As the saying goes, there’s no rest for the wicked. Just a few months after behemoth IT management solutions provider SolarWinds was the victim of a major cyber attack, IT professionals across the globe are scrambling to patch their Exchange servers against a new zero-day exploit.
Earlier this month, it was announced that hundreds of thousands of organisations (at least 30,000 in the US alone) had potentially been compromised by a group called Hafnium, who are based out of China and believed to be state-sponsored.
IT management software giant Solarwinds were the victims of what is believed to be one of the largest cyber attacks yet late last year, sending shivers down the spine of much of the tech world. The attack breached SolarWinds monitoring tool Orion, which allowed the hackers to deliver malicious updates to unsuspecting users of the tool for several months.
Now, two months after the breach was discovered, an alarming number of SolarWinds customers still have vulnerable Orion servers exposed to the internet.
With 2020 coming to an end, after what felt like an eternity to many, cybersecurity & technology firm CrowdStrike have released their annual ‘Cyber Front Lines’ incident-analysis report, and it contains much food for thought. One of the more striking figures is that more than half of the cyber attacks they investigated involved ransomware; a form of malware which encrypts any files it can find until a ‘ransom’ is paid. Ransomware attacks are known to be extremely destructive, spreading quickly through networks and shutting down critical operations as they go.
Financially-motivated attacks in general, the majority of which were ransomware-based, made up 63% of the more than 200 incidents they responded to, demonstrating that the file-encrypting malware is big business for cyber criminals, and not going away any time soon.
The team behind Wordfence, a popular security plugin for WordPress, have reported seeing a large increase in cyber attacks aimed at WordPress-based websites over the last few weeks. This is believed to be due to a vulnerability in another WordPress plugin, File Manager, which has over 700,000 active installations. While the vulnerability only affects those running certain versions of the File Manager plugin, Wordfence reports that cyber attacks are up across the board, as cyber criminals cast a wide net with their attacks.
A 58 year old woman in the UK has become one of a handful of people ever convicted under the Computer Misuse Act 1990 after committing an act of ‘revenge’ against a former business associate, causing a new company to cease operations and lay off staff.
The woman, Danielle Bulley, was formerly a director at successful UK-based property magazine Property Press, alongside co-director Alan Marriott. When Bulley and Marriott fell out in 2018, Bulley left the company and Marriott started a new venue called Letterbox Productions – using former assets from Property Press.
After Property Press went into liquidation, Marriott started a new company called Letterbox Productions without Bulley – however the new venture used former Property Press assets.
Upon learning of the new company and angry at her former co-director, Bulley engaged in a revenge mission to gain unauthorised access to its Dropbox account and spent hours deleting the contents. Over 5,000 files were permanently erased, causing damage to Letterbox Productions so great that it could no longer function and had to shut down, laying off all its staff in the process.
Bulley admitted to deleting the files when speaking to authorities, stating that she believed she was entitled to do so, but acknowledging that she knew the move would cause harm to the fledgling business.
Bulley was sentenced to an 18 month community order with 80 hours of unpaid work under the Computer Misuse Act 1990, becoming one of only a handful of people to be convicted using the legislation. Bulley had no previous convictions or offenses.
In a statement from the North Yorkshire Police’s Cyber Crime Unit, Detective Constable Steven Harris said “During our investigation, it became clear that Bulley had left the original company on a bad note, but the deletion of thousands of files containing vital information was catastrophic for the victim.”
“It dealt the new business a blow from which it never recovered. Ex-employees can pose a serious risk to a business because they are familiar with the company’s IT infrastructure and procedures. This can make it easier for them to carry out cyber crimes against their former organisation.”
“We encourage businesses to ensure they have policies in place for removing user accounts and changing passwords when an employee leaves an organisation.”
The incident highlights the need for strict user access controls and stringent leaver procedures along with regular backups to another secure location. As the North Yorkshire police rightfully pointed out, former employees pose a unique threat in that they have inside knowledge of the business and are familiar with its infrastructure, especially if they are in high-level positions or sensitive departments such as finance or IT.
When a user leaves, their accounts should be disabled and their passwords changed. Where possible, multiple users should never share login details for generic/shared accounts – if this cannot be avoided, then the password must be changed whenever users leave. Multi-factor authentication should be used where possible to prevent unauthorised access.
And of course, if you are angry at a company you used to work for, we strongly advise against committing criminal acts which will only make the situation worse for everyone.
Judge Simon Hickey noted that Bulley was a respectable woman who had acted on impulse and lost her good character to chase revenge.