A disgruntled employee can be as severe a threat as the threat actor who wants to steal confidential information for various illegitimate purposes. This week’s headlines cover how an employee proved to be an insider threat and other such pieces, implying the importance of keeping a robust and comprehensive email security posture and why organizations need to keep cybersecurity among their top priorities.
Sturdy Ransomware Attack Victim Files Lawsuit
Barbara Ragan Bennett is a resident of Plymouth County who was affected by the ransomware attack on Sturdy Memorial Hospital on 9th February 2021. The PII (Personally Identifiable Information) of over 35k patients was compromised in this breach. Though the hospital paid the demanded ransom to ensure protection from a data leak, Bennet has filed a class-action lawsuit against Sturdy, accusing it of storing patients’ PII and not taking enough ransomware protection measures.
She argues that Sturdy’s two years of free credit monitoring does not ensure protection from future cyber threats that the patients will forever be exposed to, with all their data now accessible to the adversaries. The suit is seeking damages exceeding $50,000 and these include compensatory damages, actual damages, punitive damages, and statutory damages, among others.
The lead attorney Stephen J. Teti signed the complaint. When approached, he refused to comment on the case. Bennett’s attorneys are now requesting a jury trial. This is the reason why ransomware attacks should be stopped at the root. Once attacked, organizations risk financial losses, loss of goodwill, and an endless cycle of vulnerability towards targeted cyber-attacks.
Increase in Recruitment of Affiliates Among Ransomware Groups
Ransomware-as-service (RaaS) is a dangerous practice trending in the cyber-attacker community. Many ransomware gangs put up recruitment posts on their data leak sites looking for suitable affiliates who would be interested in deploying their ready-made malware on victim devices and networks.
For instance, the LockBit ransomware group conducted a new recruitment session when they launched the ransomware strain of LockBit 2.0 on their data leaks site. All an affiliate needed to do while using LockBit 2.0 was gain initial access to the victims’ core server. The malware would spread on its own (self-spread function) with a fast encryption speed. The Himalaya RaaS gang, too, had put up similar posts seeking affiliates. It promised 70% of profit shares to affiliates who used their pre-configured Fully UnDetectable (FUD) malware.
These instances highlight the current ransomware threat trends and suggest the need for enhanced cybersecurity tools to protect against the strong chain of ransomware-as-a-service.
Fired Employee Seeks Revenge, Deletes 20k Files
A New York Credit Union recently fired an employee without revoking her access to enterprise servers. Consequently, she logged into the system and deleted thousands of sensitive files, retrieving which cost over $10,000. Juliana Barile was fired from her job as a part-time employee at the New York credit union on 19th May 2021. No action was taken despite a credit union employee’s reminder to the bank’s tech support enterprise to revoke Barile’s access. Two days later, she logged in for just forty minutes and managed to erase 21 GB of data (3,500 directories and 20,000 files relating to mortgage loan applications, among others) from the bank’s share drive. The deleted files also contained the details of the union’s anti-ransomware protection software.
She also accessed some private Word documents and discussed the same with her friend on 26th May. What Barile did may seem like revenge against the credit union, but her unauthorized intrusion and meddling with confidential files have affected several innocent customers. This incident highlights why ensuring cybersecurity both at an external and internal level is necessary in today’s world.
New Vulnerability In WhatsApp Discovered And Patched
A new vulnerability was identified in WhatsApp, a popular messaging application, which could enable adversaries to access sensitive information from WhatsApp’s memory. Categorized as an Out-Of-Bounds read-write vulnerability, this flaw in the app’s image filter functionality could be exploited through extensive user interaction. Fortunately, WhatsApp could find no evidence of this vulnerability being exploited.
The vulnerability was first reported to WhatsApp on 10th February 2020. By February, a patch for the same was released in the 22.214.171.124 version of the app, which implemented two new checks for source and filter images. The security patch mandates source and filter images to be in RGBA format and validate the image size after checking its dimensions. WhatsApp reassured users of its emphasis on end-to-end encryption and urged users to keep the app updated.
Brute Force Attacks on The Rise
Emails continue to be the gateway for several attack vectors, and cyber security experts note an increase in brute force attacks in recent times. In a typical brute force attack, the adversaries try to gain unauthorized access to the victim’s email accounts.
The recent statistics reveal that brute force attacks have increased by 671% in June 2021, with a 43% probability of small and mid-sized organizations undergoing an attack in Q3. These brute force attacks are a growing concern because they enable adversaries to access victim’s usernames, passwords, and passphrases. A compromised account can then be used for purposes like launching targeted attacks for co-workers, partners, and vendors. Email security service is the need of the hour as such advanced threats will only increase in the forthcoming future.
FBI And CISA Warn Against Incoming Ransomware Pandemic
Looking at the current attack trends and the rising number of Russia-based threat actors, the FBI and CISA have collectively released a cybersecurity advisory warning people to strengthen their ransomware protection measures throughout the holiday season. Since offices are mainly closed during weekends and holidays, the time becomes ideal for adversaries to launch attacks. FBI and CISA cite the example of the Kaseya, JBS, and Colonial Pipeline attacks and ask organizations to be careful.
While JBS paid an $11 million ransom following the REvil attack on its servers after the Memorial Day weekend, Colonial Pipeline had to pay $4.4 million to the Dark side group. Yet another attack launched over the weekend was the REvil attack on Kaseya over the Fourth of July weekend. The joint advisory notes that some of the most active ransomware gangs last month were RansomEXX/Defray777, LockBit, Zeppelin, Conti, Crysis/Dharma/Phobos, PYSA. The most common attack vectors included phishing and brute-forcing. CISA and FBI also mention a lot of cybersecurity tools and measures in the advisory.