Ransomware attacks are going to get worse – and one could eventually take out the infrastructure of an entire 5G-enabled smart city, a cybersecurity expert has warned. Cyber criminals deploying ransomware regularly target government services. Not only do public sector IT budgets mean networks are less secure against attacks, but said networks are also used to provide vital services to the community.  In some cases, local government agencies sime pay the ransom to decrypt the network and restore services, making them ideal targets for extortion.Urban infrastructure, including emergency services, transport, traffic light management, CCTV and more are, increasingly becoming connected to 5G Internet of Things (IoT) services and sensors in order to collect data and provide better, more efficient services. But while connected cities have the potential to improve urban services, any lack of security in IoT devices could make them a very appealing target for ransomware attacks – and, given the current ransomware climate, it’s not a matter of if, but when.”I look two years out and my prediction is a 5G smart city will be held for ransom. I don’t see anything happening right now that tells me that this prediction is not going to come true,” Theresa Payton, CEO of Fortalice Solutions and former CIO at The White House said in an interview with ZDNet Security Update. There have been many cases of cities and public infrastructure being compromised by ransomware – and it can be extremely disruptive. When cyber criminals attack hospitals with ransomware, for example, the nature of the industry means that in many cases – but not all – health service providers feel as if they have no option but to pay. 

And the continued success of ransomware attacks means going after connected infrastructure is the logical next step for cyber criminals. “I just don’t see enough progress being made that we’re going to be able to eradicate ransomware – I see it getting a lot worse, unfortunately, before we really figure out how to tackle it and it gets better,” said Payton, adding that cyber criminals “really don’t care what the downstream impacts are they’re just trying to make a buck”. However, measures can be applied across smart cities to help protect them against cyber attacks.Guidance on smart city security from the UK’s National Cyber Security Centre (NCSC) recommends that cities should only roll out devices from trusted vendors, and that no IoT device on the network should use the default username and password, as this makes them easy targets. Organisations should also regularly check to see whether credentials belonging to employees with high-level account privileges have been exposed in a data breach. If so, passwords – and perhaps even account names – should be changed in order to reduce the risk of them being abused by ransomware groups or other cyber criminals. “Look for those email accounts look for those passwords and think about actually abandoning email accounts that are in password data dumps that have access to core systems,” said Payton. READ MORE ON CYBERSECURITY More

The sudden disappearance of one of the most prolific ransomware services has forced crooks to switch to other forms of ransomware, and one in particular has seen a big growth in popularity. The REvil – also known as Sodinokibi – ransomware gang went dark in July, shortly after finding themselves drawing the attention of the White House following the massive ransomware attack, which affected 1,500 organisations around the world.  

ZDNet Recommends

It’s still uncertain if REvil has quit for good or if they will return under different branding – but affiliates of the ransomware scheme aren’t waiting to find out; they’re switching to using other brands of ransomware and, according to analysis by cybersecurity researchers at Symantec, LockBit ransomware has become the weapon of choice. SEE: A winning strategy for cybersecurity (ZDNet special report) LockBit first appeared in September 2019 and those behind it added a ransomware-as-a-service scheme in January 2020, allowing cyber criminals to lease out LockBit to launch ransomware attacks – in exchange for a cut of the profits.LockBit isn’t as high profile as some other forms of ransomware, but those using it have been making money for themselves from ransom payments paid in Bitcoin.  Now the apparent disappearance of REvil has led to a rise in cyber criminals turning to LockBit to conduct ransomware attacks – aided by the authors of LockBit putting effort into offering an updated version. 

