|
IT Security News Blast – 9-20-2021
U.S. to Target Crypto Ransomware Payments With Sanctions
The sanctions are expected to single out specific targets, rather than blacklist the entire crypto infrastructure where ransomware transactions are suspected of taking place. Nonetheless, the action will be intended to deter others from continuing their activities.
https://www.wsj.com/articles/u-s-to-target-crypto-ransomware-payments-with-sanctions-11631885336?mod=djemalertNEWS
General Promises US 'Surge' Against Foreign Cyberattacks
“Even six months ago, we probably would have said, ‘Ransomware, that’s criminal activity,’” Nakasone said. “But if it has an impact on a nation, like we’ve seen, then it becomes a national security issue. If it’s a national security issue, then certainly we’re going to surge toward it.”
https://www.securityweek.com/general-promises-us-surge-against-foreign-cyberattacks
Skills gap in healthcare IT industry causes security threats, according to new report
Additionally, four in 10 (39%) are facing a skills gap in data protection, with a quarter (25%) saying it means they are not adhering to necessary legislation or following the correct data protection procedures (21%). The survey polled 203 healthcare IT decision-makers as part of a wider survey of 609 respondents.
https://www.healthcareitnews.com/news/emea/skills-gap-healthcare-it-industry-cause-security-threats-according-new-report
Cyberattackers Target Missouri Hospital At Epicenter Of COVID Outbreak, Post Patient Data
Missouri Delta Medical Center in Sikeston, roughly 30 miles south of Cape Girardeau, confirmed the data breach Friday. [...] The city of Sikeston straddles Scott and New Madrid counties, which are experiencing surges in new coronavirus infections. Scott County has had the highest rate of new COVID-19 cases in Missouri over the past week, according to state tracking data.
https://news.stlpublicradio.org/health-science-environment/2021-09-17/cyberattackers-target-missouri-hospital-at-epicenter-of-covid-outbreak-post-patient-data
Biden prepares sanctions to disrupt crypto ransomware payments: 7 details
To stop illegal crypto transactions, the Treasury Department would need to target the digital wallets that receive ransom transactions, the crypto platforms that help exchange sets of blockchain coins and the people who own or manage those operations, crypto transaction analysts told the publication.
https://www.beckershospitalreview.com/cybersecurity/biden-prepares-sanctions-to-disrupt-crypto-ransomware-payments-7-details.html
The vicious cycle that makes ransomware such a potent threat
First, the emergence of double extortion attacks (whereby criminals exfiltrate as well as encrypt data) meant businesses could no longer rely on extensive backups for recovery. [...] The rise of the cyber insurance market has offered a way for businesses to mitigate the financial risk of ransomware, but also incentivizes further attacks by increasing the likelihood of a payout.
https://www.techradar.com/news/the-x-cycle-makes-ransomware-such-a-potent-threat
Hackers are leaking children’s data — and there’s little parents can do
NBC News collected and analyzed school files from those sites and found they’re littered with personal information of children. In 2021, ransomware gangs published data from more than 1,200 American K-12 schools, according to a tally provided to NBC News by Brett Callow, a ransomware analyst at the cybersecurity company Emsisoft.
https://www.nbcnews.com/tech/security/hackers-are-leaking-childrens-data-s-little-parents-can-rcna1926
Looking for Cyber Insurance? Legal Terms, Issues to Know
Cyber policies manage insureds’ potential exposure from, for example, data breaches, ransomware attacks, theft or loss of unencrypted assets, insider threats, denial-of-service attacks, supply chain cyberattacks, business email compromise, exploitation of cloud misconfigurations, and other nation-state and criminal cyber activity.
https://news.bloomberglaw.com/ip-law/looking-for-cyber-insurance-legal-terms-issues-to-know
House reconciliation bill includes nearly $800 million for CISA
The bill also includes $25 million for a nationwide multifactor authentication campaign aimed at the general public, $50 million for the Multi-State Information Sharing and Analysis Center, $50 million for the operation and expansion of Crossfeed, a voluntary, self-service CISA program aimed at giving private-sector website operators a dashboard view of potential vulnerabilities.
https://fcw.com/articles/2021/09/16/house-homeland-cisa-funding.aspx
Biden Launches Trilateral Indo-Pacific Partnership to Fuse Cyber Capabilities
Senior administration officials briefing reporters on the new partnership insisted it is not targeting China. It is “not aimed, or about any one country,” they said. “This is about a larger effort to sustain the fabric of engagement and deterrence in the Indo Pacific. We have a history of innovation, upgrading capabilities.”
