My takeaways from last week – Oct 18, 2021

This week it was a lot about ransomware and for good reasons, I think. It is a priority now to defend against equally for governments, businesses, and individuals. Besides ransomware, I selected a few interesting articles among which one is about user rights and one about cyber… ignorance. Read on to get my takeaways from last week.

Ignorance is bliss… in some cases. In others, it leads to hilarious situations like this one – although not-so-hilarious considering de seriousness of the problem. Here is the thing, not understanding how things work is OK. Not everyone should be knowledgeable in Internet protocols or Cybersecurity. But stating, as an official (Gov. of Missouri), that a journalist is a hacker because of a curious look in the webpage source code is something very serious indeed.

Through a multi-step process, an individual took the records of at least three educators, decoded the HTML source code, and viewed the SSN of those specific educators… This matter is serious. The state is committing to bring to justice anyone who hacked our system and anyone who aided or encouraged them to do so — in accordance with what Missouri law allows AND requires.

The slow and stealthy cyber-attacks are very damaging due to the extended access to the infrastructure. That doesn’t mean that the rapidly evolving attacks should be considered harmless. Here is an example of an attack that extorts organizations in 30 minutes or less, without the use of ransomware.

In less time than it takes to get a stuffed crust pizza delivered, a new group called SnapMC can breach an organization’s systems, steal their sensitive data, and demand payment to keep it from being published – no ransomware required.

VirusTotal published its first Ransomware report, based on samples uploaded by users from 140 countries in 2020 and 2021. It’s interesting to note the countries that were the most affected, based on the number of submissions: Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran, and the UK. You will find details about the most active ransomware families and other statistics. Here are the conclusions of the report:

First, while big campaigns come and go, there is a constant baseline of ransomware activity that never stops.

Second, attackers are using a range of different approaches, including well-known botnet malware and other RATs.

Third, in terms of ransomware distribution attackers don’t appear to need exploits other than for privilege escalation and for malware spreading within internal networks.

Finally, as noted earlier, Windows accounts for 95 percent of the ransomware targets, compared to 2 percent for Android.

I saved for last an interesting debate between user rights (to install whatever they want) and unconfigurable predefined security rules (restrict the sources of software). Apple is claiming that allowing users to install applications from other sources except for App Store would expose them to cyber risks. While this is true for the vast majority of people using Apple products (and valid for tech in general), not allowing those who know what they are doing (or at least they think they know) to install apps from other sources on their own responsibility, I think is not acceptable. What do you think? I suspect that there is a second angle to the debate: revenues from applications.

Apple released a position paper on Oct. 13, arguing that forcing the company to open its App Store software-distribution platform to allow third-party software sellers to install software — a process often called “sideloading” — would undermine the security of iOS devices.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s