BIO-ISAC, the Bioeconomy Information Sharing and Analysis Center, yesterday released a report on malware it calls "Tardigrade" (named after the moss piglet micro-animal) and which it describes as the work of an advanced persistent threat, that is, a nation-state intelligence service. Tardigrade appeared this spring, when it hit BioBright's manufacturing facility. It resurfaced in an October attack. Tardigrade initially presented itself as an ordinary ransomware attack, but the extortionists, WIRED says, seemed curiously indifferent to whether they were actually paid. Tardigrade proved more advanced than it appeared: evasive, persistent, and clearly interested in more than ransom. BIO-ISAC says the malware is spreading through the biomedical sector, which suggests that some intelligence service is actively scouting the US biomedical industry. There's no further attribution available at this time.
Domain registrar and web hosting company GoDaddy has disclosed, in an SEC filing, a major data breach affecting "up to 1.2 million" active and inactive managed WordPress accounts. The breach began, GoDaddy believes, on September 6th. The company discovered it on November 17th, and investigation remains in progress. The essential points of the disclosure are these:
- "The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, we reset those passwords."
- "For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords."
- "For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers."