A new ransomware strain, and FBI ransomware warning and update these WordPress plugins.
Welcome to Cyber Security Today. It’s Friday, March 26. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
There’s lots of ransomware news to tell you about today, including the appearance of a new strain of the malware.
The Bleeping Computer news service has learned American-based insurance company CNA Financial was hit last week by a new ransomware variant called Phoenix Cryptolocker. Citing unnamed sources, the site says over 15,000 computing devices on the CNA network were encrypted, including those of people working from home. One researcher believes the Phoenix ransomware was released by a gang called Evil Corp. That’s because the Phoenix code has some similarities with a strain of ransomware called WastedLocker that the gang also uses.
The story doesn’t say if the attackers stole CNA corporate documents in addition to encrypting data. Some researchers think if they did the hackers might look for corporate clients who have cyber insurance to exploit. But Ilia Kolochenko, chief architect of ImmuniWeb, doubts they’d take the time to comb through contracts.
The FBI this week issued a private notice to U.S. organizations about a little-known ransomware strain dubbed Mamba. It’s been seen recently in attacks on local governments, transportation agencies, law firms, tech firms and others. But a cybernews service called The Record points out several security researchers identified this group five years ago when it was also called HDDCryptor. One of its tricks is rewriting a computer’s master boot record to make recovery of encrypted data hard. The FBI says there may be a way to recover data without paying crooks for a decryption key.
And a security firm called Varonis this week released an analysis of what it calls an up-and-coming threat group called Darkside. It distributes ransomware through partner crooks who are paid a percentage for initially infecting victim organizations. Be warned those using Darkside ransomware often look for holes in software that allows employees or consultants remote access to corporate IT systems.
For any strain of ransomware one of the best protections is using multi-factor authentication for logging into critical systems and data as an extra layer of defence. This prevents attackers from getting control of administrative credentials. Also, make sure average employees don’t have access to more data systems than they need. Varonis also notes that comprehensive network monitoring for suspicious activity is important. And those who use Microsoft’s Active Directory for identity and access management can also use it to identity compromised accounts.
Security experts regularly urge IT managers and administrators to install the latest security patches as soon as possible because hackers quickly take advantage of vulnerabilities that become public. Here’s two for the WordPress content management platform to watch out for: Facebook for WordPress has been updated to fixes two serious vulnerabilities. And security researchers at Bitdefender are warning a vulnerability scanning tool used by hackers is now looking for unpatched WordPress systems that use a plugin called “Ultimate GDPR and CPPA Compliance Toolkit.” It’s a plugin that helps firms make sure their WordPress complies with the European Union and California data protection and privacy regulations. If you use that plugin make sure it’s the latest version.
The cybersecurity readiness of Canada’s agriculture sector will be examined from researchers thanks to a $500,000 grant from the federal government. The money, to be spent over four years, is going to the Saskatoon-based non-profit Community Safety Knowledge Alliance, which has a project looking at cybersecurity capacity in Canadian agriculture. The project is aimed at enhancing agriculture critical infrastructure protection and includes promoting cybersecurity awareness of farmers.
Finally, IT World Canada and the Women in Security and Resilience Alliance welcome nominations for this year’s celebration of the Top Women in Cybersecurity. Nominate someone you know, or nominate yourself, before April 16th. Here’s a link to details.
Don’t forget later today the Week In Review edition of the podcast will be out. I’ll be discussing a news item or two with guest commentator Terry Cutler of Cyology Labs.
Links to details in podcast stories are in the text version of this show at ITWorldCanada.com. That’s where you’ll also find more of my news stories aimed at cybersecurity professionals.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.