Employee mistake leads to Northern Ireland police data breach, why employee awareness training is vital, and more.
Welcome to Cyber Security Today. It’s Friday, August 11th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Many data leaks are caused by mistakes by employees. The latest example involved the publishing of a spreadsheet with the names, ranks, departments and work locations of all 10,000 members of the Police Service of Northern Ireland. Publishing wasn’t the mistake because data was asked for by someone under a Freedom of Information request and they put up whatever they got. The mistake was made by the police employee who created the spreadsheet. The request was only for the number, ranks and grades of all police officers and staff. For some reason their last names and first initials were included. The spreadsheet was only available online for two hours on a website that helps people make Freedom of Information requests. Police are asking anyone who copied the data to delete it.
Almost half of the organizations that recently were infected by the Gootloader malware were law firms. That’s the finding of researchers at Trustwave. Gootloader is a package for delivering malicious payloads. Threat actors using this package commonly employ search engine optimization techniques to trick victims who are searching for business-related information. For example, a staffer may be looking for a template for a contract, an agreement or a form. Up pops a link to a supposed template, but clicking on it leads to a website that may appear to be a group forum with a compromised document. One of the keys to this strategy is to create web pages that will rise to the top of a search engine’s results when a query with the right words or phrases is entered. The hope is a victim will click on the first link. Employee awareness training is vital to stop this kind of attack.
Still on the topic of employees falling for scams, researchers at Fortinet came across a typical phishing scam last month that uses a new piece of malware. The email purports to be an urgent order supplement request to a company, with a PDF attachment the recipient is urged to click on. It leads to the installation of malware. While antimalware and antivirus systems can detect this, the best defence is investing in employee awareness training.
By the way, separately Fortinet warned that a botnet is trying to exploit a vulnerability in unpatched models of a now end-of-life Zyxel router. First, you shouldn’t still have this router, model P660HN-T1A, on your network. Second, if you do, there’s no excuse for not having installed the five-year-old patch.
Finally, researchers at Check Point Software have released an analysis of the Rhysida ransomware gang showing possible links to the Vice Society ransomware group. Many of the techniques both groups use are similar. And they both often target the education sector. One interesting thing: The number of victims claimed by Vice Society has dropped since the Rhysida group emerged in May.
Later today the Week in Review will be available. In this episode Terry Cutler of Cyology Labs will talk about recent ransomware news, the MOVEit data breach and potential attacks on sports events.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.