Cyber Security Today, August 25, 2023 – FBI warning about Barracuda ESG gateways and thousands of more US MOVEit victims

FBI warning about Barracuda ESG gateways and thousands of more US MOVEit victims.

Welcome to Cyber Security Today. It’s Friday, August 25th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

 Hackers are still exploiting vulnerable Barracuda Networks Email Security Gateways, warns the FBI. While Barracuda has released patches, all of these devices are still open to compromise. Threat actors from China appear to be the main attackers. The FBI strongly urges IT administrators that all affected ESG appliances be replaced immediately, and all networks scanned for indicators of compromise. The earliest evidence of the exploitation of Barracuda ESG appliances goes back to last October.

More American organizations victimized by the MOVEit server vulnerability are coming forward. Among the latest is Sovos Compliance, a Massachusetts firm supplying tax compliance services to companies. It is notifying over 215,000 people that their data was copied by a hacker when Sovos’ MOVEit server was compromised.

Another victim is Data Media Associates of the state of Georgia, which is notifying over 74,000 people their data was stolen when the company’s MOVEit file transfer server was hacked. The company makes patient billing solutions for doctors and hospitals. Data stolen included individuals’ names, addresses, and high-level medical or health insurance information, as well as health insurance ID numbers — which could be identical to Social Security numbers.

Dow Credit Union of Michigan is notifying over 29,000 members that data it sent to an unnamed service provider was compromised when that supplier’s MOVEit server was hacked. Data copied included people’s names, mailing addresses, Social Security numbers, date of birth, account number and account balance.

ClearResult Consulting of Texas, an energy management consulting firm, is notifying over 12,000 people that its MOVEit file transfer server was hacked at the end of May. Information copied included names, financial account or credit and debit card numbers and passwords or PIN numbers for accounts.

What are crooks doing with all the personal data they steal? A number of them are creating synthetic identities to fraudulently borrow money. That’s according to a report by credit monitoring service TransUnion. Phony identification is increasingly being used to trick American lending companies, the report says, in the auto finance sector. In the first half of this year U.S. auto lenders were tricked into giving out or recieved applications for US$1.8 billion in loans from people with synthetic identity documents. That’s a 38 per cent rise over the same period last year. The crooks use the money to buy vehicles and default on the loans. I would guess the vehicles are re-sold for a tidy profit or shipped to another country for resale. Phony IDs are also used to get bank and retail store credit cards for fraudulent purchases. The point of the report is businesses have to watch more closely for fake ID.

Later today the Week in Review will be available. Host Jim Love of IT World Canada and guest commentator Terry Cutler of Cyology Labs will discuss zero trust and the theft of data from Tesla by former employees.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.