Tag Archives: ransomware

Security News for the Week Ending June 17, 2022

Ransomware Morphs Again

We know that ransomware has gone through a lot of iterations over the last couple of years as hackers try to maximize their revenue. The BlackCat group is now creating public websites for each victim company and has indexed the data to make it easy to search. I guess this means that it will be harder for companies that get hacked to hide what data was stolen. In one of their sites, you can select between employee data and customer data as the first filter and then search on that subset. Credit: Brian Krebs

NSA Quietly Appoints General Counsel After Two Years

You may remember that in the final, sort of weird, final days of the last President’s administration, the ex-President attempted to force the NSA to accept an unqualified political hack in the role of GC – a person who had not even worked inside the intelligence community, a process known as burrowing. Burrowing converts a political appointee into a career civil servant. Gen. Nakasone was ordered, on the last day of the ex-President’s administration to swear the guy in. That same day, the General put the new GC on administrative leave pending an inquiry about some security incidents. After several months in limbo, he resigned. He now is a lawyer at Rumble, a business partner of Truth Social. See a pattern? Anyway, April Falcon Doss, who seems to have impressive legal creds, was finally, quietly, sworn in as GC last month. Credit: The Record

Cyberattack – One and Done? Nope; Not Likely

According to research by Cymulate, 39% of companies were hit by cybercrime over the last year. Of those, TWO THIRDS were hit more than once. Also, of those who were hacked once, 10% were hacked ten times. That doesn’t give me a lot of warm fuzzies. Credit: ZDNet

Joshua Schulte, Former CIA Coder, Represents Himself in Second Espionage Trial

Joshua Schulte, is a former software engineer who worked for the CIA. He is accused of the largest, most damaging leak the CIA ever had. In his first trial, the jury hung on espionage charges. Now the second trial is beginning and he is representing himself. I recall a saying about a lawyer who represents himself has a fool for a client. Even though he is not a lawyer, the saying applies. He says he was framed. Prosecutors say he is guilty. Stay tuned for details. Credit: Security Week

Indian Police Planted False Evidence on Activist’s Computers to Arrest Them

Police in India were caught using hacking tools to plant evidence on people’s computers and then arresting them for the staged crime. The people being cyber attacked are not terrorists, but rather journalists and activists – in other words, people who annoy the police. With the help of SentinelOne, the hacking-by-police incidents have been publicly exposed. Credit: Wired

Security News for the Week Ending June 10, 2022

Anonymous Seems to be doing Better Against Russia than Past Efforts

Anonymous, the hacking collective, historically has made claims about how effective they are that have not panned out. However, against Russia, they seem to be pretty effective. Whether that means that they are more focused now or instead, that Russia’s defenses are not very good, I don’t know. This week they have leaked a terabyte of data from Russian law firm RKPLaw. This comes just days after they leaked hundreds of gigabytes of data from Russia’s largest media holdings, Vyberi Radio. Note that they are not holding the data hostage; this is about hurting Russia. Credit: Hackread

FTC Regulates by Blog Post

The FTC recently posted a notice on their blog that companies who do not report breaches appropriately – timely, not fully truthful, etc. – are subject to being prosecuted under Section 5 of the FTC Act. This has historically been used to go after fraud. In fact, section 5 covers fraudulent and deceptive practices. So, now you another regulator who may come after you if you attempt to cover up a breach, like Uber did, and the FTC feels your actions could, possibly, harm consumers. Credit: Ballard Spahr

New Jersey School District Cancelled Finals after Ransomware Attack

Here is the downside of the cloud. Tenafly Public Schools in Bergen county cancelled finals as the attempt to wrestle a ransomware attack to the ground. The have called in experts to help them, but all of that takes time. The school district uses Google Classroom and other cloud based systems, all of which went offline as a result of shutting down the district’s networks and servers. The district has not said what they plan to do about graduating seniors. Credit: The Record

8 zero-day Vulnerabilities Patched in Carrier’s Industrial Control System

Eight zero-day vulnerabilities affecting a popular industrial control provided by Carrier have been identified and patched, according to security researchers from Trellix who discovered the issues. Carrier argues these are not true zero-days because they are not actively being exploited, but now that they are public, that will change. These Carrier LenelS2 control systems are used by a wide range of industries from education to the federal government. Many will likely never be patched, much to hackers’ delight. Some of the bugs would give hackers root system access. Credit: The Record

DoJ Announces Plan to Improve Cybersecurity – In Line With the Requirements of the EO on Cybersecurity and after being Hacked Multiple Times

