Ransomware defences, a dishonest employee at Cisco, an honest employee at Tesla and printer owners embarrassed.
Welcome to Cyber Security Today. It’s Monday August 31st. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
I’ve talked about serious ransomware attacks in recent podcasts. It may sound like organizations are defenceless. They’re not. A blog last week by researchers at security firm Red Canary points out that most ransomware attacks on corporate computer networks have predictable patterns that IT and security teams should be looking for. Much of the blog is a bit technical for a podcast, but I want to highlight three points the authors make: First, perhaps the most effective way IT departments can stop ransomware is by preventing application software from being changed. The best way to prepare for a ransomware attack is to have proper data backups. And forcing all employees to use strong and unique login passwords will slash the chances of an attack successfully using password-guessing tactics.
Most cyberattacks come from criminals outside organizations, but an estimated 30 per cent are made by employees or ex-employees. One of the latest to be publicly revealed came last week. A former Cisco Systems staffer pleaded guilty in California to deleting 465 virtual servers hosting the company’s Webex Teams collaboration application used by customers several months after he left Cisco in 2018. As a result thousands of people couldn’t access their accounts. Cisco had to refund over $1 million to customers and spend a lot of time to fix the damage. No customer data was compromised. The accused will be sentenced in December. An explanation of his actions may come out then. There was no explanation of how an ex-employee could mess up his former company, but one guess is his password access hadn’t been revoked.
On the other hand there are good employees. One works for electric car maker Tesla in Nevada. It was revealed last week that he went to the FBI after a Russian acquaintance he hadn’t seen in two years suddenly turned up and offered him a big chunk of money to plant malware in Tesla’s computer network. The scheme apparently was to copy and steal data, and then threaten Tesla with publishing the data unless it paid cash. When the FBI called the Russian to talk he allegedly tried to flee the country. Last week he was charged with conspiring with others to damage a computer.
Desktop computers and servers aren’t the only devices criminals can hack to get into a organization’s computer network and spread malware to steal information. They can also hack printers if they aren’t protected. Unfortunately a lot of IT departments forget that. A news site called CyberNews decided to teach them a lesson. Doing an internet search it found just about 500,000 printers around the world that could be hacked. Of those it chose 50,000 targets and sent an online software script forcing them to print a document. It was successful on just over 27,400 printers. And what did it print? A five-page how-to guide for securing a networked printer. That’s a lot of embarrassed companies.
Finally, many people think vulnerabilities in Windows or other Microsoft products is the major way IT systems get hacked. Not always. Any software an organization uses can have holes that are exploited. That includes the Autodesk 3D graphics suite used by many companies to design everything from office buildings to toys. Security researchers at Bitdefender last week issued a report on the hack of an unnamed architecture company through a phony Autodesk plugin that somehow got installed. The result was the installation of spying and data theft tools. Autodesk has issued a security update to block this from happening.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon