Large technology companies face a lot of trouble with protecting their products from attackers. Cyberattacks are so common that a whole lot of money is annually to counter cyber attacks. The latest “Cyber Signals” report officially released by the Microsoft Security Blog points out that the vast majority of ransomware attacks start with cybercriminals exploiting common cybersecurity mistakes. According to Microsoft, if the victims are a bit more careful, they could prevent many cyberattacks. The report analyzes anonymized data on real threat activity. Microsoft found that more than 80 per cent of ransomware attacks can be traced back to common misconfigurations of software and devices.
Some of the simple errors that enable attacks include
- App in a default state: This could allow access to users across the network which makes the device vulnerable
- Misconfigured or untested security tools
- Cloud apps set up are in a way that easily allow intruders to gain access
- Organizations don’t apply Microsoft attack surface reduction rules. This could allow attackers to run malicious code using macros and scripts.
In many cases, it is these misconfigurations that ransomware attackers are looking for. They look for vulnerable targets for ransomware attacks and often with the threat of a double ransomware attack. If successful, cybercriminals steal sensitive data and threaten that if they don’t pay, they will publish these data.
Microsoft warns about RaaS toolkits
Microsoft warns that attacks are worse with the growth of the ransomware-as-a-service (RaaS) ecosystem. This allows attackers who lack the technical expertise to create and develop their own ransomware to carry out attacks and extort ransom. RaaS toolkits are relatively easy to find on underground forums, and some also include customer support, giving criminals all the help they need. Some of these ransomware kits are sold through a subscription model, while others are based on a consortium model. Here, developers take a cut of the profits from each ransom payment for decryption keys.
To prevent cybercriminals from taking advantage of common mistakes and misconfigurations, Microsoft detailed several recommendations for improving cybersecurity. The recommendations include closing security blind spots by verifying that network security tools. Also, all programs need proper configuration in a way that protects the system while disabling macros and other scripts that cybercriminals commonly exploit to execute malicious code.
The report also recommends increasing the security of people, networks and cloud services through the use of multi-factor authentication. This can prevent cybercriminals from exploiting stolen usernames and passwords. Organizations should also apply security patches and updates as soon as possible to prevent attackers from being able to exploit known vulnerabilities.
Gizchina News of the week
Microsoft To Announce Special Theme Event in September
Microsoft announced that it will hold a conference titled “Stop Ransomware with Microsoft Security” from 0:00 am to 01:30 am Beijing time (9:00 am to 10:30 am Pacific time) on September 16th for digital online activities. The focus of this event is to help organizations learn how to fight ransomware so their systems are not compromised.
Charlie Bell, who helps improve cybersecurity approaches while hosting threats and paid solutions at Microsoft, will join Vasu Jakkal and Lou Manousos as speakers at the digital event. Charlie Bell, a former Amazon Web Services veteran, joined Microsoft as corporate vice president back in February.
Microsoft also provided a summary of what to expect during the digital event, as follows:
- Hear key insights from Microsoft leadership, including a fireside chat between Charlie Bell, executive vice president of Microsoft Security, and Vasu Jakkal, corporate vice president of Microsoft’s security, compliance, identity, and privacy business.
- Learn about two new security solutions: Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management.
- See actual threat intelligence and learn how to use it to prevent and eliminate threats like ransomware.
- Get your questions answered by a threat protection expert in a live Q&A chat.
Microsoft will also host Microsoft Ignite, the first live event since the COVID-19 pandemic, from October 22-24, albeit with limited space.
Plex Media Server faces ransomware attacks – All Users Should Change Passwords Immediately
The popular Plex media server sent out emails to users a few days ago. The company database was accessed by a suspicious third-party attacker, and emails, usernames and passwords appeared to have been leaked. While only some users were affected, the company asked all users to change their passwords immediately.
Below is the memo from the company advising all its users
Yesterday, we discovered suspicious activity in a database and immediately began investigating. It appears that third parties were able to access a limited subset of data, including emails, usernames, and encrypted passwords. While passwords for all accounts that may be accessed are protected in accordance with best practices, out of an abundance of caution, we require all Plex accounts to reset their passwords. Rest assured that credit card and other payment data will not be stored on our servers and will not be attacked in this event.
Additionally, Plex recommends that users tick the “Sign out of connected devices after changing password ” checkbox and log back in with the new password on each device. Plex officially released a tutorial on changing the password on the official website, you can click here to view it. Plex is an app for instant streaming of movies and TV shows without a subscription. Furthermore, Plex also provides a media server solution that allows users to manage and stream their personal movies. Also, users can stream TV shows and music collections from anywhere, on all devices.