Information Technology

A sneaky phishing campaign aims to steal passwords from Facebook users – including administrators of company Facebook Pages. Detailed by cybersecurity researchers at Abnormal Security, the attack begins with a phishing email claiming to be from ‘The Facebook Team’, which warns that the user’s account “might be disabled and your page might be removed” due to repeatedly posting content that has been reported as infringing the rights of another user. The victim is invited to appeal the report by clicking on a link that the security researchers said goes to a Facebook post – and within this post there’s another link that directs users to a separate website in order to make their “appeal”.

As part of the fake appeals process, the user is asked to provide sensitive information, including their name and email address. Before submitting the form, the user is also asked to enter their Facebook password. SEE: Multi-factor authentication: How to enable 2FA to step up your securityAll this information is sent to the attacker, who can use it to log in to the victim’s Facebook page, collect information from their account and potentially lock them out of it. If the victim re-uses their Facebook email address and password for other websites and applications, the attacker can access those too. One of the reasons phishing attacks like this are successful is because they create a sense of urgency.”This is often enough to convince recipients to provide their personal information, particularly if they are using their Facebook account for business purposes,” said Rachelle Chouinard, threat intelligence analyst at Abnormal Security.  What made this particular phishing campaign interesting to the security researchers was that it connected to a post on Facebook and that there was a link to a credential-phishing site within the post, which was disguised as a form to request an appeal.However, while the phishing email and phishing domain might have looked legitimate at first glance, there were clues that would have suggested that something might be off.  For example, while the email contained Facebook branding and claimed to be from Facebook itself, the sender email address was not related to Facebook at all. In addition to this, attempting to reply to the sender email directs messages to an unrelated Gmail address. The language of the email is designed to create fear in the victim, scaring them into losing their account. It’s unlikely an actual online service will send an email like this, but if you receive a message and do get worried, don’t click the link in the email. Instead, log in to the website directly. If something is wrong with your account, you’ll be able to find out there – without handing your password to cyber criminals. SEE: These are the problems that cause headaches for bug bounty huntersZDNet contacted Facebook and the company pointed to advice to users on how to identify and report phishing attacks. Facebook’s Help Centre says anyone who thinks that their account has been phished should report it, change their password, and – in the security settings – log out of any devices that they don’t recognise.  It’s also recommended that users turn on multi-factor authentication to increase account security against unauthorised logins.  ZDNet also contacted Google – the company said the Gmail account used as part of the campaign has now been removed. MORE ON CYBERSECURITY More

The BlackCat ransomware gang, known for being the first to use ransomware written in the Rust programming language, has compromised at least 60 organizations worldwide since March 2022, the Federal Bureau of Investigation (FBI) says in a new alert. BlackCat, which also goes by the name ALPHV, is a relatively new ransomware-as-a-service gang that security researchers believe is related to the more established BlackMatter (aka Darkside) ransomware gang that hit US fuel distributor Colonial Pipeline last May. 

