Archive for March 13, 2025

CISA Puts Out Advisory On Medusa Ransomware

Posted in Commentary with tags on March 13, 2025 by itnerd

Yesterday, CISA released a joint advisory on the Medusa Ransomware that provided tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and detection methods associated with the ransomware group. As of February 2025, Medusa has impacted over 300 victims across critical infrastructure sectors, including medical, education, law, insurance, technology, and manufacturing.

You can read the advisory here.

 James Winebrenner, CEO at Elisity had this to say:

“The CISA recent advisory on Medusa ransomware really reflects how threat actors are getting smarter and adapting. What particularly concerns me is Medusa’s exploitation of legitimate remote management tools like AnyDesk, ConnectWise, and Splashtop, which are the tools many OT environments rely on for maintenance and support.

Medusa’s attack pattern through the lens of IEC 62443 is a classic example of why proper zone boundary protection (CR 5.2) and network segmentation (CR 5.1) are foundational to industrial control system security. The attackers first perform reconnaissance and then leverage legitimate tools for lateral movement before payload deployment, a pattern that traditional detection methods struggle to identify.

Organizations should implement three technical controls aligned with IEC 62443:

  1. Implement proper zones and conduits architecture as specified in IEC 62443-3-2, ensuring critical control systems are isolated and protected from IT networks where initial compromise typically occurs.
  2. Apply least privilege principles (CR 7.7) for all network communications. Define granular policies based on asset function and operational context rather than just network location to limit lateral movement.
  3. Deploy solutions that can detect anomalous behavior in legitimate tools and enforce zone boundary protection (CR 5.2), focusing on monitoring behavioral patterns rather than just the presence of these tools.

The triple extortion scheme mentioned in the advisory indicates that Medusa actors understand the unique pressures facing critical infrastructure operators. Organizations must treat ransomware as a business risk requiring defense-in-depth strategies across people, process, and technology controls.

With Medusa attacks up 42% according to Symantec, OT security teams should reassess their segmentation strategies and ensure alignment with IEC 62443 standards.”

What this advisory highlights is the fact that this is a today problem and every organization needs to treat it as such. Because an advisory like this would not exist if this ransomware were not a clear and present danger.

Leave a comment »

John Gruber Rips Apple Over The Apple Intelligence Debacle

Posted in Commentary with tags on March 13, 2025 by itnerd

For those who don’t know, John Gruber has been writing and covering the Apple space for a couple of decades now. He’s even been on stage interviewing top Apple execs. So when he says something about Apple, you should pay attention.

With that in mind, Gruber has posted this piece on his site and it should get the attention of people within Apple. In short, he pretty much takes Apple to the woodshed over Apple Intelligence:

In the two decades I’ve been in this racket, I’ve never been angrier at myself for missing a story than I am about Apple’s announcement on Friday that the “more personalized Siri” features of Apple Intelligence, scheduled to appear between now and WWDC, would be delayed until “the coming year”.

I should have my head examined.

This announcement dropped as a surprise, and certainly took me by surprise to some extent, but it was all there from the start. I should have been pointing out red flags starting back at WWDC last year, and I am embarrassed and sorry that I didn’t see what should have been very clear to me from the start.

And:

What Apple showed regarding the upcoming “personalized Siri” at WWDC was not a demo. It was a concept video. Concept videos are bullshit, and a sign of a company in disarray, if not crisis.

He’s clearly not pulling any punches here. And I’ve just posted a couple of snippets of what he said. If you really want to get the full flavor of his epic takedown of Apple, I encourage you to read the whole piece. But let me get to the TL:DR: He’s basically said that nobody should have believed the Apple Intelligence demo at WWDC 2024 because Apple was lying. And now they’re scrambling to somehow catch up when they were already behind the 8-ball so to speak.

And the thing is he’s right as far as I am concerned. Just like I said here. And hopefully this is the wake up call that Apple needs to get its act together. Because if not, Apple’s credibility at the very least is screwed. And at worst, the company may be screwed as well.

Are you listening Tim Cook?

Leave a comment »

The Evolution of the Worst Passwords Over the Last 10 Years

Posted in Commentary with tags on March 13, 2025 by itnerd

 Here’s some fascinating research done by Safety Detectives on the evolution of the most commonly used passwords, their typical length and complexity, and the behaviors that influence how people create them.

Key findings at a glance:

  • NordPass’ sixth annual report on the most common passwords for 2024 reveals that “123456” was the most frequently used password worldwide in 2024, used 3,018,050 times in the dataset
  • Of the 200 most common passwords identified, an astonishing 161, or 80.5%, can be cracked in just 1 second. The most “difficult” password to crack from the list is g_czechout, taking approximately 12 days.
  • The most common password in the United States in 2024 was “secret,” used a total of 328,831 times. As for the other countries, “123456′ dominates in the vast majority, only topped by “qwerty123” in Canada, Finland, Lithuania, the Netherlands, and Norway.
  • Many employees use the same weak passwords for work accounts as they do for personal accounts. Approximately 40% of the most common corporate passwords mirrored those used by individuals, with “123456” again topping the list.

While password habits have evolved over time, many people still rely on simple and predictable choices that leave them vulnerable to cyber threats. As we move forward, stronger, longer, and more unique passwords will be necessary to protect our digital lives. By learning from past trends and adopting better security practices, we can create a safer online environment for ourselves and those around us.

You can access the report here: https://www.safetydetectives.com/blog/worst-passwords-research

Leave a comment »

138k patients have had their personal data stolen from a NYC radiologist

Posted in Commentary with tags on March 13, 2025 by itnerd

Ransomware group Fog today claimed responsibility for a November 2024 data breach at University Diagnostic Medical Imaging that compromised 138,080 patients’ names, addresses, dates of birth, referring physicians, medical treatments, and diagnoses.

In a blog published today reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote:

“Fog is a ransomware gang that first started claiming attacks on its website in July 2024. It has a history of targeting US schools but is not limited to them. In addition to encrypting files, Fog also steals data and targets development environments.”

“Fog has claimed 18 confirmed ransomware attacks since it began, plus another 157 unconfirmed claims that haven’t been acknowledged by the targeted organizations. This breach on UDMI’s is Fog’s biggest attack to date by number of records affected, followed by its attack on medical device maker PRC-Saltillo.”

“Comparitech researchers logged 146 confirmed ransomware attacks on US healthcare companies in 2024, compromising more than 24.8 million records. The average ransom was $1.05 million.”

“Ransomware attacks on hospitals, clinics, and other care providers can lock down computer systems and steal data. Targets are forced to either pay a ransom or face extended downtime, data loss, and putting customers at risk of fraud. Ransomware can cripple a wide range of systems including access to medical records, appointment booking, payroll, prescriptions, patient communications, and more.”

You can read the blog post here.

Leave a comment »

Rogers Recognized as Canada’s Most Reliable Internet by Opensignal

Posted in Commentary with tags on March 13, 2025 by itnerd

Rogers Communications announced today that it has been named the most reliable internet in Canada by Opensignal, the leading global provider of independent network experience insights and market performance. 

The Opensignal report shows that in Canada, Rogers wins for overall reliability experience, consistent quality and download speed. Last month, Rogers was also recognized as Canada’s most reliable wireless network.

Over the last 20 years, Rogers has invested nearly $70 billion in our networks and continues to invest to deliver enhanced reliability and multi-gig speeds to almost eight million homes this year. These investments in network infrastructure combined with the introduction of Rogers Xfinity late last year brings Canadians industry-leading internet technology on a world-class suite of products so they can game more, stream more and do more. 

To learn more about Rogers Xfinity visit Rogers.com.

Leave a comment »