Ransomware reports signal lack of preparedness and willingness to pay
In its 2021 State of Ransomware Preparedness report, Axio reveals that organizations are not adequately equipped to defend against ransomware attacks. The report pinpoints seven key cybersecurity weaknesses supported by some alarming statistics including 80% of organizations lacking a fully functioning privileged access management solution and only 36% of respondents indicating that they audit the use of service accounts. Additionally, 69% of organizations do not limit access to the internet for their Windows domain controllers. Only 29% of respondents evaluate the cybersecurity posture of third parties before allowing them access to their network and only half of respondents conduct at least annual user awareness training on email and web-based threats. The report’s co-author David White, President and Co-Founder of Axio stated, “Our research clearly illustrates that some improvements in ransomware defense may be directly attainable by re-committing to improving basic cyber hygiene.”
In a separate report, ThycoticCentrify surveyed 300 IT decision-makers from US businesses, uncovering that nearly two-thirds of those companies fell victim to ransomware attacks in the last 12 months. A staggering 83% of victims felt they had no option but to pay the extortion demand to restore their data. The research also highlighted the substantial damage caused by ransomware attacks, with half of respondents experiencing revenue loss and reputational damage while 42% admitted to losing customers as a result of an attack. Alarmingly, around one-third attributed a ransomware attack as the cause for employee layoffs. On a positive note, recognition of the need to improve cyber-defenses appears to be growing with 93% of businesses allocating a special budget to fight ransomware threats.
Acer hacked twice in a week by the same threat actor
Last week, threat actors known as ‘Desorden’ carried out an isolated attack on Acer India’s after-sales service system servers and stole data, including customer information. Less than a week later, Desorden emailed BleepingComputer to say they breached Acer Taiwan’s servers on October 15th and stole employee and product information providing CSV files containing Acer employees’ login credentials as proof of the attack. Desorden noted, “We did not ask for separate payment on the taiwan breach. it was meant to prove our point that Acer has neglected their cybersecurity.” While Acer Taiwan has since shut down the vulnerable server, Desorden states that other servers in Malaysia and Indonesia are still vulnerable.
FCC takes aim at spam texts
As the federal government has worked to crack down on robocalls, a report from RoboKiller highlights that more than 47 billion spam texts have been sent so far in 2021, up 55% from the year before. The FCC received roughly 14,000 complaints about unwanted text messages in 2020, up 146% from the year prior. In 2021, the commission has already received nearly 10,000 such complaints, many of which relate to Covid-19 scams. On Monday, the FCC’s acting chairwoman, Jessica Rosenworcel, announced she will ask the commission to create a new set of federal rules that would govern spam texts and could include requiring phone providers to block spammers at the network level. Rosenworcel noted, “In a world where so many of us rely heavily on texting to stay connected with our friends and family, ensuring the integrity of this communication is vitally important.”
Thanks to our episode sponsor, Tessian and the Human Layer Security Summit
Zerodium solicits VPN zero-day vulnerabilities
On Tuesday, Exploit broker Zerodium announced its intention to buy zero-day vulnerabilities in the Windows clients of VPN providers ExpressVPN, NordVPN, and Surfshark. Founded in 2015, Zerodium purchases zero-day exploits in a variety of applications and then resells them to government and law enforcement agencies. The company runs a bug acquisition program on its site, where security researchers can sell their exploits for up to $2.5 million. The bug acquisition drive was precipitated by increased use of VPN services by cybercriminals to hide their real-world location when connecting to victim networks.However, privacy-conscious users who use VPN apps to browse the web from oppressive countries, may not be so excited about the announcement as it’s not clear to whom and which countries Zerodium peddles its exploits.
Twitter suspends accounts used for cyberattacks against security researchers
According to Google Threat Analysis Group analyst Adam Weidermann, accounts @lagal1990 and @shiftrows13 were suspended for being used by North Korean hackers posing as security researchers, who, “leaned on the hype of 0-days to gain followers and build credibility.” First documented in January 2021, the campaign includes the creation of fake profiles across platforms including Twitter, LinkedIn, Keybase, and GitHub. The group used the accounts to establish communication with security researchers and then lure their targets to a blog which ironically contains zero-day browser exploits or, alternatively, sending a malicious Visual Studio project file containing a backdoor. Twitter has now suspended the accounts on their platform.
UK in midst of crypto fraud epidemic
Victims of cryptocurrency fraud have lost over £146m ($200m) so far this year, a double-digit increase over 2020 figures. Bloomberg received confirmation from the City of London police that year-to-date losses have already surged 30% over the figure for the whole of 2020. The police force cited 7,118 reports so far this year, with over half of the victims aged 18-45-years-old. Common scams include dating site scams, fraudulent investment schemes, celebrity endorsements and a rise in scam apps designed to steal users’ cryptocurrency funds.
Candy Corn maker gets Halloween cyber scare
Ferrara Candy Co., a major candy and food company whose treats are among Halloween staples, got tricked in a ransomware attack earlier this month. Ferrara, which makes Brach’s Candy Corn, Sweet Tarts, Nerds, and Keebler brand products,was attacked on October 9, locking down some of its systems and halting manufacturing in some plants. But don’t be frightened, Ferrara said in a statement, that the Halloween supply shouldn’t be affected because most shipments went out prior to the ransomware attack.