ZDNet Recommends

BlackCat appeared in November 2021 and was created by compromise experts or ‘access brokers’ that have sold access to multiple RaaS groups, including BlackMatter, according to Cisco’s Talos researchers. SEE: These are the problems that cause headaches for bug bounty huntersAs ZDNet reported in February, BlackCat has hit several high-profile companies since December, including Swiss airport management service Swissport and two German oil suppliers. While much of the group’s efforts have been focused on striking several European critical infrastructure firms, Cisco notes in a March report that more than 30% of BlackCat compromises have targeted US firms. “As of March 2022, BlackCat/ALPHV ransomware as a service (RaaS) had compromised at least 60 entities worldwide and is the first ransomware group to do so successfully using Rust, considered to be a more secure programming language that offers improved performance and reliable concurrent processing,” the FBI says in its alert detailing BlackCAT/ALPHV indicators of compromise. “BlackCat-affiliated threat actors typically request ransom payments of several million dollars in Bitcoin and Monero but have accepted ransom payments below the initial ransom demand amount. Many of the developers and money launderers for BlackCat/ALPHV are linked to Darkside/BlackMatter, indicating they have extensive networks and experience with ransomware operations,” it continues. The BlackCat gang uses previously compromised user credentials to gain initial access to the victim’s system. The group then compromises Microsoft Active Directory user and administrator accounts and uses the Windows Task Scheduler to configure Group Policy Objects to deploy the ransomware. BlackCat also uses legitimate Windows tools – such as Microsoft Sysinternals, as well as PowerShell scripts – to disable security features in anti-malware tools, launch ransomware executables including on MySQL databases, and copy ransomware to other locations on a network. The group practices double extortion by stealing data prior to encrypting it in order to threaten victims with a leak in the event they don’t pay a ransom demand.       Cisco said it was unlikely the BlackCat gang or affiliates were using an Exchange flaw. However, Trend Micro researchers last week claimed to have identified BlackCat exploiting the Exchange bug CVE-2021-31207 during an investigation. That was one of the ProxyShell Exchange bugs discovered in mid-2021.      BlackCat has versions that work on Windows and Linux, as well as VMware’s ESXi environment, notes Trend Micro.”In this incident, we identified the exploitation of CVE-2021-31207. This vulnerability abuses the New-MailboxExportRequest PowerShell command to export the user mailbox to an arbitrary file location, which could be used to write a web shell on the Exchange Server,” the firm said. SEE: Google: We’re spotting more zero-day bugs than ever. But hackers still have it too easyThe Cybersecurity and Infrastructure Security Agency is urging organizations to review the FBI’s alert.The FBI is seeking information from the public about BlackCat compromises. It wants “any information that can be shared, to include IP logs showing callbacks from foreign IP addresses, Bitcoin or Monero addresses and transaction IDs, communications with the threat actors, the decryptor file, and/or a benign sample of an encrypted file.”As Windows Task Scheduler is commonly used by attackers to hide malicious activity within seemingly normal admin tasks, the FBI recommends organizations review Task Scheduler for unrecognized scheduled tasks, as well as to check domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. More

Schools and universities are facing an unprecedented level of ransomware attacks as incidents continue to severely impact the education sector. The warning comes from Jisc, a not-for-profit organisation that provides network and IT services to higher education and research institutions. Jisc’s ‘Cyber Impact 2022’ report suggests there’s an increased threat of ransomware attacks against education. 

ZDNet Recommends

According to the report, dozens of UK universities, colleges and schools have been hit with ransomware attacks since 2020, causing disruptions for staff and students, and costing institutions substantial amounts of money. In some incidents, Jisc says impact costs have exceeded £2 million. SEE: Cybersecurity: Let’s get tactical (ZDNet special report)And the attacks keep coming, as the report details how two universities and a further education and skills (FES) provider were hit by separate ransomware attacks during March 2022.The institutions aren’t specified, but the report says each incident caused a significant impact as systems were taken down to prevent further spread of malware, and to safely recover and restore data. In one case, a third party was called in to help the organisation fully recover from the incident.  According to Jisc, higher education views ransomware and malware as the top cybersecurity threat, followed by phishing and social engineering. The report suggests that one of the reasons universities have become such a common target for ransomware attacks is because of the pandemic-induced sudden shift to remote working for staff and students that inadvertently left institutions open to attack. For example, the switch to remote education led to a big rise in the use of remote desktop protocol, which can provide ransomware attackers with a route into networks.  Cyber criminals can send out phishing emails to steal usernames and passwords, which they can use to enter networks via legitimate user accounts. It’s also possible for cyber criminals to use brute-force attacks to break into accounts that use common or previously breached passwords. “This underlines the importance of basic security controls being in place, such as protections against brute-force attacks,” says the report. While the threat posed by ransomware and other cyberattacks to higher education is well known, some institutions are struggling, particularly when IT and information security teams are hamstrung by a lack of resources. “We are doing our best, but all areas of IT support seem to be growing and requiring more attention and it’s one part of a larger role (where its importance should be far greater). The pandemic has only stretched us further,” an undisclosed FES provider told Jisc. SEE: These are the problems that cause headaches for bug bounty huntersOne of the steps that organisations can take to protect accounts from being hacked and exploited to help launch a ransomware attack is to provide all users with multi-factor authentication (MFA). According to Jisc, there has been a sharp rise in the number of institutions that have MFA in place, although it hasn’t yet been rolled out across the board yet.It’s also recommended that universities encourage the use of strong, unique passwords, which makes them harder to guess and for cyber criminals to breach accounts, even if another account by the user has previously been stolen. In addition, it’s highly recommended that security patches are rolled out as soon as possible, so that devices, operating systems and software aren’t left exposed to known security vulnerabilities. MORE ON CYBERSECURITY More

