Ransomware Attacks Remain High: April 2023 Takes Spot for Third Highest Month
Ransomware is up 24% from this time last year. Here’s what you need to know.
Breach at Slack, breach at CircleCI, and unpatched Microsoft Exchange causes ransomware incident.
Slack, a popular enterprise messaging service, reported a security breach over the holidays. According to Slack, customers were not affected. The company reported that the incident began on December 27th when a threat actor gained unauthorized access to Slack’s GitHub account.
The messaging service reported that no production environments were accessed and the threat actor did not access other Slack resources or customer data. This was not a result of any vulnerability in Slack products so customers do not need to perform any actions.
A number of recent high-profile breaches have highlighted an emerging pattern of risk around software development practices. It’s not clear how threat actors stole Slack employee GitHub tokens, but we know from recent experience that phishing and publicly-exposed secrets are two of the main culprits.
Software development service, CircleCI, has also reported a security incident and is warning customers to rotate all secrets stored in or connected to CircleCI as soon as possible. No details of the incident have been reported as CircleCI and third-party firms are still investigating. The service is still usable and no outages have been reported, according to the company.
Expect more details on this incident to be released in the coming days and weeks. In the meantime, customers of CircleCI should see the detailed guidance on rotating secrets and take action as soon as possible.
If CircleCI is part of your development process then you should take notice of this security incident. Especially without more details on the incident itself, rotating secrets stored in or connected to CircleCI is a good step to mitigate potential risk to your organization. If it turns out that threat actors were able to gain access to customer data, secrets that aren’t rotated could be like intruders finding a key to your house. Be proactive and take action until more details on this incident come to light.
CircleCI security alert: Rotate any secrets stored in CircleCI (Updated Jan 7)
CircleCI warns of security breach — rotate your secrets (BleepingComputer)
We previously reported on and warned affected Corvus policyholders of a ransomware attack against Rackspace Technologies. New details have emerged on the attack’s perpetrator and root cause. The ransomware group behind the attack turned out to be relative newcomer, PLAY, which first arrived on the ransomware scene in June 2022. Attackers were able to gain access to Rackspace’s Microsoft Exchange environment by exploiting vulnerabilities announced in September, nicknamed “ProxyNotShell”. While the threat actors used a novel technique to exploit the vulnerabilities, they and the security patches to fix them have been available for a number of weeks.
If it wasn’t already clear just how important vulnerability management is, take this as a case study. It can feel like a race against the clock to patch vulnerabilities before attackers are able to figure out how to exploit them. That’s because it is. Develop a plan to stay on top of vulnerabilities and regularly apply the latest security patches to avoid large-scale ransomware attacks.
This blog post and its contents are intended for general guidance and informational purposes only. This blog post is under no circumstances intended to be used or considered as specific insurance or information security advice.
Ransomware is up 24% from this time last year. Here’s what you need to know.
Ransomware is up 60% from this time last year, and 141% from two years ago.
T-Mobile and Nissan disclose breaches, critical security flaws discovered by GitLab, and Single...