“LockBit has been aggressively advertising for new affiliates in recent weeks. Secondly, they claim to have a new version of their payload with much higher encryption speeds. For an attacker, the faster you can encrypt computers before your attack is uncovered, the more damage you will cause,” Dick O’Brien, senior research editor at Symantec, told ZDNet. Researchers note that many of those now using LockBit are using the same tactics, tools, and procedures they were previously using in attempts to deliver REvil to victims – they’ve just switched the payload.  These methods include exploiting unpatched firewall and VPN vulnerabilities or brute force attacks against remote desktop protocol (RPD) services left exposed to the internet, as well as the use of tools including Mimikatz and Netscan to help establish the access to the network required to install ransomware. And like other ransomware groups, LockBit attackers also use double extortion attacks, stealing data from the victim and threatening to publish it if a ransom isn’t paid. While it has somewhat flown under the radar until now, attackers using LockBit deployed it in an attempted ransomware attack against Accenture – although the company said it had no effect as they were able to restore files from backup.  LockBit has also caught the attention of national security services; the Australian Cyber Security Centre (ACSC) released an alert about LockBit 2.0 this week, warning about a rise in attacks.  SEE: This new phishing attack is ‘sneakier than usual’, Microsoft warnsRansomware poses a threat to organisations no matter what brand is being used. Just because one high-profile group has seemingly disappeared – for now – it doesn’t mean that ransomware is any less of a threat. “We consider LockBit a comparable threat. It’s not just the ransomware itself, it’s the skill of the attackers deploying it. In both cases, the attackers behind the threats are quite adept,” said O’Brien. “In the short term, we expect to see Lockbit continue to be one of the most frequently used ransomware families in targeted attacks. The longer-term outlook depends on whether some of the recently departed ransomware developers – such as REvil and Darkside – return,” he added. To help protect against falling victim to ransomware attacks, organisations should ensure that software and services are up to date with the latest patches, so cyber criminals can’t exploit known vulnerabilities to gain access to networks. It’s also recommended that multi-factor authentication is applied to all user accounts, to help prevent attackers from easily being able to use leaked or stolen passwords. Organisations should also regularly back up the network, so in the event of falling victim to a ransomware attack, the network can be restored without paying a ransom.  MORE ON CYBERSECURITY More

Credit: Microsoft

Microsoft announced today that it is rolling out end-to-end encryption (E2EE) for one-to-one Teams calls. According to Microsoft’s blog post announcing general availability, admins will have the option to enable and control this feature for their organizations once they receive the update. By default, E2EE won’t be available to all users within a tenant. Once IT configures the policy and enables it for selected users, those users will still need to turn this feature on in Teams settings. IT will be able to disable this feature when needed. Microsoft officials warned that when using E2EE for Teams one-to-one calls, some features will be unavailable. This includes recording; live captions and transcription; and adding participants to make a call a group call. If any of the unavailable features is required, users will need to turn E2EE off.As Microsoft noted in a blog post in October, real-time video and voice data is protected by E2EE. But it doesn’t secure chat or file-sharing, which are both protected at rest and in-transit by other encryption protocols, like HTTPS, for secure connections between a device and a website.  The E2EE Teams call feature is available on the latest version of the Teams desktop client for Windows or Mac, officials said. In other recent Teams news, Microsoft will be introducing a new “Teams Phone with Calling Plan” product on January 1, 2022. This new plan combines Microsoft 365 Business Voice with enterprise capabilities in Teams Calling Essentials. These two products will be discontinued once the new plan is released, officials said. With Teams Phone with Calling Plan — which will be available to Microsoft 365 and Office 365 business users who have subscriptions including Teams — users will get 3,000 minutes for domestic calls in the US and Canada. Users will only get 2,300 minutes for domestic calls in other markets, and calls outside users’ domestic zones will require an add-on calling plan. Teams Phone with Calling Plan will cost $15 per user per month. Teams Phone alone costs $8 per user per month, and domestic calling plan costs another $12 per user per month. More

Amazon Prime Day is here, and the next two days provide some great chances to score deals on your favorite tech. If you’re looking specifically for a smart home security camera, you’re in luck because there are plenty of deals to be had on brands like Ring, Blink, Arlo, Wyze, and even Roku. Some cameras on this list are indoor or outdoor, some are wireless versions powered by a battery, some are plug-in, and some make great pet camera options.Thanks to Prime Day deals, you can save hundreds of dollars on popular security cameras right now. We’ll continue to update this list with new Prime Day security camera deals throughout the two-day sale.Also: The best Prime Day deals: Live updatesBest security camera deals for Amazon Prime Day 2024Blink Whole Home Bundle for $90 (save $110) More

Just_Super/Getty Images Anthropic, maker of the Claude family of large language models, this week updated its policy for safety controls over its software to reflect what it says is the potential for malicious actors to exploit the AI models to automate cyber attacks.  The PDF document, detailing the company’s “responsible scaling policy,” outlines several procedural […] More