Welcome to this week’s installment of Ask ZDNet, where we answer your burning tech questions.  In the mailbag this week: Is Microsoft really threatening to cut off security updates for people who install Windows 11 on “unsupported” hardware? How can I make my online services more secure with 2FA? And why is it so difficult to get Google Fiber in a condo or apartment building?  If you’ve got a question about any of the topics ZDNet covers, one of our team of editors and contributors probably has an answer. If they don’t, we’ll find an outside expert who can steer you in the right direction.  Questions can cover just about any topic that’s remotely related to work and technology, including PCs and Macs, mobile devices, security and privacy, social media, home office gear, consumer electronics, business etiquette, financial advice… well, you get the idea.  Send your questions to ask@zdnet.com. Due to the volume of submissions, we can’t guarantee a personal reply, but we do promise to read every letter and respond right here to the ones that we think our readers will care about.  Ask away. 

Is Microsoft really going to cut off security updates for my ‘unsupported’ Windows 11 installation?

I’ve read that Microsoft says installing Windows 11 on an unsupported PC means it won’t be entitled to receive updates in the future. If I do a clean install of Windows 11 on an incompatible PC, is my PC in danger of getting cut off from monthly security updates at some point in the future?

Have you ever heard of FUD? The acronym, short for “fear, uncertainty, and doubt,” has been around a long time, but it was popularized in the 1970s as a way of describing how the giant IBM Corporation discouraged its customers from even considering competing products.FUD is a classic marketing technique used when there’s no good technical argument to make against the choice that the customer is contemplating. It’s odd, though, to see an example like this, in which the giant Microsoft Corporation is using FUD to discourage customers from installing one of its own products.The exact language in that warning is interesting:Installing Windows 11 on this PC is not recommended and may result in compatibility issues. If you proceed with installing Windows 11, your PC will no longer be supported and won’t be entitled to receive updates. Damages to your PC due to lack of compatibility aren’t covered under the manufacturer warranty. [emphasis added]This is, of course, the business-school version of “Gee, nice PC you got there. Be a shame if something happened to it.” But it really doesn’t say that Microsoft is going to cut off your access to updates; it simply says you’re no longer “entitled” to those updates. That word is a tell on Microsoft’s part, disclaiming legal responsibility without actually saying what it will do. In fact, it would require an awful lot of work on Microsoft’s part to configure its update servers to reject requests from PCs based on such detailed configuration information. Doing so would run a risk of snagging customers with valid installations, and it would needlessly anger customers who were otherwise having a perfectly good experience with Windows 11.Instead, that language is a way of convincing timid customers to retire those old PCs in favor of shiny new ones, thereby choosing the option that puts fresh revenue in the pockets of Microsoft and its OEM partners.Also: The best Windows laptops: Top notebooks, 2-in-1s, and ultraportablesThis sort of confusion isn’t without precedent. Back in the days before Windows 10 launched, Windows skeptics were convinced that Microsoft was going to pull the rug out from updates based on some confusing language about the “supported lifetime of the device.” The world’s worst Windows pundit, in fact, was convinced Microsoft was going to start charging Windows 10 customers for updates within two years.That turned out to be a false alarm, for all the same reasons I outlined in this case.It’s possible, of course, that some future Windows update will cause performance and reliability issues on older PCs, but the idea that Microsoft will punish its customers for following a documented upgrade deployment procedure is, in my opinion, highly unlikely.

How do I know which 2FA options are available for the services I use?

A few weeks ago, you recommended using 2FA for online accounts and said using an app or even a hardware key for 2FA is most secure. How can I find out which security options are supported by the services I use? And what happens if your online account (bank, credit card, etc.) doesn’t support advanced security options?

It’s incredibly frustrating to sign in to a service and discover that their advanced security options are weak or nonexistent. There are still too many sites that only support two-step verification using SMS codes, with no option to use an authenticator app or a hardware key.Also: Best security keysFor the most part, finding out which authentication methods are available for a specific site usually requires signing in and then poking around the account options section. Look for anything with the words login or security.If you want to see how your service stacks up against its competitors, check out the excellent 2FA Directory, an open-source project that maintains an exhaustive list of websites, with details on whether and how they support 2FA. If your service isn’t measuring up, and switching is an option, this is definitely the place to start. 

How do I convince Google Fiber to extend service to my building?

