Tag Archive for: clean

Ransomware gang targets nonprofit providing clean water to world’s poorest

/in


Water for People, a nonprofit that aims to improve access to clean water for people whose health is threatened by a lack of it for drinking and sanitation, is the latest organization to have been hit by ransomware criminals.

The ransomware-as-a-service gang Medusa listed Water for People on its darknet site Thursday night, threatening to publish stolen information unless the nonprofit pays a $300,000 extortion fee.

A Water for People spokesperson told Recorded Future News: “The accessed data predates 2021, did not compromise our financial systems and no business operations were impacted. We’re working with top incident response firms, as well as our insurance company and hardening our systems with our security team to prevent future incidents.”

The attack follows the nonprofit receiving a $15 million grant from MacKenzie Scott, the billionaire ex-wife of Amazon founder Jeff Bezos. There is no evidence that Water for People was specifically targeted because of this donation.

The organization operates in nine different countries, from Guatemala and Honduras in Latin America, to Mozambique in Africa and to India, and aims to improve water access for more than 200 million people over the next eight years.

“While the recent cyber attack from Medusa Locker Ransomware has not impacted our important work fighting the global water crisis and equipping communities with lasting access to clean water and sanitation services, it does reflect that even non-profits like ours are in the cross-hairs of these threat actors. We attempted good-faith negotiations that led nowhere,” the spokesperson added.

It is not the first time the Medusa gang’s activities have impacted an organization associated with water provision, although the gang and its affiliates appear to work opportunistically, according to new analysis by Palo Alto Networks’ Unit 42.

Last year, an Italian company that provides drinking water to nearly half a million people was hit by the gang.

Back in 2021, U.S. law enforcement agencies said ransomware gangs in general had hit five water and wastewater treatment facilities in the country — not including three other widely reported cyberattacks on water utilities.

Despite…

Source…

Xfinity Comes Clean On Citrix ‘Vulnerability’ and Cyber Attack

/in


With the Netflix film “Leave The World Behind” getting lots of attention for its central themes of cyber vulnerability and hacking possibilities that could cripple a nation, the subject of internet security is as important as ever.

For Comcast‘s Xfinity MVPD, it is now sharing details of a “data security incident” that transpired two months ago. And, it involves Citrix.

Source…

Is your computer really clean? | Business

/in


The war against malware (short for “malicious software”) like viruses, spyware and rootkits is a constant cat-and-mouse game between malware writers and distributors (the “bad guys”) and those who write, update and use antivirus and antispyware protection tools (the “good guys”).

Thousands of new viruses and virus variants are released onto the Internet every day. Companies like Avira, Avast, AVG, ESET, Trend Micro, McAfee and Symantec employ thousands of researchers and software programmers who work all day long, every day doing nothing but trying to figure out ways to fight new and existing malware. They’ve got their hands full. 

Computer security practitioners like myself, who are “out in the field,” and end-users like you, are on the front lines of the malware war. Having antimalware programs is wonderful, but unless they are properly installed, updated and used, they are almost worse than having nothing at all. It’s sort of like having a fancy, complicated, high-security lock on the front door of your house. If you don’t learn how to use that lock, then you might as well leave the front door wide open. Simply closing the door without using the lock is giving you a false sense of security.

There are many computer experts who contend that a false sense of security is exactly what we have in our computer/Internet-dominated world. People have their fancy-schmancy security “suites” installed, and, having been assured by the manufacturers that they are “protected,” they think they are safe to continue opening questionable email attachments, downloading shady programs, visiting bogus websites and clicking on sketchy popup ads.

The hard truth is that there is no single antimalware program that catches all computer viruses. There is no single antispyware program that stops all spyware. There is no magic all-in-one anti-everything Internet security “suite” that does an excellent job in all of its functions. It simply doesn’t exist. They all miss something and they all fall short when trying to stop the most pernicious malware threat in town: the rootkit.

Rootkits are…

Source…

Feds to Microsoft: Clean up your security act — or else

/in


The US government, worried about the continuing growth of cybercrime, ransomware, and countries including Russia, Iran, and North Korea hacking into government and private networks, is in the middle of drastically changing its cybersecurity strategy. No longer will it rely largely on prodding businesses and tech companies to voluntarily take basic security measures such as patching vulnerable systems to keep them updated.

Instead, it now wants to establish baseline security requirements for businesses and tech companies and to fine those that don’t comply.

It’s not just companies that use the systems who might eventually need to abide by the regulations. Companies that make and sell them, such as Microsoft, Apple, and others could be held accountable as well. Early indications are that the feds already have Microsoft in their crosshairs — they’ve warned the company that, at the moment, it doesn’t appear to be up to the task.

First, let’s delve into the government’s emerging strategy.

The new National Cybersecurity Strategy

In early March, the Biden Administration released a new National Cybersecurity Strategy; it puts more responsibility on private industry and tech firms to follow best security practices such as patching systems to fight newly found vulnerabilities and using multifactor authentication whenever possible.

US regulators have long recommended that tech companies do this. The difference now, according to the New York Times, is that “the new National Cybersecurity Strategy concludes that such good-faith efforts are helpful but insufficient in a world of constant attempts by sophisticated hackers, often backed by Russia, China, Iran or North Korea, to get into critical government and private networks. Instead, companies must be required to meet minimum cybersecurity standards.”

Source…