Canadian firms allegedly hit by ransomware, a man is sentenced for Cisco Systems hack and patch this WordPress plugin
Welcome to Cyber Security Today. It’s Monday, December 14th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
To hear this podcast click on the arrow below:
Cyber Security Today is brought to you by the new Cisco Security Outcomes Study, where we surveyed 4,800 cybersecurity and IT professionals.
Visit https://cisco.com/go/SecurityOutcomes to read the results.
A ransomware gang called Everest claims to have stolen documents from a number of Canadian organizations including a major airport and one of the country’s biggest construction firms. As evidence it has posted copies of what it says are electrical and other schematics of buildings it took from several victims. It is threatening to release more documents unless victims pay for decryption keys. I’m not naming the firms because as of Sunday, when this was recorded, I didn’t have confirmation that the organizations were hit. The airport issued a statement saying it is aware of reports of an alleged ransomware attack. However, the airport said its information technology team found no evidence of a compromise to systems or infrastructure.
Elsewhere in the world the Bleeping Computer news service reports that a ransomware gang claims to have hit an Israeli division of Intel. The alleged company is Habana Labs, which makes specialized processors for accelerating artificial intelligence applications. The gang called Pay2Key published on Sunday what it says are folders of information on the company domain controller and a software code development application.
Cybersecurity professionals may be interested in a BlackBerry report on a relatively new ransomware group called MountLocker. Detected in July, this is a ransomware-as-a-service group, which means approved crooks who have hacked into a victim organization can pay as they go for use of the ransoware. MountLocker allows gangs to steal corporate data and threaten to release it in addition to encrypting data. Often these affiliate gangs get the initial entry to victims firms by exploiting Windows’ Remote Desktop capability, called RDP, which allows employees to get into the corporate network from outside the office. To stop this type of access IT administrators have to tighten up RDP security. The bad news is BlackBerry believes this gang is, in its words, “just warming up.”
In August I told you about a former Cisco Systems staffer who pleaded guilty to deleting 465 virtual servers hosting the company’s Webex Tems collaboration application. Last week he was sentenced to two years in prison and ordered to pay a $15,000 fine. According to The Mercury News, the employee left the company in April 2018 but for some reason five months later accessed Cisco’s cloud infrastructure and deleted the virtual servers, causing accounts of 16,000 customers to disappear. Cisco had to refund $1 million to customers for loss of service, plus spend about $1.4 million in employee time to repair the damage.
Attention WordPress administrators: If you use the Easyu WP SMTP plugin for configuring SMTP settings make sure you have the latest update. A patch has been issued to fix a serious vulnerability that could allow a hacker to reset administrator passwords.
That’s it for now. Details about these stories can be found in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at cybersecurity professionals.
Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.