{"id":33824,"date":"2023-01-11T08:35:49","date_gmt":"2023-01-11T13:35:49","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=521282"},"modified":"2023-01-11T14:30:28","modified_gmt":"2023-01-11T19:30:28","slug":"cyber-security-today-jan-11-2023-debate-on-ransomware-attacks-dropping-continues-beware-of-long-hidden-backdoors-and-lots-of-patches-released","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-jan-11-2023-debate-on-ransomware-attacks-dropping-continues-beware-of-long-hidden-backdoors-and-lots-of-patches-released\/","title":{"rendered":"Cyber Security Today, Jan. 11, 2023 \u2013 Debate on ransomware attacks dropping continues, beware of long-hidden backdoors and lots of patches released"},"content":{"rendered":"<p data-ar-index=\"0\">The debate on ransomware attacks dropping continues, beware of long-hidden backdoors and lots of patches released.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Wednesday, January 11th, 2023. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p data-ar-index=\"2\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/25566198\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"3\"><strong>Another entry<\/strong> in the debate on whether ransomware attacks are going up or down has been issued. <a href=\"https:\/\/www.itworldcanada.com\/article\/are-ransomware-attacks-in-u-s-up-or-down-why-its-hard-to-say\/519855\" rel=\"noopener\">Last week researchers at Emsisoft said<\/a> the truth in the U.S. is hard to figure out because so many attacks aren\u2019t publicly reported. This week researchers at Delinea released a report saying a survey it paid for suggests ransomware last year was down significantly over 2021. Of the 300 American IT decision-makers surveyed, 25 per said they were victims of ransomware in 2022. By comparison, 64 per cent of respondents said their firm was hit in 2021. Respondents also said budgets for ransomware defence dropped last year, although that could be because IT leaders are folding defences against ransomware with defences against all types of cyber attacks. More worrisome, the number of companies with incident response plans dropped to 71 per cent last year from 94 per cent in 2022. There\u2019s a link to the full report in the text version of this podcast.<\/p>\n<p data-ar-index=\"4\"><strong>Threat actors<\/strong> are known for installing back doors on victims\u2019 IT infrastructure to enable their attacks. That\u2019s why scouring an entire IT environment is vital after a successful breach of security controls to make sure back doors aren\u2019t left around. The latest example comes <a href=\"https:\/\/insights.s-rminform.com\/lorenz-cyber-intelligence-briefing-special\" rel=\"noopener\">in a report from researchers at U.K.-based S-RM Intelligence<\/a>. It looked into an attack by the Lorenz ransomware gang. The gang exploited a vulnerability in an organization using Mitel\u2019s VoIP phone system. However, it was able to do that by using a backdoor that had been installed five months before the ransomware was launched. One theory is an initial access broker compromised the victim\u2019s IT infrastructure and installed the backdoor, then notified the Lorenz group. Whatever the explanation, it\u2019s another example of why continuously searching for backdoors as well as patching vulnerabilities is essential.<\/p>\n<p data-ar-index=\"5\"><strong>Ransom demands<\/strong> linked to denial of service attacks aren\u2019t talked about a lot. However, they are something IT security leaders need to think about. <a href=\"https:\/\/blog.cloudflare.com\/ddos-threat-report-2022-q4\/#ransomddosattacks\" rel=\"noopener\">According to Cloudflare<\/a>, a service that mitigates denial of service attacks, 16 per cent of its customers in the fourth quarter last year said a DDoS attack they suffered came with a threat or ransom note. Still, that was less than the 22 per cent who said they had a threatening DDoS attack in the fourth quarter of 2021. In the first quarter of 2022, 10 per cent of customers hit by DDoS attacks said it came with a threat. That increased to 12 per cent in the second quarter, 14 per cent in the third quarter, and, as I said, 16 per cent in the fourth quarter.<\/p>\n<p data-ar-index=\"6\">IT administrators must remember that compromised internet-connected devices such as computers, routers, firewalls, surveillance cameras and their associated digital recorders are used to create botnets to launch distributed denial of service attacks. Sanitizing IT networks helps lower the odds of your gear being used for DDoS attacks.<\/p>\n<p data-ar-index=\"7\"><strong>Yesterday<\/strong> was Microsoft\u2019s monthly Patch Tuesday, when fixes were released for a number of holes in Windows. <a href=\"https:\/\/www.action1.com\/patch-tuesday-january-2023\/\" rel=\"noopener\">According to researchers at Action1<\/a>, 98 vulnerabilities were fixed. Eleven of them are ranked critical. One fixes a significant zero day vulnerability in all versions of Windows back to version 8.1 and WinServer 2012 R2. It could allow a potential attacker to gain System privileges. Another fixes a hole in Windows Credential Manager.<\/p>\n<p data-ar-index=\"8\">Also yesterday, SAP released 12 security patches. <a href=\"https:\/\/onapsis.com\/blog\/sap-security-patch-day-january-2023\" rel=\"noopener\">Researchers at Onapsis note<\/a> that three of the fixes have vulnerability scores at 9 or above.<\/p>\n<p data-ar-index=\"9\"><a href=\"https:\/\/helpx.adobe.com\/security\/products\/acrobat\/apsb23-01.html\" rel=\"noopener\">Adobe released critical fixes<\/a> for Acrobat and Acrobat Reader. Zoom released patches for two vulnerabilities ranked high in severity for Zoom Rooms.<\/p>\n<p data-ar-index=\"10\">On the industrial side, <a href=\"https:\/\/new.siemens.com\/global\/en\/products\/services\/cert.html#SecurityPublications\" rel=\"noopener\">Siemens<\/a> and <a href=\"https:\/\/www.se.com\/ww\/en\/work\/support\/cybersecurity\/security-notifications.jsp\" rel=\"noopener\">Schneider Electric<\/a> announced fixes for a number of products.<\/p>\n<p data-ar-index=\"11\">IT and security managers need to evaluate patches against the organization\u2019s risk profile and then prioritize which patches need to be installed and in which order.<\/p>\n<p data-ar-index=\"12\"><strong>Attention application developers:<\/strong> If you use the open-source JsonWebToken package created by AuthO in your software for signing JSON data make sure you have a recent version. This package was updated in December <a href=\"https:\/\/unit42.paloaltonetworks.com\/jsonwebtoken-vulnerability-CVE-2022-23529\/\" rel=\"noopener\">after researchers at Palo Alto Networks discovered<\/a> a serious vulnerability. You should be on version 9.0.<\/p>\n<p data-ar-index=\"13\"><strong>Finally,<\/strong> if you or your employees use the Threema messaging app make sure it\u2019s the latest version. It patches vulnerabilities <a href=\"https:\/\/breakingthe3ma.app\/\" rel=\"noopener\">found by researchers<\/a>.<\/p>\n<p data-ar-index=\"14\">Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. U.S. listeners can also find me on TechNewsDay.com<\/p>\n<p data-ar-index=\"15\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-jan-11-2023-debate-on-ransomware-attacks-dropping-continues-beware-of-long-hidden-backdoors-and-lots-of-patches-released\/521282\">Cyber Security Today, Jan. 11, 2023 \u2013 Debate on ransomware attacks dropping continues, beware of long-hidden backdoors and lots of patches released<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode includes news on a ransomware survey of IT leaders, hidden backdoors, ransom notes with DDoS attacks and a summary of the late<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-33824","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/33824","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=33824"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/33824\/revisions"}],"predecessor-version":[{"id":33839,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/33824\/revisions\/33839"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=33824"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=33824"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=33824"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}