Cyber Security Today, August 30, 2023 – More ransomware and MOVEit attack numbers, and an attack on a Rust repository

Share post:

More ransomware and MOVEit attack numbers, and an attack on a Rust repository.

Welcome to Cyber Security Today. It’s Wednesday, August 30th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

A ransomware gang calling itself Ransomed has come up with a new brand: As of Monday they began describing themselves as the “Leading Company in Digital Peace Tax.” Researchers at Flashpoint, who discovered the new head on the gang’s blog, say other ransomware groups are puckishly doing the same, like saying their hacking is a “post-paid penetration testing service.”

Separately, Flashpoint issued an analysis of statistics it gathered in the first half of the year. There were 1,615 ransomware attacks around the world up to August 24th. About one-third of them were claimed by the LockBit group. And of those 1,600-odd attacks, just over 1,000 hit organizations in the U.S. The next biggest target was the United Kingdom with 119, followed by Canada with 93. There were 2,893 data breaches in the first half of the year, says Flashpoint. Perhaps as many as 600 of them were related to the Clop gang’s exploitation of a vulnerability in the MOVEit file transfer application.

Speaking of the MOVEit hacks, cybersecurity researcher Bert Kondruss calculates the number of victim organizations is now over 1,000. Eight hundred and thirty-five of them are in the U.S. Sixty per cent of all data stolen came in attacks on the organizations’ suppliers or partners, like data processing, accounting or consulting firms, that use MOVEit.

Among the latest American firms to publicly acknowledge being victimized is Hilltop Securities, a Texas company. It says some of its personal information was stolen indirectly. The data was held by an unnamed supplier or processor used by Hilltop Securities’ bank. That vendor uses MOVEit for file transfers between it and the bank.

As part of your organization’s regular security awareness training, employees need to be reminded that QR Codes are being weaponized by attackers. In phishing emails infected versions of these scanable images for smartphones are being used to hide malicious links. According to Trustwave, a common lure is an email claiming the QR code has to be scanned for multifactor authentication. Employees should be reminded to be suspicious of QR codes they get in email claiming to be from IT support staff — or anyone — unless they are a result of a request.

I’ve reported before about hackers depositing malware packages in the GitHub, NPM JavaScript and PyPI Python open-source registries. Now there’s a report from Phylum that an attacker this month tried to do the same on the Rust language repository called Crates.io. Like attacks on other repositories, the threat actor gave their package a similar name to a legitimate module. This is a reminder that developers have to be very careful before downloading any open source code for their projects.

On Monday’s podcast I told you about the disruption of train service in Poland after a compromise of the radio signaling network. Two people have been arrested with radio transmitting equipment. Meanwhile Poland’s Warsaw Stock Exchange, several banks and the government’s website for public services were knocked offline apparently by a pro-Russian hacktivist group called NoName.

Finally, for those trying to use Meta’s Threads social media platform in place of Twitter (or X, as its now called), Kaspersky issued a reminder: To use Threads you need an Instagram account, which then links to a user’s Threads profile. That means one password for both. So, enable two-factor authentication or you’ll be in trouble if the account is hacked. Threads has a Security Checkup feature that tells whether 2FA is turned on.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, August 30, 2023 – More ransomware and MOVEit attack numbers, and an attack on a Rust repository first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Cyber Security Today, May 20, 2024 -Ransomware gang claims it hit a Canadian internet provider

A ransomware gang claims it hit a Canadian internet provider. Welcome to Cyber Security Today. It's Monday May 20th,...

Open Source AI: Hashtag Trending Weekend Edition – Show Notes

The conversation explores the topic of open source AI and its significance in the industry. It highlights the...

Cyber Security Today, Week in Review for week ending Friday May 17, 2024

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, May 17th,...

Cyber Security Today, May 17, 2024 – Malware hiding in Apache Tomcat servers

Malware hiding in Apache Tomcat servers, new backdoors found, and more Welcome to Cyber Security Today. It's Friday, May...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways