December 2022 Newsletter

Posted By: Mark Monday 9th January 2023 Tags: , , , , , , , , , , ,

This month: the state of ransomware threats at the end of 2022; Rackspace suffers a ‘security incident’; predictions for cyber security in 2023; another Paypal scam doing the rounds; the ChatGPT chatbot launches and an update on USB Type-C common charger rules coming into effect.

Newsletter Image: End Of Year Ransomware Roundup

End Of Year Ransomware Threats Roundup

2022 may be coming to an end, but the ransomware threat is as persistent as ever heading into 2023. Here’s an overview of some of the ransomware threats reportedly hitting businesses in the latter part of of the year.

RansomHouse Ransomware Threat Disrupts Healthcare

At the end of November, the Keralty multinational healthcare organisation, in Colombia, suffered a RansomHouse ransomware attack, disrupting the websites and operations of the company and its subsidiaries. Colombian media reported patients having to wait in line for more than twelve hours to receive care, while other patients were passing out due to lack of medical attention.

Cuba Ransomware Threat Advisory

Meanwhile, the FBI and CISA issued a joint security advisory about the Cuba ransomware gang, noting that they had raked in more than $60 million from their ransomware threats after performing data breaches on more than 100 victims globally.

Rackspace ‘Security Incident’

Early December saw American cloud computing company, Rackspace, admitting they were victim of a ransomware attack that knocked out email services for many customers. We’ll delve more into this one in the next article.

Royal Ransomware Warnings

Just as the US Health Dept was issuing a warning about Royal Ransomware targeting healthcare organisations, CommonSpirit Health admitted that an October ransomware attack had leaked the personal data of 623,774 patients.

Clop Ransomware Threats Uses TrueBot Malware

Russian hackers, Silence Group, have planted the TrueBot malware downloader on more than 1,500 systems across the world to fetch shellcode, Cobalt Strike beacons, the Grace malware, the Teleport exfiltration tool, and Clop ransomware.

Lockbit Ransomware Attack on California’s Finance Department

Lockbit gang boasted of exfiltrating 76GB of data in a cyber attack on California Department of Finance, threatening to release all data on Christmas Eve if the ransom wasn’t paid by the State Government.

Play Ransomware Attack On H-Hotels Chain & Antwerp City Services

A December cyber attack on H-Hotels resulted in company communication outages. The Play Ransomware group claimed responsibility along with a claim of stolen data – private and personal – including client documents, passports, IDs, etc.

Another December cyberattack by hackers, also believed to be the Play Ransomware group, on third-party service provider, Digipolis, affected services used by citizens, schools, daycare centers, and the police in the Belgian city of Antwerp. The cyber criminals said they stole around 557 GB of data, including identity cards, passport numbers, financial documents and other personal information. The city council said the attack would result in huge financial losses.

Meanwhile, Crowdstrike have been investigating Play ransomware attacks when involving compromised Microsoft Exchange servers, and have discovered a new exploit called OWASSRF.

FIN7 Seen As Major Player In Ransomware Threats

With more than 8000 victims around the world, The FIN7 cybercrime syndicate has been found to have deep associations other cyber threats such as the DarkSide, REvil, and LockBit ransomware families.

Guardian Newspaper Hit By Suspected Ransomware Attack

The Guardian Media Group said there had been a “serious incident” affecting its IT, with disruption to “behind the scenes services”, and staff being told to work from home.

This isn’t an exhaustive summary of every ransomware threat, it’s a pick of some of the more high profile ones of late. While some of these are in far-flung places, the threat to businesses in the UK is very real and occurs regularly. Always be prepared for a ransomware attack on your company.

LaneSystems is experienced in the fight against ransomware threats, and equipped to deal with protecting your precious company data. If you’re a business in the North East of England, talk to us today to get your cyber security, data recovery and backups in good order – and even get your organisation trained to following good practice with information security.


Newsletter Image: Rackspace 'Security Incident'

Rackspace ‘Security Incident’

As we briefly outlined in the previous article, cloud computing company, Rackspace, were victim of a ransomware attack that took down a section of their Microsoft Exchange servers, knocking out email services for many customers. This has blown up into a serious outage for a small, but significant, proportion of their customers.

This “security incident” began on December 2, when customers began to experience problems connecting and logging into their Exchange environments. After becoming aware of the situation, Rackspace investigations discovered an issue that affected its Hosted Exchange environments.

As noted in their incident report, Rackspace said:

On Friday, Dec 2, 2022, we became aware of an issue impacting our Hosted Exchange environment. We proactively powered down and disconnected the Hosted Exchange environment while we triaged to understand the extent and the severity of the impact. After further analysis, we have determined that this is a security incident.

The known impact is isolated to a portion of our Hosted Exchange platform. We are taking necessary actions to evaluate and protect our environments.

Ransomware Attack Confirmed

On December 6th, as the now days long outage continued to affect a portion of customers, Rackspace updated their incident report to confirm the ransomware attack.

