The Last 30 Days in Cybersecurity: Notable Breaches, Outages & Ransom Demands
Microsoft 365 Cloud Services Outage
In early February, Microsoft reported an hours-long email cloud service outage that impacted many North American users.
While cloud services are a fantastic service and generally provide much better resilience than most businesses can afford, far too many businesses are counting on the same provider to secure, protect and backup their data. This isn’t much better than backing up to a USB drive connected to the server in your office.
To make things worse, cyber criminals know that most businesses have a 30 day backup, and they can corrupt it without too much trouble once they have accessed the tenant. That’s why I always recommend that businesses have a 3rd party backup provider, in order to mitigate the risks related to cloud service outages.
Royal Mail Refused to Pay £66m LockBit Ransom Demand
Chat logs released by the cybercriminal organization, LockBit revealed that the Royal Mail refused to pay an US $80M ransom demand in early 2023.
What is notable about this attack, is that it is one of the largest reported ransom demands on record — and it is part of a growing trend of organizations refusing to pay the fees. This may forecast the future of the ransom/extortion market where demands will get higher as organizations are showing less appetite to negotiate and pay criminal organizations. By comparison, in 2022, 59% of companies refused to pay the ransomware fees, an increase of 9% from the year prior.
To date, the Royal Mail has still not paid LockBit and the situation is still active. This is just another example of why I recommend that businesses should prioritize having a data recovery plan that doesn’t require paying cyber criminals to get their data back. In the case of the Royal Mail, they had isolated backups separate from their core and cloud environments. They also had a solid Incident Response Plan that allowed the team to keep their operations and mail flowing to some extent.
Twitter Disables 2FA for Non-Paid Users
There’s been no shortage of drama since Elon Musk took over Twitter last fall and their decision to disable text-based 2FA for non-paid users is causing quite the stir — a serious cybersecurity risk. But is it really?
While text-based MFA is not the most secure secondary authentication method, it is common and easy to activate. It’s also better to have than no secondary authentication method at all. Despite the removal of this feature, Twitter account holders can still add an extra layer of security to their accounts via an authenticator app, which is a more effective means than the text-based 2FA feature.
Authenticator apps are a more secure 2FA method, but I am concerned that poor user adoption of this method will provide cybercriminals another outlet to target unsuspecting people through social engineering attacks. That’s why all Twitter account holders should activate another MFA option before 2FA expires on March 10th. This will ensure sure their information and accounts remain protected.
The Latest Cybercrime Trends
1. Ransomware Attacks Aren’t on the Decline:
While many reports have surfaced that ransomware has been on the decline, early 2023 data from Black Fog is showing that this is not the case.
In their monthly global ransomware tracking report, Black Fog reported 33 publicly disclosed ransomware attacks, with the education sector being the highest hit making up one third of the reported attacks. Altogether, this is the highest number of recorded ransomware attacks for the month of January, since the group started tracking them in 2020.
Based on Black Fog’s data and expertise, they estimated that 543% of actual global ransomware attacks went unreported in February 2023, as organizations may not know they’ve occurred or try to avoid regulatory penalties, reputation damage and class action lawsuits.
2. Chat GPT is a New Tool in the Scammer’s Toolbox
Just as consumers are exploring all the benefits of using ChatGPT’s natural language model, so are today’s scammers.
In the past, it was quite easy to detect a phishing email due to the multitude of spelling errors and at many times, irrelevant content; however, today’s phishing emails are much more sophisticated and better targeted due to the rise of social engineering techniques.
A recent study by the security firm WithSecure, showed that cyber attackers can use ChatGPT to lure unsuspecting victims with human-like and grammatically correct text in their individual and email phishing campaigns. And as a result, the emails are more personalized and are of better quality to trick the end user.
3. New Screenshot Malware Tool Finds High Value Targets Before Full-Fledged Attacks
Hackers are continuously developing new ways to target victims. According to Proofpoint, cybercriminals have created a new screen shot tool that allows them to steal valuable data that won’t be detected by common anti-virus tools.
What’s dangerous about this new technology is that this method can easily harvest valuable data to help cybercriminals design better attacks on organizations and their networks.
This is another reason why I always recommend that organizations upgrade to a fully managed endpoint detection response (EDR) and to provide employees with regular cybersecurity education, training and testing.
Jack’s Top Monthly Hacks:
Get Rid of Anti-Virus and Implement EDR
Since ransomware doesn’t appear to be on the decline and cyber-attacks are getting more sophisticated, my top tip is for organizations to implement a managed endpoint detection and response (Manage EDR or MDR) instead of relying on outdated anti-virus tools.
While many anti-virus solutions will claim to have EDR benefits, they simply do not provide the required cyber security that today’s businesses need to stay cyber secure. The best solutions combine independently acting EDR software in combination with centralized AI and a 24/7 Security Operations Center (SOC) that will investigate potential threats, no matter when they hit.
What’s great about this approach is that this combination of tools doesn’t depend on being able to identify a particular piece of malware. Instead, it captures your server’s ongoing behaviour so that it can stop abnormal activities and criminals in their tracks. That’s where our vCISO and Hackbuster services can help you find a solution that is top notch and won’t break your budget.
Don’t Click on Any Links Related to your Taxes Within Emails or Text Messages
In North America and in some parts of Europe, it’s the beginning of tax season and scammers will be coming out in full force to trick unsuspecting consumers and businesses to divulge sensitive information via email phishing, SMS scams and social engineering attacks. Last year, we saw an increase of 73% in tax fraud in Canada as many people moved online to submit their taxes due to pandemic trends. In the US, 92% of taxes were filed online and the IRS estimates that almost 8 million reports were suspicious in 2022.
It’s important to be vigilant as scammers will try to obtain your social insurance number, date of birth and banking information – so if you are asked for this type of information, know this is a red flag and ignore the message and block the source.
That’s why my top monthly consumer tip is to never click on any links related to communications for your taxes. Instead, I recommend visiting a saved link or the issuant’s website to access important accounts, which only takes a few extra seconds to navigate this way. Making this a regular habit can avoid having important personal information stolen.
That’s why BOXX offers the Cyber Protect app which provides online protection at all times. With its award-winning anti-virus software, unique VPN (Virtual Private Network) and Safe Browsing feature, your personal information will always remain secure.