I’m about to move into a new condo, and I’ve been looking at my options for internet service. Just about every other building in the neighborhood has access to high-speed fiber options from AT&T or Google, but when I type my new address into either site, they tell me fiber service isn’t available. What can I do to get this option in my building? Am I stuck with Comcast?

Cable TV has been around long enough that its infrastructure is pretty much ubiquitous in modern U.S. housing. That coaxial cable usually offers a connection to the Internet, at terms and prices that might or might not be competitive.One of the best new alternatives to cable is fiber, which typically has the advantage of being faster than cable and offering symmetrical download and upload speeds. Cable systems typically offer fast downloads but much slower upload speeds, which makes a difference when you’re working from home and you’re sharing big projects like video files.Google Fiber, which was an early pioneer in fiber deployment before hitting some speed bumps a few years back, appears to be trying to grow again. A recent news story says the company wants to move into Colorado Springs, even quoting Google Fiber’s general manager of expansion. As of April 2022, there are 20 cities listed on the Google Fiber website.Getting a fiber connection to a single-family home isn’t particularly difficult. Getting connections inside a multi-dwelling unit is a little more complicated. It requires an agreement from the owners of the apartment building or the management of a condo complex, followed by an inspection and then some construction.To handle the logistics of getting service to multiple households in a single building, you need a Network Demarc Point (NDP) outside the building and then a fiber distribution hub inside the building, with fiber distribution terminals and conduit throughout the building. For details on exactly what’s involved, see the Google Fiber Construction Stages and Constructions Guidelines documents. When we asked Google Fiber how you can get your building connected, they recommended that you ask your property manager to fill out the form at google.com/fiber/properties. You should expect a response “within a couple of weeks,” they said, from a team member who can assess whether service is available in the area and whether the building is suitable for connection. If the answer to both questions is yes, they can get the ball rolling.

Send your questions to ask@zdnet.com. Due to the volume of submissions, we can’t guarantee a personal reply, but we do promise to read every letter and respond right here to the ones that we think our readers will care about. Be sure to include a working email address in case we have follow-up questions. We promise not to use it for any other purpose.  

ZDNet Recommends

  More

Millions of Android devices were vulnerable to a remote code execution attack due to flaws in an audio codec that Apple open-sourced years ago but which hasn’t been patched since.    Researchers at Check Point discovered a bug in Apple Lossless Audio Codec (ALAC), which is audio-compression technology that Apple open-sourced in 2011. After this, ALAC was embedded in Android devices and programs for audio playback. 

The problem, as Check Point researchers note, is that while Apple updated and patched its proprietary version of ALAC, the open-source code for ALAC hasn’t been updated since 2011 and it contains a critical flaw that allows for remote code execution. SEE: Google: We’re spotting more zero-day bugs than ever. But hackers still have it too easyA remote attacker can exploit the flaw by sending the target a malformed audio file, which allows the attacker to execute malware on an Android device. The flaw “could have led an attacker to remotely get access to its media and audio conversations,” the researchers said.The bugs affect Android devices with chips from MediaTek and Qualcomm, which have both confirmed the flaws. Qualcomm patched the bug, tracked as CVE-2021-30351, in its December security update. MediaTek also addressed the ALAC issues, tracked as CVE-2021-0674 and CVE-2021-0675, in its December security update.  Qualcomm gave CVE-2021-30351 a “critical” rating with a severity score of 9.8 out of a possible 10. “An out of bound memory access can occur due to improper validation of number of frames being passed during music playback,” Qualcomm says in its advisory.  MediaTek rated CVE-2021-0675 as a “high” severity elevation of privilege bug due to “improper restriction of operations within the bounds of a memory buffer in alac decoder”. It affects dozens of MediaTek chips used in devices running Android versions 8.1, 9.0, 10.0, and 11.0, according to MediaTek.  “In alac decoder, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation,” it notes. MediaTek says CVE-2021-0674 is a “medium” severity rating that “could lead to local information disclosure with no additional execution privileges needed.” Again, user interaction is not needed for exploitation.  How many Android devices are vulnerable depends on how many people have installed firmware updates in which the flaws are fixed. But the two chipmakers are the largest vendors behind system on chips used in Android devices sold in the US and around the world.Check Point estimates that two-thirds of all smartphones sold in 2021 are vulnerable to what it calls “ALHACK”. Google did release a patch for the Qualcomm bug and MediaTek’s CVE-2021-0675 in its December 2021 update. However, it’s still up to each Android handset manufacture to roll out patches at their own pace. Check Point plans to reveal more details about the flaws at the CanSecWest security conference next month. More

Operators of the LemonDuck botnet are targeting Docker instances in a cryptocurrency mining campaign.