We appreciate your patience as we continue to work through the security issues that have affected our Hosted Exchange environment. As you know, on Friday, December 2nd, 2022, we became aware of suspicious activity and immediately took proactive measures to isolate the Hosted Exchange environment to contain the incident. We have since determined this suspicious activity was the result of a ransomware incident.

Alongside our internal security team, we have engaged a leading cyber defense firm to investigate. Our investigation is still in its early stages, and it is too early to say what, if any, data was affected. If we determine sensitive information was affected, we will notify customers as appropriate.

Unfortunately, the problems have continued as the ’email fiasco’ passed three weeks with customers’ data still in limbo. At time of writing, Rackspace still hadn’t, or wouldn’t, give a figure for how many customers were affected. There was also no indication as to what had been taken, when the company would be able to recover old messages and contacts, or whether they even would be able to recover the data. Unsurprisingly, there has been widespread criticism over the response.

As Tech Crunch put it:

In one of the company’s first updates, published on December 6, Rackspace said that it had not yet determined “what, if any, data was affected,” adding that if sensitive information was affected, it would “notify customers as appropriate.” We’re now at the end of December and customers are in the dark about whether their sensitive information was stolen.

Ransomware Attack Brings Class Action

Rackspace is facing a class action lawsuit, in America, over the whole ordeal.

As noted in the article:

Rackspace Technology, Inc faces a proposed class action over a December 2022 data breach that exposed sensitive customer data to cybercriminals and disrupted the business operations of clients who rely on the company’s cloud computing services.

The 54-page lawsuit was filed in Texas by Q Industries, an air compressor manufacturer that uses Rackspace’s network to host its email and cloud computing services. The case claims that unauthorized parties infiltrated Rackspace’s servers on December 2 of this year due to the cloud computing company’s failure to implement adequate cybersecurity measures.

All of this reinforces the message for robust cyber security practices to protect your valuable business data. LaneSystems provides a range of services to keep your data safe and your company running.


Newsletter Image: Cybercrime & Security Predictions for 2023

Cybercrime & Security Predictions for 2023

We’ve kept an eye on the pages of various tech sources and resources, gathering their opinions for the things to keep aware of in the coming year. Here’s a list of the common predictions for the evolution of cybercrime, cybersecurity, and how to stay one-step ahead of the cyber criminals.

Increase in digital supply chain attacks

As more supply chains modernise and become internet-connected, the security of these supply chains is paramount. Gartner predicted, last year, that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021. Nothing looks to be changing that prediction. Greater digitised supply chains, and use of technology means a cyber threat exists through security holes. Make sure these implementations are integrated into your company’s cybersecurity practices and that everything is correctly configured. Never let slip cybersecurity best practices, when introducing new technology into your working environment.

Increased Mobile-Specific Cyber Threats

With smartphones ever more integrated into business working environments, they’re a prime target for a cyber attack. Phones are used for SMS authentication and other one-time passcodes, and cyber criminals want access to these to aid with their attempts at a data breach.

Awareness of multi-factor authentication verification methods, along with understanding that a very high proportion of attacks are facilitated by human error, will become ever more important as businesses will need to implement systems that reduce vulnerability through social engineering attacks and possibly software solutions that reduce the chances of human error.

AI Voice Cloning Technology

We’ve seen a marked increase in the ability of voice impersonations, through audio ‘deep fakes’ cloning their targets in sophisticated social engineering attacks. This will only get worse as the technology continues to improve and also becomes more easily accessible.

Continued Growth of RaaS & MaaS

Ransomware-as-a-Service and Malware-as-a-Service is booming and cyber criminals are leasing out their kits, making it even easier for other threat actors to deploy attacks quickly and affordably.

Good staff training is important for recognising the threat of these attacks on your business. And in terms of ransomware specifically, insurers are no longer providing a guaranteed safety net under their cyber insurance policies.

Stricter Data Privacy Laws

We’ve had GDPR and similar laws for several years, but in general, and especially globally for international businesses, the rules for storing data and what can be done with it are getting tighter. It’s another area of risk assessment for companies, to remain compliant and may need to update their own privacy policy.

Of course, there’s always going to be unknowns to throw into the mix, so always be aware of cyber security incidents making the news and the potential for such things affecting your own business.


Newsletter Image: Paypal Payment Request Scam

Paypal Payment Request Scam

We’ve been made aware of a fake payment request scam being sent through PayPal via an exploit that uses legitimate Paypal emails. Scammers are exploiting PayPal’s ‘request money’ feature in an attempt to scare people into calling a scam phone number to give away all their personal details.

The fraudsters send fraudulent messages within the legitimate Paypal emails requesting payments for items such as phones, subscriptions, gift cards, etc.