I’d like to give them credit for doing this, but the reality is that their current cybersecurity is not up to par and they are just doing what is required of them under the EO on cybersecurity. At least they are doing something. Credit: Daily Swig

Security News for the Week Ending May 27, 2022

Yet Another Russian Military “Asset” Catches Fire

Russian jet engine design hub Central Aerohydrodynamic Institute which is outside Moscow, did a “halt and catch fire” due to a fire at the electrical substation which powered the former design center. Score one for Ukraine, according to Russia. Russia claims it is the world’s largest scientific research center or at least was. It is assisting in the development of next generation jet aircraft. Judging by the photo, it doesn’t look like much survived. Credit: U K Daily Mail

 Central Aerohydrodynamic Institute in Zhukovsky

GM Hit By Credential Stuffing Attack

GM Sent letters to owners of some GM vehicles saying that it appeared that someone redeemed points in their accounts for gift cards, but GM was restoring the points. They say that GM’s systems were not compromised, rather customers reused passwords that were compromised elsewhere, allowing attackers to walk right in and steal the customer’s data. In those cases, GM is not required to make the customer whole, but for PR reasons, it probably makes sense to do that. Credit: Bleeping Computer

Quad Nations Pledge More Collaboration on Cybersecurity Plus

Part of China’s worst nightmare, the leaders of the Quad – Australia, India, Japan and the US – agreed to strengthen collaboration on emerging technologies and cybersecurity with an unspoken subplot of neutralizing China. A few years ago China thought the Quad was a passing fad. With global politics what it is, that turned out to be a miscalculation, one that China is not happy with. Credit: The Register

More and More Ransomware Moves to Extortion

As companies are doing a better job of backups, ransomware isn’t paying as much to get the decryption key. HOWEVER, more ransomware organizations are either selling the stolen data (the Verizon data breach report says that most ransomware attacks now include stealing your data), or extorting the victim by threatening to sell it. If that fails, they just leak the data. The Conti gang leaked all of the data stolen during a January ransomware attack against Linn County Oregon after officials decided not to pay the ransom. They said their backups were good enough and the data stolen wasn’t that sensitive. That will not be the case all of the time. Credit: The Record

CISA Adds 75 More Actively Exploited Bugs to its MUST PATCH List

CISA seems to be pretty serious regarding getting the patching cadence of federal systems up to snuff. This week they added 3 batches of bugs to patch. The first batch included 21 bugs; the second batch included 20 and the third included 34. Some of these bugs are old, including products that are past their expiration date like Microsoft Silverlight and Adobe Flash, but we still see them on systems on a regular basis. Credit: ZDnet

US Sets Up Multi-Agency Anti-Ransomware Task Force

As part of CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) in the just passed omnibus spending bill, CISA is required to stand up a Ransomware Task Force. Jen Easterly, head of CISA, having just won the battle that requires companies to report breaches and ransomware payments to her rather than the FBI (which pissed off the FBI enough that they publicly suggested that Congress not pass the Act), offered an olive branch and made the FBI co-chair of the task force.

The idea is to coordinate government wide efforts to curb ransomware. In this case, it does not mean more prosecution, although that is certainly something that Lisa Monaco would love to do.

No, what I think would be the smartest thing and, I think, what Jen Easterly understands, is that the government already has an amazing amount of information and resources.

It also has an amazing number of silos due to power-turf wars. Every agency’s report card gets an “F” under plays well with others.

If she can figure out a way to cut through some of the turf (everything in Washington is about power and the appearance of power), then maybe we won’t have another 9-11 where one agency knew about the attackers but did not share with others, according to the 9-11 commission.

If they are successful at distributing all of the information that they already have and can actually get people to act, we can significantly cut down the attack surface.

How do hackers work? They look at the patches that vendors release and know that businesses (and even worse, government agencies at the local and state level) won’t patch for weeks or months and figure out how to weaponize them. That only takes a few days. They likely have weeks to months to use those weapons before the “locks on the doors” get changed. Combine that with social engineering and you have a powerful weapon and weapon delivery system.

And in fairness, if we can get the LEOs (the FBI, state and local law enforcement) to work together, there are a lot of hackers in the United States. Those are all within the reach of the cops – if they only know who to look for.

But there are some things in government that don’t change. Jen said the group will hold its first official meeting in the next few months.

Pardon me, you can’t find an hour to meet next week or the week after?

I guess it is just not that much of a priority.