LemonDuck is cryptocurrency mining malware wrapped up in a botnet structure. The malware exploits older vulnerabilities to infiltrate cloud systems and servers, including the Microsoft Exchange ProxyLogon bugs, EternalBlue, and BlueKeep.As noted by Microsoft’s security team in 2021, the threat actors behind the malware are known to be selective when it comes to timing and may trigger an attack when teams are focused on “patching a popular vulnerability rather than investigating compromise.” LemonDuck has expanded its operations from Windows machines also to include Linux and Docker. In an ongoing, active campaign, Crowdstrike says that Docker APIs are being targeted to obtain initial access to cloud instances. Docker is used for running containers in the cloud. On Thursday, the cybersecurity researchers said that LemonDuck will take advantage of misconfigurations in instances that cause API exposure to deploy exploit kits and load malware. In a case observed by the team, an exposed API was abused to run a custom Docker ENTRYPOINT instruction and download “core.png,” an image file disguised as a Bash script. The file was downloaded from a domain in LemonDuck’s “vast” command-and-control (C2) infrastructure. “CrowdStrike found multiple campaigns being operated via the domain targeting Windows and Linux platforms simultaneously,” the researchers noted. Core.png will launch a Linux cronjob inside the vulnerable container and then download a secondary Bash file, “a.asp,” the main LemonDuck payload. The cronjob will trigger LemonDuck. The malware will first kill several processes, including network connections, rival cryptocurrency mining operations, and existing ties to mining pools. LemonDuck will also target known daemons tasked with monitoring, such as Alibaba Cloud’s monitoring service. Now the server has been prepared, a cryptocurrency mining operation begins. XMRig, used to generate Monero (XMR), is launched with a configuration set to proxy pools — an attempt to hide the true cryptocurrency wallet address of the attacker. LemonDuck doesn’t stop at just one Docker instance, however. The malware will also search for SSH keys in the file system to log into other servers and repeat its malicious operations. “Due to the cryptocurrency boom in recent years, combined with cloud and container adoption in enterprises, cryptomining is proven to be a monetarily attractive option for attackers, the researchers say. “Since cloud and container ecosystems heavily use Linux, it drew the attention of the operators of botnets like LemonDuck, which started targeting Docker for cryptomining on the Linux platform.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Written by

Jack Wallen, Contributing Writer

Jack Wallen
Contributing Writer

Jack Wallen is what happens when a Gen Xer mind-melds with present-day snark. Jack is a seeker of truth and a writer of words with a quantum mechanical pencil and a disjointed beat of sound and soul.

Full Bio

Tell me, what is the password for your bank account? If you can rattle off that password without thinking, chances are pretty good it’s not nearly strong enough. Any password you can memorize (unless you have an amazing memory) is probably weak. 

