I feel like I'm getting better at this, at least I got the day right this time...
Third Florida Town in Three Weeks hit by Ransomware
It appears all three incidents started with a city employee clicking in an email attachment. An interesting line in this article sticks out: “[the ransomware] has been known to lie dormant for up to a year before executing.”. The dropper also has “lateral movement” capabilities, which would allow it to automatically spread from one system to another using stolen credentials or other vulnerabilities.
New ransomware infections are the worst drive-by attacks in recent memory
Speaking of ransomware, a new campaign targeting ad networks and compromised sites is creating a spike in activity. “Drive-by” attacks are difficult to defend against because they usually involve legitimate sites that are compromised or host compromised ads, and, as the name implies, can occur just from visiting the site. The best defense is to keep browsers, operating systems, and antivirus products up to date.
Iran Continues to escalate cyber attacks
The director of DHS’s Cybersecurity and Infrastructure Security Agency says “These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.”
Several Recent Attacks have impacted macOS
I have seen several articles in recent weeks regarding macOS based malware, and I felt like it was finally time to draw attention to it. Every operating system has the potential to be infected. Typically, attackers focus on Windows as it is the most prevalent, but as the article above points out, “The recent activity is an indication that more and more malware developers are finding it worth their time to create malicious wares for macOS, a platform they largely shunned a decade ago.” To prevent these attacks, we see the same advice being offered as I did above for the drive-by attacks, “ensure the OS, browsers, and browser extensions are updated as soon as possible after security patches are released. Another key safeguard is to never run a stand-alone version of Flash (the one built into Chrome is generally OK).”
Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers
Cloud Solution Providers are third party organizations that are often given administrative access to a customer’s Office 365 tenant to help initial setup. If these third party vendors are breached, they may allow administrator access to numerous other organization. As such, Microsoft will soon be requiring them to implement multi-factor authentication. This highlights the growing importance organizations are placing on eliminating single-factor auth (password only), however, it is important to remember that this is a layer of security, and strong passwords are still needed.
20 Hours, $18, and 11 Million Passwords Cracked
The above isn’t a news article, more of a walkthough/personal blog post. I found it interesting though, and highly related to the importance of strong passwords and two-factor authentication. If anyone has ever wondered how passwords are “cracked” by an attacker, and why it is important not to reuse passwords, this would be a good article to read. Keep in mind that the individual writing this is self-described as “not a security professional”, is not using specialized software or resources that are hard to access, and had a very limited budget.
Numerous breaches this week
Each of the above links covers a separate major breach. They aren’t worth covering separately, but I did want to mention a few highlights. The breach of dental and vision insurer Dominion National may have begun as early as August 25th, 2010 (9 years ago). Nation state attackers, perhaps associated with China, have breached “ten-plus cellphone networks” to track and spy on 20 to 30 high-value targets.
Other “Stories of the Week”