Welcome to an exciting addition to our site – a fortnightly round-up of the hottest cybersecurity stories from NetReporter Senior Contributor Davey Winder. Davey is a 30-year veteran of cybersecurity journalism. A Senior Contributor to forbes.com and Contributing Editor of PC Pro magazine, Davey is the only three-time winner of the ‘Security Journalist of the Year’ award.
Ransomware has dominated my time, and once again disrupted organisations large and small, during the first 10 days of June. The cybercriminals behind the biggest ransomware threats such as DoppelPaymer, Maze and REvil, have evolved to exfiltrate data before encrypting it. This gives them data that can be used as leverage when it comes to getting a ransom paid. No longer is it possible to defend against the ransomware threat just by having backups and recovery plans in place. Don’t pay the ransom, risk public exposure of confidential data. However, that doesn’t mean older and more ‘traditional’ ransomware threats are not disruptive and dangerous, as Honda has discovered recently. Global operations at the Japanese car giant were hit by what is thought to be a SNAKE ransomware attack (SNAKE had adapted its ransomware to check for internal Honda network domains) that closed down not only customer support and financial services networks, but auto and engine production plants as well.
And talking of old problems that remain a very current threat brings me nicely to CVE-2020-0796. Perhaps best known as SMBGhost, this wormable vulnerability in Microsoft’s Server Message Block (SMB3.1.1) was thought so dangerous it was given a common vulnerability scoring system (CVSS) rating of 10/10. It was also fixed by Microsoft in an emergency out of band fix back in March. Problem sorted? Nope. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has warned that there is now publicly available and functional proof of concept (PoC) exploit code being used by malicious actors targeting unpatched systems.
I couldn’t finish writing about cybersecurity in June without mentioning the supposed return of Anonymous to the hacktivist scene, and how. Off the back of the George Floyd ‘Black Lives Matter’ protests, so-called Anonymous affiliate accounts on Twitter suddenly sprang back into life gaining millions of followers with threats to expose Trump’s Dirty Laundry.
Although some of these accounts were quickly silenced by Twitter the biggest still remain. However, while investigating the facts about a photo of a naked President Trump, I made contact with people claiming to be part of the ‘real’ Anonymous collective. They told me that “we don’t want or need any attention at the moment, and just want it to be clear there are no hackers running any ops.”