The latest ransomware attacks, a phone scam at the Ritz and security defenders strike back
Welcome to Cyber Security Today. It’s Wednesday August 19th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Organizations still aren’t taking enough protection from ransomware attacks. Here are three of the latest victims:
Cruise operator Carnival Corp., which operates a bunch of brands including Carnival, Holland America, Cunard and Princess lines said this week one of them suffered a ransomware attack. In a statement to regulators the company gave scant information, saying only that personal data of an unspecified number of passengers and employees was accessed. No details on what was copied or how many people were involved, but as a cruise line Carnival would have names, addresses, email addresses, passport numbers and other personal information of passengers and staff.
Security reporter Brian Krebs says an American medical debt collection company called R1 RCM was hit by ransomware. Debt collection companies would be of interest to criminals because they may have personal or financial information about people who owe money. Interestingly, a person who works for R1 added a comment under Brian’s story saying the company only has information needed to get insurers to pay claims. This person said R1 doesn’t have access to social security numbers.
And here’s a coincidence: I’ve reported that Japan-based printer and camera manufacturer Canon was hit by ransomware around July 30th. Well, now there’s news that Japan-based printer maker Konica-Minolta was hit by ransomware around the same time. The news site Bleeping Computer says it’s seen the ransom note. Usually ransomware attackers take some time to discover and infect a number of servers before deploying their malware to lock up as many computers as possible.
Attention IT administrators: If you use the Jenkins open-source automation server software you should update to the latest version. There’s a buffer corruption flaw that needs to be fixed. And if you use IBM’s DB2 database for Linux, UNIX and Windows install a Special Build released at the beginning of the month as an interim fix to a vulnerability.
Here’s another example of why you can’t trust call display numbers: Some people who made restaurant bookings at the Ritz hotel in London have been hit by a telephone scam. The BBC reports customers were phoned with exact details of their bookings and asked to confirm their credit card numbers. Victims were tricked in part because their call display showed what appeared to be a real hotel phone number. How the criminals knew people had made reservations isn’t known. But after getting payment card numbers they tried to buy things at a British online retailer. When a bank stopped one suspicious transaction the criminal phoned the victim again, this time pretending to be from her bank. Some lessons from this: Don’t trust caller ID, and never give out your credit card number to someone who calls you.
Finally, here’s an interesting piece of news: A security company was able to stop the spread of a piece of malware for six months. The company, called Binary Defense, found a hole in malware called Emotet that’s usually spread by infected email. Briefly, company researchers saw how the malware installs itself in a Windows registry and wrote a small piece of code that blocked it. Starting February 12th, many organizations around the world quietly were notified to install that blocker code to their systems. But on August 6th the Emotet developers changed their infection routine and this defence was no longer useful. Still, it offers interesting and useful research for security companies in their fight against attackers.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.