Israeli children using Zoom for remote learning have experienced disturbing interruptions, including images of a gun-wielding man and pro-Hamas content displayed on their screens. This hacktivist activity, prompted by the war in Gaza, has led Israeli information security professionals to offer free cybersecurity services to affected Israeli companies. The incidents, such as the hacked billboard in Holon, have drawn attention to vulnerabilities during a time when many Israeli tech professionals are on military duty. Hacktivists, claiming to support the Palestinian cause, have engaged in intrusions and sabotage efforts, causing disruptions but limited damage so far. A group of volunteers is actively helping targeted Israeli companies, emphasizing that they do not endorse vigilante actions against Hamas, as this could lead to counterproductive outcomes. (reuters.com)
When we start talking about cyberwarfare, I believe in some ways it could be as serious as a physical war. On the surface, it may not seem like it, however when attacks target innocent people including critical infrastructure and hospitals, the damage can be tremendous. We often hear the pen is mightier than the sword, but I'd suggest the keyboard is even more powerful. Cybersecurity experts must not only protect against external threats, but also guard against requests for potentially illegal or unethical actions, as exemplified by the refusal to hack into iCloud and phones in the article. Ethical standards should always guide cybersecurity actions.
The national cyber security coordinator of Australia has issued a warning that schools could be the next major targets of ransomware groups due to their limited resources and smaller cybersecurity teams. Air Marshal Darren Goldie noted that schools in the United States have already been targeted, and this trend could extend to Australia. Schools are attractive targets because they have a significant number of individuals using personal devices connected to their networks, lack full-time cybersecurity teams, and often lack 24/7 threat response capabilities. This warning comes in the context of previous individual ransomware attacks on Australian schools.
My thoughts: This warning should serve as a wakeup call for schools to invest in cybersecurity measures and prioritize the safety of their digital infrastructure. It's a shared responsibility to protect the next generation's education. In this industry, we need to “predict “the future, and it’s no surprise that schools are becoming a target. (itnews.com)
The U.S. government updated its list of tools used by AvosLocker ransomware affiliates, adding open-source utilities. The FBI and CISA also shared a YARA rule for detecting disguised malware. AvosLocker affiliates use a range of tools to compromise networks, including legitimate and open-source software. They also employ NetMonitor.exe, a malware posing as a network monitoring tool. To defend against AvosLocker, organizations are advised to implement application control mechanisms, restrict remote desktop services, enable multi-factor authentication, practice least privilege, keep software updated, and segment networks. This advisory expands on earlier guidance that mentioned AvosLocker attacks targeting Microsoft Exchange server vulnerabilities. (bleepingcomputer.com)
My thoughts: We don’t hear about the Zero-Trust concept enough. The recommended defense measures are critical. Application control, multi-factor authentication, and the principle of least privilege are fundamental in mitigating ransomware threats. These practices should be a cornerstone of any organization's cybersecurity strategy. If you want to learn more about Zero Trust. Send a message to Assurance IT.
Simpson Manufacturing, a California-based engineering and building products company with over 5,000 employees worldwide, recently suffered a cyberattack on October 10th, resulting in disruptions to its IT infrastructure and applications. To address this issue, the company has temporarily taken some systems offline and expects operational disruptions until a full resolution is achieved. An investigation is underway to determine the nature and extent of the attack, and the company has engaged third-party cybersecurity experts for assistance in the investigation and recovery efforts. While the exact type of attack is not disclosed, the response suggests it could be related to ransomware. Notably, this incident occurred shortly after the company announced its plans to report third-quarter financial results later in the month. (darkreading.com)
My thoughts: While it's common to suspect ransomware in such incidents, the lack of information about the attack type highlights the need for more transparency in reporting cybersecurity breaches. It's crucial for the public and other potential targets to understand the threat landscape so they can properly prepare for future attacks. The Canadian Government has setup a site where individuals and organizations can report a cyber incident. https://www.cyber.gc.ca/en
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.