LockBit ransomware gang hits more victims, Fluent Bit servers need to be updated, and more.
Welcome to Cyber Security Today. It’s Wednesday May 22, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for TechNewsday.com.
 |
 |
 |
The LockBit ransomware gang is trying to show it’s not dead after its leader was unmasked and its website seized by law enforcement agencies earlier this month. In the most recent incidents, The Cyber Express said LockBit admitted attacking Italy’s University of Siena. The gang says it stole 514 GB of data, including university contracts and plans. Also on Tuesday, Bleeping Computer reported that LockBit acknowledged hitting Canadian retailer London Drugs. Recently LockBit also said it was behind an attack on the City of Wichita, Kansas. Brett Callow, a Canadian-based threat researcher with Emsisoft, said LockBit is a multi-million dollar business and the people behind it will do all that they can to keep going despite police efforts. He added that the disruption by police earlier this month certainly had an impact on the gang, the full extent of which may not yet be apparent.
Administrators of cloud services that use the Fluent Bit logging utility should install the latest version. That’s the advice from researchers at Tenable, who discovered a critical memory corruption vulnerability that could be exploited to do nasty things. The hole dates back to version 2.0.7 of the utility’s built-in HTTP server. You need to install version 3.0.4. Tenable says Fluent Bit is used heavily in almost every major cloud provider’s IT infrastructure.
The U.S. Environmental Protection Agency has warned local drinking water utilities to secure their systems better against cyber attacks. EPA inspectors recently identified alarming cybersecurity vulnerabilities in drinking systems across the country, the advisory notes, including failing to change default passwords, using single logins for all staff and failing to end IT access to former employees. The regulator is increasing the number of inspections that focus on cybersecurity.
Employees screwing up are the biggest cyber risk factor organizations face, according to chief information security officers. That comes from the latest annual survey of CISOs by Proofpoint. In its most recent poll the company surveyed 1,600 CISOs in organizations with at least 1,000 employees. Almost three-quarters agree human error is their organization’s biggest cyber vulnerability. Unfortunately, that’s up from 60 per cent who agreed last year. Only 46 per cent of respondents said their organization suffered a material loss of sensitive data in the previous 12 months — that’s significantly down from 63 per cent in the previous report. But of those firms that had a data loss, 42 per cent blamed negligent or careless employees. That’s more than other factors like software vulnerabilities, malicious insiders or system misconfiguration. Interestingly, 86 per cent of respondents believe their employees understand their role in defending their organizations.
Australia’s privacy commissioner is now one of the agencies investigating what the government calls a “large scale ransomware data breach” of an electronic prescriptions provider. The privacy commissioner’s office said Monday it has been notified of the attack on MediSecure. MediSecure says data affected involves personal information and limited health information relating to prescriptions it held up to last November. MediSecure was part of the Australian prescription delivery service until late last year. You may recall that in 2022 data on 9.7 million Australians was stolen from health insurance provider Medibank. In January Australia blamed the attack on a Russian man allegedly part of the REvil ransomware gang. How did the attacker compromise Medibank two years ago? Through stolen credentials.
Crooks are using phishing attacks to get control of Facebook business accounts, according to researchers at Cofense. When they do the crooks can use their access to do things like send malicious ads from the accounts they control. The phishing emails pretend to be from a Meta division, like the Facebook Ads Team claiming a company’s advertising content has violated Facebook’s rules. The target is asked to click on a link to verify their account information. Victims that do and fill out a fake page are giving away their login credentials — including their multifactor authentication codes. Meta is the second most spoofed brand by crooks. Microsoft is number one by a wide margin. Teaching employees not to fall for scams like this will lower the odds of your firm being victimized.
A Massachusetts non-profit that provides services to children and families is notifying over 23,000 people following an April cybersecurity incident. Brockton Area Multi-Services says data stolen included names, dates of birth, Social Security numbers and diagnosis or treatment information.
Finally, crooks have been getting away with listing the sale of illegal things like drugs on Eventbright, a platform that lists events that subscribers may be interested in. That’s according to an investigation by Wired.com. It found pages claiming to sell fentanyl powder, Social Security numbers, dates with escorts, Gmail accounts and more. What’s worse, the article says, is that Eventbright algorithms appeared to recommend some of these sites in search queries. A company official told Wired that these listings are spam trying to pull readers to third-party websites. The official said illegal and illicit activity has been removed from the platform.
Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.