Whether you like it or not, it’s way past time you stopped using passwords like password, 12345, qwerty, 111111, 000000, iloveyou, 666666, qwertyuiop, dragon, monkey, or qazwsx. Believe it or not, that list comes from the Nordpass most common password list. That’s right, even with password breaches and massive service hacks becoming the norm, people are still using such simplistic passwords.I get it, I really do. We’re all so busy we don’t have time to add yet another complication to our daily workflow.Also: LastPass vs 1Password: Battle of the password manager titansBut let me ask you a very simple question: Do you really want to prevent bad actors from accessing your accounts and services? The answer should be a resounding, “Yes!” otherwise your approach to security is not in line with modern existence.You might think that to be hyperbole but it’s not. It’s 2022 and if you’re still using weak passwords, it’s only a matter of time before someone hacks any number of your accounts. Consider this, according to Hive Systems, if you use password as an account password, it only takes about 5 seconds to crack it. If your password is 12345678, it can be cracked instantly. If, however, that password is an 11 character combination of upper case, lowercase, numbers, and symbols, that password would take years to crack.Of course, at this point, you’re thinking, “I don’t want to have to memorize a bunch of impossible passwords.” Good thing you don’t have to. In fact, when you employ a password manager, you only have to memorize one password. That one password will unlock a vault containing all of those passwords you’ve created and are next to impossible to memorize.Let’s step back a bit.How does this even work?If you’re new to the world of password managers, let me explain to you how they work. Think of the password manager as a safe, where you can store all of your important bits. Those bits are individual entries for all of the accounts and services you use. You’d create an entry for:Your bankFacebookTwitterInstagramTiktokAmazonAny work systems you useNetflixHuluIn other words, a password manager keeps all of your passwords locked away in a virtual safe and only you have the key to open it. That key is yet another password but it’s the only one you have to memorize. To make this even easier, if you’re using a password manager on your mobile device, you can set it up to unlock using either biometrics (such as a fingerprint or face scanner) or your phone password/PIN. Even better, most password managers include a feature called a random password generator. So when you’re setting up a new account, you don’t have to worry about creating a complicated, strong password. Instead, you let the password manager create the password for you. Using this feature ensures you will not only be using very strong passwords, but it helps keep you from reusing passwords from one site/service to the next. With the help of a password manager, every site/service you use will have its own strong and unique password.If you want to keep your accounts from being hacked, that is the single most important first step you can take. Also: 1Password review: Pretty close to perfectBut the fun doesn’t end there. With some password managers, you get browser integration which means you land on a site that requires a password, and the password manager (once you enter the vault unlock password) will auto-fill the credentials for you. The implications of that are important:You don’t have to have your browser save your password (which can be a security risk).You get the added benefit of using very strong passwords.You only have to type a single password for everything.At this point, you’re probably thinking, “But my web browser has a built-in password manager!” Although that’s true, those built-in password managers aren’t nearly as secure as a stand-alone password manager, nor do they include all the bells and whistles found within a good password manager. If you want the most secure browser experience, you won’t ever allow your browser to save your passwords, and you’ll instead use a password manager with browser integration.Convinced yet? If not, let me spell it out for you in terms that will hopefully open your eyes to why a password manager is an absolute necessity these days:If you don’t use one, eventually one or more of your accounts will get hacked.It’s as simple as that.So, what password managers should you consider? Take a look at what ZDNet believes to be the best password managers on the market.What are you waiting for? Install a password manager and start using very strong and unique passwords for all of the sites and services you use.You’ve been warned.

Jack Wallen: How To More

Businesses in farming and agriculture have been warned that they should be prepared to face an increase in ransomware attacks at critical – like spring planting or harvest. The alert by the FBI suggests that ransomware gangs see farming and agriculture as a lucrative target where victims could be more willing to pay a ransom for a decryption key because of the time-sensitive nature of the industry. Ransomware attacks targeting agriculture could disrupt planting and harvesting operations, potentially impacting the food supplies, not only for people, but also for farm animals, something which could disrupt the wider food supply chain, as well as causing financial damage to farmers.Since 2021, multiple agricultural cooperatives have fallen victim to ransomware attacks, particularly during the spring planting and autumn harvesting seasons. The alert details how there were six recorded ransomware attacks against grain cooperatives during the fall 2021 harvest and two attacks early this year. The attacks in the fall took place in the space of a few weeks between September and October and involved several different ransomware variants, including Conti, BlackMatter, Suncrypt, Sodinokibi (REvil), and BlackByte. Some of the victims had to halt production. The alert doesn’t mention if any of the victims paid the ransom.  SEE: Cybersecurity: Let’s get tactical (ZDNet special report)More recently, a Lockbit 2.0 ransomware attack against a multi-state grain company in March 2022 affected grain processing, along with additional services relating to delivering seeds, fertilizer, and logistics services which were all disrupted by the attack. The FBI alert also notes how in February 2022, a company supplying feed milling and other agricultural services detected and reported unauthorised intrusions into the network which could have been an attempt to deploy a ransomware attack. The attempted incident was stopped before additional damage was done. “Although ransomware attacks against the entire farm-to-table spectrum of the food and agriculture sector occur on a regular basis, the number of cyber attacks against agricultural cooperatives during key seasons is notable,” said the alert. The FBI says cyber criminals will continue to exploit network, system, and application vulnerabilities within the farming and agricultural sectors – but that there are several steps organisations can take to help avoid falling victim to ransomware attacks. These include implementing network segmentation, installing security updates for operating systems, software and firmware as soon as they’re released and using multi-factor authentication whenever possible. It’s also recommended that strong passwords are applied to accounts, data is regularly backed up and stored offline and that organisations should implement a recovery plan, so they know what to do if they do fall victim to a ransomware attack.MORE ON CYBERSECURITY More