Ransomware delivered in 15 minutes, creating an incident response plan and get rid of old Windows
Welcome to Cyber Security Today. It’s Monday, November 8th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Ransomware can be delivered by an attacker days or weeks after initially infecting an organization. The delay gives the gang time to snoop around the IT system and steal data. But some gangs just get on with the ransomware. Researchers at security firm Cofence recently found an example that infects victim firms in 15 minutes. Here’s how this particular scam works: An employee gets an email addressed to ‘Undisclosed recipients.’ It pretends to be a follow-up to an earlier message, saying ‘Still no response from you,’ and asks the victim to click on an attachment that is supposedly a supplies list. Someone in the accounting, sales or warehouse might fall for this because they want to be seen as responsible. But they would miss the obvious signs of a con: One is the fact that it is addressed to ‘Undisclosed recipients’, another is the generic Gmail address of the sender. Another clue is that the victim wasn’t expecting an email with a supplies list at all. This is another example of how regularly training employees to be suspicious of emails with attachments is vital.
Meanwhile so far no one yet has cashed in on the U.S. government’s offer to pay $10 million for information leading to the arrest of the leaders of the DarkSide/BlackMatter ransomware gang. A $5 million reward is available for information leading to the arrest of anyone helping the gang. Last week BlackMatter said it is disbanding, but experts say even if it’s true gang members will likely form a newly-named squad.
You may have seen stories on mine on ITWorldCanada.com in the past two weeks from my coverage of cybersecurity conferences on what IT departments should have in their incident response plans. An incident response plan is a vital step to being ready for a cyber attack. Organizations that respond in a disciplined way to an attack are more likely to control the damage. For a more in-depth look at incident response plans than the stories I wrote see a new Cisco Systems blog on the features an incident response plan should have. There’s a link to it here. Remember, a plan isn’t worth much if it isn’t tested.
In a podcast a few days ago I reminded listeners that with the holiday season upon us they have to beware of fake retail sites on Amazon. They also have to watch out for package delivery scams pretending to be from FedEx, UPS, DHL and other courier companies. Security reporter Brian Krebs details one of the latest cons. It’s being sent by text messages to cell phones. Probably that’s because it’s harder on a phone to see where a link in a message is really going to. The message says the courier couldn’t deliver a package and asks the victim to click to schedule a new delivery time. If a victim clicks on that they see a page that asks for a name, phone, number, delivery address — and a birth date. Now, that’s one tip-off this is a scam. Why does a delivery service need your birth date? The second tip-off is that you have to enter a payment card number to pay a small re-delivery fee. So now the crooks have your date of birth and your credit or debit card number. Remember, November and December is big time for online retail scams.
Finally, some organizations are still running outdated business versions of Windows. These are versions 7 and 8.1. Microsoft has stopped releasing free security updates for them. You can, however, buy extended support for them. But that ends January 10th, 2023. If you aren’t paying for extended support, switch to Windows 10 or 11 fast. Meanwhile, mall businesses using personal versions of Windows 7, 8 and 8.1. should note two important upcoming deadlines. In nine weeks — on January 10th, 2022 — Microsoft will stop issuing security updates for the OneDrive file hosting and synchronization app. And it will stop synchronizing OneDrive to the cloud on March 1st. Again, if you’re a home user of Windows 7 or 8 you need to switch to either Windows 10 or 11 for improved security.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.