{"id":32320,"date":"2022-12-07T08:33:41","date_gmt":"2022-12-07T13:33:41","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=517338"},"modified":"2022-12-07T10:21:53","modified_gmt":"2022-12-07T15:21:53","slug":"cyber-security-today-dec-7-2022-rackspace-hit-by-ransomware-employees-are-still-falling-for-the-fake-it-colleague-scam-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-dec-7-2022-rackspace-hit-by-ransomware-employees-are-still-falling-for-the-fake-it-colleague-scam-and-more\/","title":{"rendered":"Cyber Security Today, Dec. 7, 2022 \u2013 Rackspace hit by ransomware, employees are still falling for the fake IT colleague scam, and more"},"content":{"rendered":"<p data-ar-index=\"0\">Rackspace hit by ransomware, employees are still falling for the fake IT colleague scam, and more.<br \/>\nWelcome to Cyber Security Today. It\u2019s Wednesday, December 7th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p data-ar-index=\"1\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/25244706\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"2\">\n<p data-ar-index=\"3\"><strong>Texas-based cloud provider<\/strong> Rackspace Technology<a href=\"https:\/\/ir.rackspace.com\/news-releases\/news-release-details\/rackspace-technology-hosted-exchange-environment-update\" rel=\"noopener\"> has admitted suffering a ransomware attack last week.<\/a> Affected are customers of the company\u2019s hosted Microsoft Exchange service. Rackspace said Tuesday it believes the attack was limited to its Exchange servers. It is helping Exchange customers shift to the cloud-based Microsoft 365 as quickly as possible. As of the recording of this podcast, Rackspace couldn\u2019t say if any customer data was affected.<\/p>\n<p data-ar-index=\"4\"><strong>Separately,<\/strong> researchers at Palo Alto Networks <a href=\"https:\/\/unit42.paloaltonetworks.com\/vice-society-targets-education-sector\/\" rel=\"noopener\">released a background paper<\/a> on the Vice Society ransomware gang. It regularly targets school boards, colleges and universities. IT and security teams may find the description of this group\u2019s tactics and tools useful.<\/p>\n<p data-ar-index=\"5\"><strong>Telecommunications<\/strong> and business process outsourcing companies are being targeted by a threat actor impersonating corporate IT staff. That\u2019s <a href=\"https:\/\/www.crowdstrike.com\/blog\/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies\/\" rel=\"noopener\">according to researchers at Crowdstrike<\/a>. They say the attacker uses phone calls and text messages to trick employees into logging on to a fake company website, where their usernames and passwords are collected. Or they are fooled into downloading a tool allowing the attackers to get remote access to their computers. If employees have multifactor authentication protecting their credentials, the attacker either persuades the victim to share their one-time passcode or they pester the employee with text messages on their smartphone asking for approval multifactor authentication until the staffer gives up. What\u2019s most concerning is if this attacker can access the target organization\u2019s multifactor authentication console they add their own mobile devices to an employee\u2019s account to help the compromise. In one case the attacker was able to access a company\u2019s Azure Active Directory to identify privileged users. The report emphasizes the importance of IT and security teams protecting Active Directory and watching for newly created or modified accounts. It also speaks to the need for regular employee cybersecurity awareness training. A link to the full report with more recommendations is in the text version of this podcast.<\/p>\n<p data-ar-index=\"6\"><strong>An open-source<\/strong> ransomware toolkit dubbed Cryptonite has been removed from the GitHub repository, where anyone could have got hold of it. Not only has the source code been deleted, 41 forks have also been removed. <a href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/The-story-of-a-ransomware-turning-into-an-accidental-wiper\" rel=\"noopener\">According to researchers at Fortinet,<\/a> there\u2019s one other interesting thing: At least one variant isn\u2019t ransomware. While it does encrypt data, there\u2019s no way to unscramble it. The researchers don\u2019t believe this\u00a0 was intentional. Because of the way this sample\u2019s code was written, if the program crashes or closed there is no way to recover the encrypted files. Over-simplicity of code and a lack of quality assurance by the crooks are to blame. As a result that version of the malware can be spotted by anti-virus software.<\/p>\n<p data-ar-index=\"7\"><strong>Finally,<\/strong> crooks don\u2019t worry about the cost of software quality issues, but organizations do. And<a href=\"https:\/\/news.synopsys.com\/2022-12-06-Software-Quality-Issues-in-the-U-S-Cost-an-Estimated-2-41-Trillion-in-2022\" rel=\"noopener\"> according to a new survey by the Consortium for Information and Software Quality<\/a>, it costs a lot. The company estimates software quality issues may have held the U.S. economy back by US$2.4 trillion this year. This includes the costs of cyber attacks due to vulnerabilities, problems with open-source software components in applications and software development rework costs. Solutions include applying software quality standards when developing applications, assessing third-party components in software and applying patches promptly.<\/p>\n<p data-ar-index=\"8\">Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p data-ar-index=\"9\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-dec-7-2022-rackspace-hit-by-ransomware-employees-are-still-falling-for-the-fake-it-colleague-scam-and-more\/517338\">Cyber Security Today, Dec. 7, 2022 \u2013 Rackspace hit by ransomware, employees are still falling for the fake IT colleague scam, and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on r<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-32320","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/32320","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=32320"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/32320\/revisions"}],"predecessor-version":[{"id":32324,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/32320\/revisions\/32324"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=32320"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=32320"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=32320"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}