The debate on ransomware attacks dropping continues, beware of long-hidden backdoors and lots of patches released.
Welcome to Cyber Security Today. It’s Wednesday, January 11th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Another entry in the debate on whether ransomware attacks are going up or down has been issued. Last week researchers at Emsisoft said the truth in the U.S. is hard to figure out because so many attacks aren’t publicly reported. This week researchers at Delinea released a report saying a survey it paid for suggests ransomware last year was down significantly over 2021. Of the 300 American IT decision-makers surveyed, 25 per said they were victims of ransomware in 2022. By comparison, 64 per cent of respondents said their firm was hit in 2021. Respondents also said budgets for ransomware defence dropped last year, although that could be because IT leaders are folding defences against ransomware with defences against all types of cyber attacks. More worrisome, the number of companies with incident response plans dropped to 71 per cent last year from 94 per cent in 2022. There’s a link to the full report in the text version of this podcast.
Threat actors are known for installing back doors on victims’ IT infrastructure to enable their attacks. That’s why scouring an entire IT environment is vital after a successful breach of security controls to make sure back doors aren’t left around. The latest example comes in a report from researchers at U.K.-based S-RM Intelligence. It looked into an attack by the Lorenz ransomware gang. The gang exploited a vulnerability in an organization using Mitel’s VoIP phone system. However, it was able to do that by using a backdoor that had been installed five months before the ransomware was launched. One theory is an initial access broker compromised the victim’s IT infrastructure and installed the backdoor, then notified the Lorenz group. Whatever the explanation, it’s another example of why continuously searching for backdoors as well as patching vulnerabilities is essential.
Ransom demands linked to denial of service attacks aren’t talked about a lot. However, they are something IT security leaders need to think about. According to Cloudflare, a service that mitigates denial of service attacks, 16 per cent of its customers in the fourth quarter last year said a DDoS attack they suffered came with a threat or ransom note. Still, that was less than the 22 per cent who said they had a threatening DDoS attack in the fourth quarter of 2021. In the first quarter of 2022, 10 per cent of customers hit by DDoS attacks said it came with a threat. That increased to 12 per cent in the second quarter, 14 per cent in the third quarter, and, as I said, 16 per cent in the fourth quarter.
IT administrators must remember that compromised internet-connected devices such as computers, routers, firewalls, surveillance cameras and their associated digital recorders are used to create botnets to launch distributed denial of service attacks. Sanitizing IT networks helps lower the odds of your gear being used for DDoS attacks.
Yesterday was Microsoft’s monthly Patch Tuesday, when fixes were released for a number of holes in Windows. According to researchers at Action1, 98 vulnerabilities were fixed. Eleven of them are ranked critical. One fixes a significant zero day vulnerability in all versions of Windows back to version 8.1 and WinServer 2012 R2. It could allow a potential attacker to gain System privileges. Another fixes a hole in Windows Credential Manager.
Also yesterday, SAP released 12 security patches. Researchers at Onapsis note that three of the fixes have vulnerability scores at 9 or above.
Adobe released critical fixes for Acrobat and Acrobat Reader. Zoom released patches for two vulnerabilities ranked high in severity for Zoom Rooms.
On the industrial side, Siemens and Schneider Electric announced fixes for a number of products.
IT and security managers need to evaluate patches against the organization’s risk profile and then prioritize which patches need to be installed and in which order.
Attention application developers: If you use the open-source JsonWebToken package created by AuthO in your software for signing JSON data make sure you have a recent version. This package was updated in December after researchers at Palo Alto Networks discovered a serious vulnerability. You should be on version 9.0.
Finally, if you or your employees use the Threema messaging app make sure it’s the latest version. It patches vulnerabilities found by researchers.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. U.S. listeners can also find me on TechNewsDay.com