Windows Total Cost of Ownership (TCO) and Incidents

posted by Roy Schestowitz on Sep 27, 2023

• City of Dallas Details Ransomware Attack Impact, Costs

  The incident, the city says in a report detailing the attack, was identified on May 3, when the cybercrime gang named Royal started deploying file-encrypting ransomware on multiple systems.

• ‘Ransomed.vc’ ransomware gang claims to have hacked Sony

  Sony is not the only company listed on the Ransomed.vc dark web site. The group also claims to have hacked Japanese mobile operator NTT Docomo and is demanding a ransom payment of $1.015 million not to release stolen data. There are also dozens of other victims listed on the site, although most are small companies.

• Bermuda government hit by cyberattack, premier’s incident response criticized

  On Saturday, there was a somewhat disturbing update published by The Royal Gazette, who reported that the Premier has been criticized for leaving Bermuda to attend a black-tie function in Washington, D.C. instead of staying home to deal with the cyberattack. They also report, “there has been further criticism of Mr Burt after he appeared to blame the security breach on Russian operatives without having sufficient information to justify that claim.”

• Microsoft accidentally exposes 38TB of internal data via GitHub repository

  The data leak was detailed today by researchers from venture-backed cloud security startup Wiz Inc. The company originally discovered the issue on June 22 and reported it to Microsoft shortly thereafter. The software giant fixed the issue on June 24.

• 38TB of data accidentally exposed by Microsoft AI researchers

  Our scan shows that this account contained 38TB of additional data — including Microsoft employees’ personal computer backups. The backups contained sensitive personal data, including passwords to Microsoft services, secret keys, and over 30,000 internal Microsoft Teams messages from 359 Microsoft employees.

• Microsoft AI Researchers [sic] Expose 38TB of Data, Including Keys, Passwords and Internal Messages

  Researchers at Wiz have flagged another major security misstep at Microsoft that caused the exposure of 38 terabytes of private data during a routine open source AI training material update on GitHub.

  The exposed data includes a disk backup of two employees’ workstations, corporate secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages, Wiz said in a note documenting the discovery.

• Visiting Physician’s Network in Texas silent about ransomware attack and incident response

  One of the newer ransomware groups to open a leak site is “ThreeAM.” Bleeping Computer recently reported that the ThreeAM malware is written in Rust, and on at least one occasion, researchers discovered that when LockBit failed, ThreeAM (aka 3AM) was successfully deployed. Symantec has more details on the malware and the group’s methods.

• Schools Are the Most Targeted [sic] Industry by Ransomware Gangs

  80% of lower education providers and 79% of higher education institutions reported ransomware attacks in the last year.

• DHS Publishes New Recommendations on Cyber Incident Reporting

  The US Department of Homeland Security (DHS) on Tuesday published a new document containing recommendations on how federal agencies can streamline cyber incident reporting, to help protect critical infrastructure entities.

• Feds raise alarm over Snatch ransomware as extortion crew brags of Veterans Affairs hit

  According to the advisory, Snatch affiliates use several methods to gain access and maintain persistence on victims' networks. But their primary method of breaking and entering involves abusing Remote Desktop Protocol (RDP) deployments to compromise Windows systems, brute forcing their way in, and obtaining admin credentials to snoop around on organizations' networks.

• India's biggest tech centers named as cyber crime hotspots

  India is grappling with a three-and-a-half year surge in cyber crime, with analysis suggesting cities like Bengaluru and Gurgaon – centers of India's tech development – are also hubs of evil activity.

  The report – A Deep Dive into Cybercrime Trends Impacting India from the non-profit Future Crime Research Foundation (FCRF) – identified cyber crime hot spots, as well as the most popular types of infosec assaults, from January 2020 until June 2023.

• MGM Resorts Computers Back Up After 10 Days as Analysts Eye Effects of Casino Cyberattacks

  “But there are a lot of conflicting reports,” said David Richardson, an executive at cybersecurity firm Lookout. “You have Scattered Spider claiming that they’ve done both in various forums, and ALPHV, saying that Scattered Spider wasn’t involved with the other. But there’s a lot of technical evidence that shows that there’s a relationship between the two.”

• The Clorox Company admits cyberattack causing 'widescale disruption'

  The $2 billion turnover biz, whose sub-brands include Burt's Bees, Formula 409 and Kitchen Bouquet, confirmed a week ago that it had identified unauthorized activity in its network but didn't reveal whether the crooks had exfiltrated data, when it happened, or how long it took to spot them.

  Certain unspecified systems were pulled offline "out of an abundance of caution," and some operations were "impaired" as a result.

• Having a hard time finding Clorox wipes? Blame it on a cyberattack

  The company also told investors that the cyberattack will hurt its earnings for the quarter and that it doesn't yet know how it will impact Clorox's finances in the long run.

• MGM, Caesars casino hacks point to an alliance of teens and ransomware gangs

  But their willingness to deploy crippling ransomware while demanding money is a major escalation, as is their choice of a business partner: ALPHV, a hacking group whose affiliates include members of the former Russian powerhouses BlackMatter and DarkSide, the groups responsible for the Colonial Pipeline hack that awoke Washington to the national security risk of ransomware. ALPHV provided the BlackCat ransomware that the young hackers installed in the casinos’ systems.

• Ransomware group claimed to have hit a New Jersey cardiology group. Did they?

  Did Mulkay pay, or was the listing removed because they started to negotiate, or is there some other reason? DataBreaches will continue to try to find out about the alleged attack.