|
IT Security News Blast – 9-21-2021
This is the IT Security News Blast.
In its 13th year, we try to provide a brief situational awareness report for key sectors and events of note. It has always beeno curated by Mike Hamilton, Critical Insight Co-Founder. Sign up for the blast here:
https://www.criticalinsight.com/resources/daily-news
Jake and Mike, 9-20-2021
Discussed: the latest attack on the food and agriculture sector, how the Biden administration is going after cryptocurrency exchanges used for ransomware payments, and why government and military sites are trying to get rid of Viagra ads.
https://www.youtube.com/watch?v=UY1KtFkQVO0
BlackMatter Hits Grain Cooperative With Ransomware Attack
Iowa-based grain cooperative New Cooperative Inc. was struck by ransomware in recent days and has shut down its computer systems as it tries to mitigate the attack. [...] Based in Fort Dodge, Iowa, New Cooperative has over 50 locations across the top U.S. corn-growing state and is among the larger crop buyers from its farmer members. The cooperative, which in July announced a merger with MaxYield Cooperative, also distributes fuel and crop chemicals.
https://www.bloomberg.com/news/articles/2021-09-20/iowa-based-grain-cooperative-hit-with-ransomware-attack
OMIGOD: Microsoft Azure VMs exploited to drop Mirai, miners
"With a single packet, an attacker can become root on a remote machine by simply removing the authentication header. It’s that simple," Wiz researcher Nir Ohfeld said about the CVE-2021-38647 remote code execution (RCE) flaw. [...] According to GreyNoise's current stats, attackers are scanning the Internet for exposed Azure Linux VMs vulnerable to CVE-2021-38647 exploits from over 110 servers.
https://www.bleepingcomputer.com/news/security/omigod-microsoft-azure-vms-exploited-to-drop-mirai-miners/
Hive ransomware group attacks Missouri health center
According to reporting from St. Louis Public Radio's Shahla Farzan, the Missouri Delta Medical Center in Sikeston had confidential patient data stolen from one of its servers earlier this month. Hive began posting patient names, Social Security numbers and medical information on September 9, said Farzan.
https://www.healthcareitnews.com/news/hive-ransomware-group-attacks-missouri-health-center
Achieving true hospital interoperability through close collaboration
And yet sometimes a provider may "overly secure" their system, which then hinders the whole treatment or cure process, leading to medical errors, Tan claimed. To properly secure a system, collaboration indeed is key. Great interoperability requires an active partnership between a care provider and their vendors, who together balance the challenges between security and transparency and system connectivity.
https://www.healthcareitnews.com/news/asia/achieving-true-hospital-interoperability-through-close-collaboration
South Carolina municipalities facing nonstop cyberattacks, working from home a potential threat
South Carolina municipalities can be an easy target for cyberattacks, highlighting the need for safety infrastructure months after high-profile hacks have shone a spotlight on the issue. [...] Truskey said that there is “a high level” of incidents in the state, with government, health care, and financial institutions the biggest targets for cybercriminals. What makes these attacks even more common, he said, is that municipalities can be seen as easy prey.
https://www.counton2.com/news/south-carolina-news/south-carolina-municipalities-facing-nonstop-cyberattacks-working-from-home-a-potential-threat/
Energy, utility sectors feel 'most exposed' to cybersecurity threats, survey finds
However, the report also noted energy and utility executives feel more resilient to technology risks. These are sectors "where businesses have become adept at dealing with disruption more generally," the report notes. Retail and technology and telecommunications companies tied for second in the Beazley survey, with 38% of respondents saying the two sectors were most exposed to cyberthreats.
https://www.utilitydive.com/news/beazley-cyber-insurance-technology-risk/606836/
After Biden Warning, Hackers Define ‘Critical’ as They See Fit
In recent days, a Russia-linked ransomware group called BlackMatter attacked a grain cooperative in Iowa, an incident that appears to test Biden’s terms since “food and agriculture” is one of the protected sectors. [...] “The volumes of their production do not correspond to the volume to call them critical,” BlackMatter said in messages via its dark web page. The group said it has refrained from attacking dozens of companies that are “really critical” like “companies associated with oil, minerals and many others much more serious.”
https://www.bloomberg.com/news/articles/2021-09-20/iowa-based-grain-cooperative-hit-with-ransomware-attack
Microsoft Executive Calls For Improved Information Sharing Between Governments and Companies
While participating in a Washington Post Live discussion on September 20, Smith pointed toward certain sectors and aspects of society that should be protected from cyberwarfare. He specifically mentioned that a country’s digital supply chains, healthcare systems, and electoral processes should be considered off limits.
