Information to help shoot down Zeppelin ransomware, a U.K. managed services provider recovering after a ransomware attack, and more.
Welcome to Cyber Security Today. It’s Friday, August 12th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
The Zeppelin strain of ransomware has a unique trick: It can encrypt data multiple times, making it hard to decrypt. The information comes in the latest of a series of background papers issued by American cybersecurity agencies on indicators of compromise of ransomware families. Hackers trying to deploy Zeppelin often try to exploit vulnerabilities in SonicWall firewalls, or trick employees into clicking on malware-laden email attachments. Security teams should note that Zeppelin can be deployed as a .dll or .exe file in a PowerShell loader.
Meanwhile in the U.K. a ransomware attack last week on a managed service provider called Advanced Computer Software Group continues to cause disruption in the country’s healthcare system. Institutions using the emergency 111 phone system, as well as Advanced’s eFinancials application will see a phased return to service starting in the next few days. However, other systems may not be back for weeks. Advanced provides a number of services to the national health care system including financial management applications and patient case management. It also services law firms, school systems and charities.
The cyber attacks on Ukraine continue to provide valuable information for IT defenders in other countries. The latest example is a presentation made this week at the Black Hat cybersecurity conference in Las Vegas by researchers at ESET. They said a new version of the Industroyer malware used against Ukraine’s energy system in 2016 to shut power was discovered. It is believed Industroyer2 was installed on a power company’s systems in February, just before Russia launched its invasion of the country. It is specifically designed to disable circuit-breaker failure protections in the operational systems of that particular power distributor. Thanks to work by ESET, Microsoft and the Ukraine computer emergency team use of that malware was foiled. However, separate data wiper attacks were damaging. The report of the ESET presentation is from the TechTarget news site.
Threat actors continue trying to take advantage of unpatched versions of Microsoft Office. According to researchers at Fortinet, a piece of malware dubbed SmokeLoader is still being distributed that tries to exploit five-year old vulnerabilities that Microsoft has issued patches for. A typical lure is a phishing email asking the target to review an attached purchase order. Organizations should have learned by now that running old versions of software is dangerous. So is not patching software as soon as updates are released.
Canadian-based password manager 1Password has launched version 8 of its application for mobile devices running iOS and Android. New features include a dashboard that provides actionable alerts and a view of security risks and vulnerabilities. The manager can also be unlocked with Apple FaceID or a fingerprint. This release brings the mobile version of 1Password up to the same features as the desktop version.
Finally, later today the Week in Review edition will available online. IT World Canada CIO Jim Love will be my guest. We’ll talk about incidents where mistakes by employees have led to breaches.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.