Credit: Data Breach Today

Security News for the Week Ending November 12, 2021

Feds Having Some Success In Going After Hackers

The DoJ announced the arrest of a Ukrainian who is accused of deploying ransomware on behalf of the REvil ransomware gang. They also seized $6 million in cryptocurrency. The Ukrainian was arrested in Poland (crooks are not smart. If you are in the crosshairs of U.S. law enforcement, do not go to countries with extradition treaties with us. They also arrested other REvil affiliates in Romania and Kuwait. Understand while this is all good, it is also a drop in the bucket with regard to the amount of cybercrime affecting us. Credit: Bleeping Computer

State Department Sends Emergency Employee Message: Change Passwords

On Tuesday afternoon the State Department sent out an official text message to employees telling them to change passwords now and increase the length from 12 to 16 characters. They are not even confirming the message but the only logical conclusion is that they were hacked. Credit: Just the News

Missouri Apologizes for Governor’s Political Stunt

After the St. Louis newspaper discovered that a state website that allows the public to check on teachers’ credentials was leaking the personal information of hundreds of thousands of teachers, the governor tried to get the newspaper and the reporter arrested and charged with hacking. He even ordered the highway patrol to investigate the crime. Now the state’s department of education is apologizing to the teachers and offering them credit monitoring. The governor said that the newpaper’s hacking was going to cost the state $50 million. Turns out the cost is really $800,000. And the highway patrol is still investigating. The Governor has not apologized. Credit: ZDNet

Dutch Newspaper Accuses US Spy Agency of Orchestrating 2016 Booking.com Breach

Booking.com was hacked in 2016 and they did not disclose the breach. The newspaper says that Booking.com relied on advice from law firm Hogan Lovells saying they did not have to disclose it. The hackers came across a poorly secured server with customer PINs which allowed them to steal the information. The company asked the Dutch spy agency for help after an internal investigation tied the hacker to US spy agencies. The company acknowledged that it did not disclose the breach and that was consistent with the laws in effect at the time. This hack looks very similar to an attack that Snowden disclosed eight years ago. Credit: The Register

13 Security Bugs Impact Important Healthcare Devices

Researchers have published details of a suite of 13 vulnerabilities in the Nucleus real time operating system from Siemens that is used across many industries including healthcare, automotive and aerospace. Called Nucleus:13, the flaws affect the TCP/IP stack, a common attack vector in these type of operating systems. This revelation is part of a larger investigation into TCP/IP software which discovered 78 vulnerabilities in 14 different TCP/IP stacks. A different research team found 19 flaws in a different TCP/IP stack. Siemens has released patches for the current versions of the OS, but there is no way for an end user to know what version is in their medical device – that is until software bills of material become legally mandatory. Credit: Bleeping Computer

Feds Scramble for Easy Fix To Ransoms

Congressman Patrick McHenry (R-NC) introduced the Ransomware and Financial Stability Act (HR 5936) this week which would make it illegal for financial institutions to pay ransoms over $100,000 without first getting the government’s permission.

McHenry, the top Republican on the House Financial Services Committee, introduced the bill yesterday.

He said that ransomware payments in the U.S. totaled more than $1 billion since 2020. He didn’t answer where he came up with that number.

The FBI says ransomware payments between 2014 and 2020 totaled $140 million. Not sure where the other $860 million came from.

He says that the bill will help deter, deny and track down hackers who threaten the financial institutions. I am sure that a new law will make all of those hackers in Russia and North Korea shake in their boots. I am also not clear why not paying ransoms would help track down hackers.

If the bill passes, it will mandate the following:

  • Financial institutions will have to notify Treasury’s FINCEN before making a ransomware payment
  • It would prohibit financial institutions from paying a ransom in excess of $100,000 with prior approval from law enforcement or the President, if he/she determines it is in the country’s national interest

The bill says that ransomware payment reports would remain confidential, something the government is great at, except that there is an exception to that in the case of the government or the courts.

Of course there are two sides to prohibiting these payments.

On the pro ban side, they it is no different than paying bribes or paying pirates.

On the anti ban side, there are those who say it is not the government’s decision and paying the ransom may be dramatically less expensive than not paying it.

RAND has suggested that banning ransom payments is similar to the U.S.’s no-concession approach to giving in to kidnapping demands, which RAND says does not work.

The FBI said that ransom payments should not be banned.

Usually the reason that companies choose to pay the ransom is that it is less expensive. Often 10x or 50x less expensive. The bill, which makes saving that money impossible, does not compensate financial institutions for the decision that the government will make for them.

The only good news is that he does not have any co-sponsors and there is no Senate version.

Credit: Threatpost