Take the Ransom Out of Ransomware

NetStandard’s Security Minute Series

So the Exchange attacks just keep getting worse. The estimated number of affected Exchange servers is up into the tens of thousands (I’ve seen some estimates in the hundreds of thousands!), and there are at least 10 other attack groups trying to piggyback onto the Exchange webshells that the initial attack left behind. If you or someone you know is running Exchange and has not fully patched and investigated this, call me immediately: At least 10 hacking groups using Microsoft software flaw – researchers | Reuters

• NetStandard’s statement about our hosted Exchange customers can be found here: Recent Exchange Vulnerabilities (netstandard1.wpengine.com)
• Proof-of-concept code has now been released publicly. Ransomware is sure to follow: ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks (thehackernews.com)
  • UPDATE: That was fast…. Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits (bleepingcomputer.com)
• CISA has collected a lot of resources into one portal: Remediating Microsoft Exchange Vulnerabilities | CISA

A major datacenter hosted by OVH, the world’s third-largest hosting provider, was destroyed by fire this week. Services for multiple clients are impacted, with some clients losing data. If you play the game Rust, you may have seen this already. Another reminder that if you are hosting in the cloud, you still need backup and disaster recovery plans – the cloud is not backup! OVH data center burns down knocking major sites offline (bleepingcomputer.com)
The security camera company Verkada, with over 150,000 cloud-connected security cameras in factories, jails, schools, hospitals, and more, was breached this week. Attackers were able to view camera footage from many sensitive locations, including Tesla factories, Cloudflare offices, a Florida hospital, Sandy Hook Elementary School, a jail in Alabama, and more. Apparently the attackers found an admin password on the internet (draw your own conclusions). And there are some reports that Verkada’s customers might not have been informed that Verkada could access their recordings. Scary stuff: Tesla (TSLA), Cloudfare (NET) Breached in Verkada Security Camera Hack – Bloomberg

• “We literally had 20-year-old interns that had access to over 100,000 cameras and could view all of their feeds globally”: Security startup Verkada hack exposes 150,000 security cameras in Tesla factories, jails, and more – The Verge

If you enjoy Miller, Coors, Molson, or Redd’s, you might want to stock up. Parent company Molson Coors Beverage Company notified the SEC that they are suffering from a ransomware attack that has disrupted production at multiple facilities: Molson Coors beer production disrupted after cyberattack | The Record by Recorded Future
We all know that if you get hit with ransomware, you shouldn’t pay the ransom. But it’s always good to have a reminder now and then. Kaspersky has a good blog about it: Why you shouldn’t pay extortionists | Kaspersky official blog
On another note…

• Windows 10 21H1 is getting closer. This is the next “major” update to Windows 10, though I have “major” in quotes since it doesn’t really change much. 21H1 has made it to all beta testers, so there aren’t many steps left before general release: Announcing Windows 10 Insider Preview Build 19043.844 (21H1) | Windows Insider Blog
• CISA is taking over administration of the .gov top-level domain. This is expected to make .gov domains more accessible, as well as providing cybersecurity oversight of the tld: CISA takes over .GOV top-level domain (TLD) administration (bleepingcomputer.com)
• There’s an actual real-life Hollywood movie being made called “Cocaine Bear.” Look it up.