Ransomware continues to grab the headlines.
This month’s MOVEit mass hack by Russian criminal gang Clop affected some big names here in the UK and across the pond.
It brings to light an emerging trend where hackers target managed file transfer software as a rich source of private organisational data.
But paying the ransomware should never be an option according to government advice.
Meanwhile, in our blog this month, we ask you to imagine a world without passwords.
Passwordless authentication is becoming a reality for more and more organisations and we explain why, from a security point of view, it’s a beautiful thing.
All this and more cyber sec news.
Hackers like to MOVEit
This month saw one of the biggest mass hacks of the year. The BBC, Boots, BA, Ofcom, Shell and some US federal agencies all disclosed that they were hit by a cyber attack using a common point of entry.
The hack came to light after US-based Progress Software revealed that their MOVEit Transfer Tool had been exploited by hackers.
MOVEit was used regularly by UK-based payroll provider Zellis, which handles payroll for the BBC, British Airways and Boots. The National Cyber Security Centre (NCSC) is currently working with Zellis to investigate and respond to the incident.
Russian ransomware gang Clop, who were the main suspects, have confirmed their involvement by naming their victim organisations on the dark web and demanding ransom payments.
It’s believed that hackers will increasingly be focusing on managed file transfer (MTF) software to prey on the sensitive data exchanged between organisations.
Should you pay ransomware? That’s a negative
With the proliferation of ransomware attacks on businesses, it can be tempting for victims to want to pay up.
But the government’s advice is firmly against making ransomware payments. The NCSC has urged victims NOT to give in for many reasons.
There is no guarantee that you will get your data back, your computer could still be infected for future attacks, you will be paying criminal groups and you’re more likely to be targeted again.
More detailed advice on dealing with Ransomware here.
Novel SharePoint attacks highlights need for MFA
Ransomware gang Omega has hit a company’s SharePoint Online via a novel route. Instead of targeting the usual compromised endpoints – for instance users’ laptops or smartphones – they breached systems via a Microsoft Global SaaS admin account.
This kind of attack highlights the importance of using MFA (multi-factor authentication) in all accounts – and especially highly privileged ones. MFA can make it harder for attackers to use stolen credentials.
We repeatedly (some might say relentlessly) recommend MFA and conditional access policies, which help verify and validate a device as safe, to lock down SharePoint.
Our dedicated SOC monitoring service proactively monitors your Microsoft 365 environment and actively responds to alerts.
UK gets its first mega cyber security lab
A British lab large enough to test the cyber security of cars, private jets and airplane engines has begun operations in Cheltenham.
Operated by IOActive, the cyber security lab will help make cars, planes and industrial systems safe from cyber attacks.
It’s all part of a larger plan to create a cyber park and hub close to GCHQ near Cheltenham to showcase Britain’s cyber capabilities.
Security updates for June
VMware has released security updates to fix flaws in their Aria Operations for Networks. The flaws could result in information disclosure and remote code execution.
See patch here.
Cisco has also published security fixes for its Expressway Series and TelePresence Video Communication Server (VCS) that could “allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system”.
See patch here.
This password management tool’s a Keeper
Good password management is the 101 of any business’s cyber security. It’s why we’re always scouting the market for trusted, comprehensive and easy-to-use solutions.
Keeper is really ticking all those boxes for us. Things to love include the ease of rollout to all employee devices and the zero-trust security architecture with full end-to-end encryption. Simple. Safe. Job done.