https://broadbandbreakfast.com/2021/09/microsoft-executive-calls-for-improved-information-sharing-between-governments-and-companies/
US to Unveil Sanctions on Use of Cryptocurrency for Ransoms
According to a report from The Wall Street Journal, the Treasury Department will announce sanctions and similar guidance designed to disrupt the financial infrastructure that has enabled ransomware attacks to date. [...] Frank Downs, a former NSA offensive analyst, tells ISMG, "Implementing sanctions in a smart, targeted manner against marketplaces with proven disregard for accountability aims to tackle one of cryptocurrency's biggest inherent dangers: money laundering."
https://www.govinfosecurity.com/us-to-unveil-sanctions-on-use-cryptocurrency-for-ransoms-a-17567
Air Force testing how to do intelligence in disconnected environments
“Our ISR wings, the 480th ISR Wing, the 363rd are doing experiments with how will they operate forward with disconnected systems in our forward ISR activities and then how will we be able to sustain any sort of data flow,” he added. “A lot of that comes back to the compute power that we’re enabling forward.”
https://www.c4isrnet.com/information-warfare/2021/09/20/air-force-testing-how-to-do-intelligence-in-disconnected-environments/
The blurring line between nation-state and cyber-criminals
It should come as no surprise that crossover between nation-state advanced persistent threat (APT) groups and underground criminal actors is common. It makes too much sense for both parties: a nation-state shields itself from attribution and culpability, and criminals find someone willing to pay them for their services and stolen data.
https://www.teiss.co.uk/the-blurring-line-between-nation-state-and-cyber-criminals/
19 cyber attacks repelled during Duma elections
"There were a total of 19 attacks, and some of them were very short, lasting several minutes. The most massive attack in terms of time was yesterday and it lasted 5 hours and 32 minutes. It began early in the morning and ended in the middle of the day," TASS quoted President of Russia’s digital services provider Rostelecom Mikhail Oseevsky.
https://en.mehrnews.com/news/178865/19-cyber-attacks-repelled-during-Duma-elections
Dutton warns of ‘more aggressive behaviour from China’
“The nuclear submarine co-operation between the US, the UK and Australia has seriously undermined regional peace and stability, intensified the arms race and undermined international non-proliferation efforts,” Chinese Foreign Ministry spokesman Zhao Lijian said. Now, Mr Dutton has issued a warning that China could go beyond words with retaliation in the form of further cyber attacks, which in July the US and its allies exposed China for having instigated.
https://www.afr.com/policy/foreign-affairs/dutton-warns-of-more-aggressive-behaviour-from-china-20210919-p58svm
APT actors exploit flaw in ManageEngine single sign-on solution
"The FBI, CISA, and CGCYBER assess that advanced persistent threat (APT) cyber actors are likely among those exploiting the vulnerability," the three agencies said in a joint advisory. "The exploitation of ManageEngine ADSelfService Plus poses a serious risk to critical infrastructure companies, US-cleared defense contractors, academic institutions, and other entities that use the software."
https://www.csoonline.com/article/3633644/apt-actors-exploit-flaw-in-manageengine-single-sign-on-solution.html
Europol Breaks Open Extensive Mafia Cybercrime Ring
The gang also engaged in other types of online fraud such as SIM swapping and business email compromise (BEC), Europol said. In all cases, the attackers laundered the money through a wide network of money mules and shell companies. “The stolen sums were later recycled through the purchase of cryptocurrency or reinvested in further criminal activities, such as prostitution, drug production and trafficking, and arms trafficking,” according to the Polizia di Stato.
https://threatpost.com/europol-mafia-cybercrime-ring/174838/
Epik data breach impacts 15 million users, including non-customers
Turns out, the leaked data dump contains 15,003,961 email addresses belonging to both Epik's customers and non-customers, and not everyone is pleased with the news. This occurred as Epik had scraped WHOIS records of domains, even those not owned by the company, and stored these records. In doing so, the contact information of those who have never transacted with Epik directly was also retained in Epik's systems.
https://arstechnica.com/information-technology/2021/09/epik-data-breach-impacts-15-million-users-including-non-customers/
Amazon’s AI Cameras Are Punishing Drivers for Mistakes They Didn’t Make
“Every time I need to make a right hand turn, it inevitably happens. A car cuts me off to move into my lane, and the camera, in this really dystopian dark, robotic voice, shouts at me," Derek, who asked to remain anonymous because he feared retribution from Amazon, told Motherboard. "It's so disconcerting. It’s upsetting, when I didn't do anything.”
https://www.vice.com/en/article/88npjv/amazons-ai-cameras-are-punishing-drivers-for-mistakes-they-didnt-make
|