https://www.nextgov.com/cybersecurity/2021/09/biden-launches-trilateral-indo-pacific-partnership-fuse-cyber-capabilities/185389/
US company believes India used its software to spy on Pakistan and China
Exodus CEO and co-founder Logan Brown said that, after an investigation, he believes India handpicked one of the Windows vulnerabilities from the feed—allowing deep access to Microsoft’s operating system—and Indian government personnel or a contractor adapted it for malicious means.
https://www.geo.tv/latest/371204-us-company-believes-india-used-its-software-to-spy-on-pakistan-and-china
Russia-US cybersecurity dialogue producing tangible results - envoy
In response to a TASS question about progress in cyber security consultations, the envoy pointed out that "our American colleagues are currently trying to focus on the ransom aspect of cybersecurity issues." "The issue does exist. The problem requires us to cooperate in figuring out where these attacks come from and who attackers are," the envoy added.
https://tass.com/politics/1339617
The Ex-NSA Operative Cyber-Mercenary Scandal Shows the Spyware Industry Is Totally Out of Control
However, privacy advocates have suggested that simply banning the occasional company from operation or the occasional prosecution is not going to be enough. Amnesty International, which helped expose NSO abuses, has called for a global moratorium on the sale of spyware products until a “human rights-compliant regulatory framework” can be developed and implemented.
https://gizmodo.com/the-ex-nsa-operative-cyber-mercenary-scandal-shows-the-1847688488
Telegram emerges as new dark web for cyber criminals
An investigation by cyber intelligence group Cyberint, together with the Financial Times, found a ballooning network of hackers sharing data leaks on the popular messaging platform, sometimes in channels with tens of thousands of subscribers, lured by its ease of use and light-touch moderation.
https://arstechnica.com/information-technology/2021/09/telegram-emerges-as-new-dark-web-for-cyber-criminals/
Anonymous claims to have hacked the controversial web hosting provider Epik, known for allowing far-right, neo-Nazi, and other extremist content.
“On September 13, 2021, a group of kids calling themselves ‘Anonymous’, whom we’ve never heard of, said they manage[d] to get a hold of, well, honestly, all our data, and then released it,” reads the Anonymous’ message published on the Epik’s knowledge base. “They claim it included all the user data. All of it. All usernames, passwords, e-mails, support queries, breaching all anonymization service[s] we have. Of course it’s not true. We’re not so stupid we’d allow that to happen.”
https://securityaffairs.co/wordpress/122263/hacktivism/anonymous-hacked-epik-provider.html
Romance Scammers Make $133m in First Half of 2021
Victims are typically approached on dating and social media sites, where the scammer establishes a relationship with them designed to build confidence. In time, the scammer will share information on a new cryptocurrency investment or trading opportunity, which is claimed to generate significant profits, according to the FBI.
https://www.infosecurity-magazine.com/news/romance-scammers-make-133m-in/
SSID Stripping: New Method for Tricking Users Into Connecting to Rogue APs
“For example, an SSID of the form ‘aireye_networknnnnnnnnnnnrogue’ (where ‘n’ denotes the New Line character) may be displayed by an iPhone as ‘aireye_network’ since the word ‘rogue’ is pushed out of the display,” the researchers said. “Together with type 2 errors this can be used to efficiently hide the suffix of a rogue network name.”
https://www.securityweek.com/ssid-stripping-new-method-tricking-users-connecting-rogue-aps
Yes, of course there's now malware for Windows Subsystem for Linux
On Thursday, Black Lotus Labs, the threat research group at networking biz Lumen Technologies, said it had spotted several malicious Python files compiled in the Linux binary format ELF (Executable and Linkable Format) for Debian Linux.
https://www.theregister.com/2021/09/17/windows_subsystem_for_linux_malware/
A Microsoft scientist went on TV and revealed the craziest truth about working from home
"You look at the people who are really excited about remote work," said Teevan. "We see that 58% of those people really value remote work because it allows them to focus." [...] "And when you look at the people who are really excited about going back into the office, we see that same number -- 58% -- who are really excited about going back into the office because it allows them to focus."
https://www.zdnet.com/article/a-microsoft-scientist-went-on-tv-and-revealed-the-craziest-truth-about-working-from-home/
|
