Cyber Security Today, Oct. 20, 2023 – Free anti-phishing guidance, ransomware gang sunk for not patching Confluence servers

Free anti-phishing guidance, and a ransomware gang sunk for not patching Confluence servers.

Welcome to Cyber Security Today. It’s Friday, October 20th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

 
Every IT security pro’s favourite four-letter word — free — is in the news this week. American cyber authorities released a free 14-page guide to fighting phishing attacks. There’s even a section with recommendations for small organizations with limited IT staff.

It urges firms to make sure employees with administrator and privleged user accounts use phishing-resistant multifactor authentication to protect against credential theft. These employees are the people who have broad access to customer or financial data so they are prime targets of hackers. It also helps, the guidance emphasizes, that as few people as possible have administrative rights.

Organizations should also implement a single-sign-on management application that reduces the chance of employees being tricked into giving up their login credentials.

And of course, the guidance says organizations of all sizes need to give employees regular cybersecurity awareness training that explains how to avoid being suckered by fake emails, texts, voice and video calls.

There’s also advice for application developers. They are urged to have secure-by-design and default principles in their development workflows to reduce the odds of their customers being hit by phishing attacks.

Remember I told you on Wednesday’s podcast about the need to patch Atlassian Confluence servers to close a vulnerability? Apparently a ransomware gang didn’t get the message and as a result had its servers wiped. According to Bleeping Computer, the Ukrainian Cyber Alliance says it got into the IT infrastructure of the gang running the Trigona ransomware through an unpatched hole in their Confluence collaboration server. Then the Alliance copied all the data from the gang’s systems, including source code and cryptocurrency hot wallets. And for good measure the good guys deleted the gang’s websites.

Speaking of patching, organizations that have been slow in installing a patch for on-premise versions of JetBrains’ TeamCity servers are being hit by two North Korean hacking groups. Microsoft said this week that the two groups are taking advantage of a vulnerability announced on September 20th. The same day a security update was released. TeamCity is an application development and deployment platform. The gangs are after valuable data in companies around the world. TeamCity administrators who have not patched their systems yet should quickly apply the update and look for indicators of compromise.

That’s it for now. but later today the Week In Review podcast will be out. Terry Cutler of Montreal’s Cyology Labs and I will look at some early cybersecurity predictions for next year.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.