Rackspace hit by ransomware, employees are still falling for the fake IT colleague scam, and more.
Welcome to Cyber Security Today. It’s Wednesday, December 7th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Texas-based cloud provider Rackspace Technology has admitted suffering a ransomware attack last week. Affected are customers of the company’s hosted Microsoft Exchange service. Rackspace said Tuesday it believes the attack was limited to its Exchange servers. It is helping Exchange customers shift to the cloud-based Microsoft 365 as quickly as possible. As of the recording of this podcast, Rackspace couldn’t say if any customer data was affected.
Separately, researchers at Palo Alto Networks released a background paper on the Vice Society ransomware gang. It regularly targets school boards, colleges and universities. IT and security teams may find the description of this group’s tactics and tools useful.
Telecommunications and business process outsourcing companies are being targeted by a threat actor impersonating corporate IT staff. That’s according to researchers at Crowdstrike. They say the attacker uses phone calls and text messages to trick employees into logging on to a fake company website, where their usernames and passwords are collected. Or they are fooled into downloading a tool allowing the attackers to get remote access to their computers. If employees have multifactor authentication protecting their credentials, the attacker either persuades the victim to share their one-time passcode or they pester the employee with text messages on their smartphone asking for approval multifactor authentication until the staffer gives up. What’s most concerning is if this attacker can access the target organization’s multifactor authentication console they add their own mobile devices to an employee’s account to help the compromise. In one case the attacker was able to access a company’s Azure Active Directory to identify privileged users. The report emphasizes the importance of IT and security teams protecting Active Directory and watching for newly created or modified accounts. It also speaks to the need for regular employee cybersecurity awareness training. A link to the full report with more recommendations is in the text version of this podcast.
An open-source ransomware toolkit dubbed Cryptonite has been removed from the GitHub repository, where anyone could have got hold of it. Not only has the source code been deleted, 41 forks have also been removed. According to researchers at Fortinet, there’s one other interesting thing: At least one variant isn’t ransomware. While it does encrypt data, there’s no way to unscramble it. The researchers don’t believe this was intentional. Because of the way this sample’s code was written, if the program crashes or closed there is no way to recover the encrypted files. Over-simplicity of code and a lack of quality assurance by the crooks are to blame. As a result that version of the malware can be spotted by anti-virus software.
Finally, crooks don’t worry about the cost of software quality issues, but organizations do. And according to a new survey by the Consortium for Information and Software Quality, it costs a lot. The company estimates software quality issues may have held the U.S. economy back by US$2.4 trillion this year. This includes the costs of cyber attacks due to vulnerabilities, problems with open-source software components in applications and software development rework costs. Solutions include applying software quality standards when developing applications, assessing third-party components in software and applying patches promptly.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.