Cyber Security Today: Ransomware attacks hit a record in September, and more

Ransomware attacks hit a record in September, and more.

Welcome to Cyber Security Today. It’s Wednesday, October 25th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

The number of successful ransomware attacks keeps climbing. NCC Group says criminal data leak sites listed 514 victims last month. It breaks the record set in July, when gangs listed 502 victim organizations. The claims of these sites are usually reliable. The U.S. continued to be the most attacked country.

And if that’s not bad enough there’s a new ransomware gang. Rhysida. It runs as a ransomware-as-a-service operation, say researchers at Kaspersky. It has a unique self-deletion mechanism. It also works on Windows 7 and 8.

On Monday I told listeners about the compromise of files sent to Okta’s support system. Since then several technology companies have acknowledged being victims. They include Cloudflare and 1Password, which makes a password manager. 1Password’s CTO says no user data was compromised.

A former IT member of the U.S. National Security Agency has pleaded guilty to six counts of attempting to transmit classified defence information last year to what he believed to be was a Russian agent. He was actually sending the stuff to an undercover FBI agent. He’ll be sentenced next April.

VMware has updated its warning to administrators running Aria Operations for Logs. Last week it urged the software be patched to fix multiple vulnerabilities. This week that notice was updated to that warn threat actors now have exploit code to take advantage of an unpatched server.

Worried about how much data the apps you like are collecting? Here’s something to think about: According to researchers at The Money Mongers, Threads is the most invasive of the 100 apps it studied. They include Instagram, Facebook, Messenger, LinkedIn, Uber Eats and more. Threads, you may recall, is trying to challenge the platform called X and its tweets. By the researchers’ standard, Threats collects 86 per cent of its users’ personal data. That may be OK if the users realize this. But also note that 51 per cent of the apps studied share their user data with third parties. Again, that may be OK, but only if user know about it.

Finally, I know organizations have to respect their lawyers, but do lengthy, confusing privacy statements help your business? Consider this. By the calculation of researchers at NordVPN, it would take an entire work week — 42 hours — to read the privacy policies of the 96 websites most Canadian users go to. Even if it was restricted to the top 20 websites most Canadians go to, it would take almost nine hours to read their privacy policies.

Canadian companies should note that the proposed private sector privacy law now before Parliament would require them to describe in plain language how personal information of customers is handled. That’s the only way customers can give meaningful consent to their data being collected and used.

That’s it for now. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.