Sophos gives a breakdown of how the scam works:

  • The scammer creates a PayPal account and uses PayPal’s “money request” service to send you an official PayPal email asking you to send them some funds. Friends can use this service as an informal but relatively safe way of splitting expenses after a night out, asking for help paying a bill, or even to get paid for small tasks such as cleaning, gardening, pet sitting, and so on.
  • The scammer makes the request look like an existing charge for a genuine product or service, though not one you actually ordered, and probably for what looks like an unlikely or unreasonable price.
  • The scammer adds a contact phone number into the message, apparently offering an easy way to cancel the payment request if you think it’s a scam.

So the email actually does originate from PayPal, giving it an air of authenticity, but entices you to react by phoning the crooks back, rather than by replying to the email itself.

The crooks have simply found a way to abuse PayPal’s free ‘Money Request’ service to generate emails that really do come from PayPal, that include real PayPal links, and that use the message field in the request to give you an official-looking way to contact them directly.

The genuine-looking sender, ‘service@paypal.co.uk’, is designed to invoke panic and, if you log in to your Paypal account, you will see the payment request listed in your account profile.

If you receive one of these bogus emails you can simply ignore it and nothing will happen, but we recommend you contact Paypal via one of their genuine contact methods to report the attempted fraud. They have specific page related to fraud, and you can always forward suspicious emails to phishing@paypal.com.

As Sophos reminds us:

They aren’t invoices; they aren’t payment demands; they’re not receipts; and they are unrelated to any existing purchase you did or didn’t make via PayPal or anywhere else.

If simply you do nothing, then nothing gets paid out and no one receives anything, so the scam fails.

As ever, our advice is to never call the number provided in the email, and certainly don’t pay. Be careful!


Newsletter Image: ChatGPT AI Chatbot Is Here

ChatGPT AI Chatbot Is Here

At the beginning of December, ChatGPT was publicly released by artificial intelligence research firm, OpenAI. Within a few days, more than a million people were giving it a workout.

ChatGPT is the latest version of their Generative Pre-Trained transformer AIs which, it’s claimed, will let you type in normal conversational questions that allows the chatbot to give answers, then adapt to follow up questions, change its mind on an answer based upon new information, reject bad premises, and more. The bot remembers the thread of your dialogue, like in a regular human conversation, and uses the huge volumes of information on the internet to adapt and inform its responses.

As CNET reports:

It’s a big deal. The tool seems pretty knowledgeable in areas where there’s good training data for it to learn from. It’s not omniscient or smart enough to replace all humans yet, but it can be creative, and its answers can sound downright authoritative.

ChatGPT is designed to weed out “inappropriate” requests, a behavior in line with OpenAI’s mission “to ensure that artificial general intelligence benefits all of humanity.”

If you ask ChatGPT itself what’s off limits, it’ll tell you: any questions “that are discriminatory, offensive, or inappropriate. This includes questions that are racist, sexist, homophobic, transphobic, or otherwise discriminatory or hateful.” Asking it to engage in illegal activities is also a no-no.

Although we’ve personally seen examples of some wags testing that level of ‘illegal’ by getting it to describe how to do things like hotwire a car.

The BBC reports that:

OpenAI warns that “ChatGPT sometimes writes plausible-sounding but incorrect or nonsensical answers” and that it can produce problematic answers and exhibit biased behaviour. But, overall, the Chatbot seems to have impressed many users.

Open AI says it’s “eager to collect user feedback to aid our ongoing work to improve this system”.

CNET concluded:

Often ChatGPT’s answers far surpass what Google will suggest, so it’s easy to imagine GPT-3 is a rival.

But you should think twice before trusting ChatGPT. As with Google, and other sources of information like Wikipedia, it’s best practice to verify information from original sources before relying on it.

Vetting the veracity of ChatGPT answers takes some work because it just gives you some raw text with no links or citations. But it can be useful and in some cases thought provoking. You may not see something directly like ChatGPT in Google search results, but Google has built large language models of its own and uses AI extensively already in search.

So ChatGPT is doubtless showing the way towards our tech future.


Newsletter Image: Common Charging Cable Date Set

Common Charging Cable Date Set

Earlier this year, the EU agreed upon rules demanding new portable electronic devices — with a power delivery of up to 100w — must use the USB Type-C charger by late 2024. This rule would apply to devices such as phones, tablets, headphones, and handheld game consoles.

Now, a specific date has been set for this common charging cable compliance, in the EU’s Official Journal, with a deadline of December 28th 2024.

Many devices already use USB Type-C charging, but companies, such as Apple, use their own proprietary charging Lightning Port, and will now have to offer the Type-C port to continue selling in Europe.

Apple senior vice president of worldwide marketing, Greg Jozwiak, said in a Wall Street Journal interview that the tech giant would “obviously” comply with the law.

Although the UK is no longer required to follow these rules, and has said it has no plans to copy the requirements of the new EU law, there is some potential headache regarding the rules applying to Northern Ireland through the Brexit agreement’s Northern Ireland Protocol.

The move is an attempt to reduce e-waste, while some argue it could stifle innovation and there are concerns for the longer-term impact of these rules.