from an FBI server warned 100,000 people that data from their firms had been exfiltrated in a cyber attack. But those who closely read the message realized from its wording that this was a scam. Someone had accessed an FBI email service for mischief. And the goal? Likely to embarrass cybersecurity expert Vinny Troia. The email message blamed Troia for the supposed hack. The cyber news site The Record pointed out that Troia wrote a book about a hacking group called TheDarkOverlord. Someone started a smear campaign after that, including hacking Troia’s website and Twitter account. The fake FBI email appears to be another part of this campaign.
However, cybersecurity reporter Brian Krebs interviewed a person taking credit for the hack. The goal, this person said, was to show a vulnerability in the FBI’s IT system. The email server that was hacked was linked to a private portal for law enforcement agencies and intelligence groups. Anyone wanting to use it needed to fill out an online form for approved access. They’d then get an email message with a one-time passcode for confirmation. But the person Krebs interviewed said the portal’s website leaked the one-time passcode. The attacker took advantage. Once they had approved access they were able to use it to send out the mischievous email. If true there’s a lesson for website developers.
Over a week ago I told you that distributed denial of service attacks are increasing. Here’s an update: DDoS mitigation provider Cloudflare said that last week it blocked the biggest denial of service attack it’s seen. It peaked at just below 2 terabytes of data per second. The entire attack, which lasted one minute, was powered by 15,000 compromised internet-connected devices and servers chained together in a botnet. By the way, some of those compromised servers are running unpatched versions of the GitHub open-source software development suite. Owners of those compromised devices usually don’t know they are the unwitting tool of hackers. Denial of service attacks are used to threaten organizations, as well as to hide cyber attacks. They are another reason why organizations and individuals have to make sure their software and hardware are running the latest security updates so they aren’t inadvertently being used by attackers.
Crooks have many ways of using email to hack into companies. Malicious attachments and links in messages are one. Another is hiding malicious links in email code. A security company called Avanan recently discovered the latest version of this trick: Writing malicious links in a tiny font. A usual font size is 12 points. But hackers have been recently seen reducing certain code to 1 point in size. That way the bad link in the message won’t be seen by email filters that look for malicious links. Tactics like this are called obfuscation. The Avanan report notes the scams it’s seen using this trick are sending messages to Microsoft 365 users asking them to click on a link to reset their password. The link, of course, goes to a fake page. Victims who reset their passwords there are giving them away to the crooks. IT staff have to ensure their email scanning programs can detect obfuscation tactics.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.