The compromise of an FBI email server to send out 100,000 pieces of spam made headlines. Terry and I will discuss how it likely happened and how IT departments can prevent being victimized the same way.
We’ll also look into a report that the RAM in personal computers, servers and cellphones can be more easily compromised by hackers for data theft than has been thought.
And we’ll also look at a report that some ransomware groups are making so much money they are now bidding on million-dollar zero-day vulnerabilities.
Elsewhere, news emerged that the gang behind the Emotet malware and botnet is back. Its infrastructure was taken down in January by law enforcement agencies. But security researchers noted that the TrickBot botnet is now distributing emails with attachments laced with malware similar to Emotet. This is another example of how cybercrooks knocked out of business are able to rise again if they keep their code or their knowledge of how to create malicious code.
The province of Newfoundland and Labrador continues dealing with the cyber attack on the healthcare system that started 20 days ago. Canadian privacy expert Ann Cavoukian told me it’s appalling that years of data was accessed by the attackers.
Meanwhile a health clinic in Ottawa is still trying to restore services after it was hit by a cyber attack last weekend.
Here’s an update on the data theft I reported last week from the Robinhood stock trading platform: A threat actor claiming to be the attacker has put the data up for sale on the dark web. That includes a list of 5 million email addresses and a list of 2 million email addresses with the users’ names. The attacker isn’t yet selling detailed data on 310 customers that were copied.
Another warning has been issued by government security agencies to IT departments about the dangers of not promptly applying security patches to products. The U.S., U.K. and Australia said an Iranian-backed group is exploiting vulnerabilities in certain Fortinet network devices and Microsoft Exchange. These vulnerabilities have been patched. In fact one dates back to 2018, another to 2019.
A warning has also gone out to WordPress administrators to better secure their systems. This comes after a cybersecurity company found a number of compromised sites suddenly displaying fake claims of a ransomware attack. How was it done? Somehow an attacker was able to break into the WordPress site and tamper with a plug-in called Directorist, which lets administrators build contact directories for their sites. It’s imperative that all WordPress administrators tighten security, including making sure their passwords are strong and protected with multifactor authentication. They should also be familiar with other ways of protecting their sites.
