The rise of sophisticated cybercriminal organizations such as Wizard Spider and LockBit are creating havoc for businesses around the world. They are professional, organized, and actively recruiting new members. But what happens when these criminals turn on one another? In the spirit of Valentine’s Day, let’s look at some high-profile hacker relationships and the messy breakups that ensued.

Read full article: https://www.vadesecure.com/en/blog/messy-breakups-a-history-of-hacker-relationships-gone-bad

The FBI has announced that BlackByte ransomware has breached the networks of at least three organizations from US critical infrastructure sectors in the last three months.

News Insights:

Chris Clements, VP of Solutions Architecture, Cerberus Sentinel

“A large failing in the cybersecurity industry has been a lack of transparency from victims on how attackers breached their organization.  I fully understand the potential legal liability or reputational damage that may result in an honest accounting of the attack timeline including possible failures or negligence that contributed to the incident, but the outcome of not publishing this analysis means that many organizations are left uninformed on where their own exposures may be.  After all, many cybercriminal organizations use very similar techniques in attacking multiple victims.  A detailed analysis of events would raise awareness for everyone.  For example, how was the initial foothold gained?  Was the victim running anti-malware software?  Did the attackers bypass the anti-malware solution completely or were their initial attempts correctly flagged but dismissed by defenders because they were listed as “cleaned” or “quarantined”?  As technology becomes core to our most critical institutions, we must change our mindset on communicating this information.  The same way wouldn’t tolerate an airline refusing to provide a detailed account of an aviation incident to mitigate risks from equipment or procedures, we should demand that similar reporting and root cause analysis be made public where possible for cybersecurity breaches.”

James Graham, VP of Marketing, RiskLens

“It is imperative that organizations understand their exposure to ransomware and other attacks in financial terms, and especially in anticipation of increased threat activity.  Only through quantification can organizations understand the potential financial impact of new and increased attacks, and justify the investments that are necessary to adequately prevent and mitigate them.”

Erich Kron, Security Awareness Advocate, KnowBe4

“The critical infrastructure sector has been plagued by ransomware attacks, as the criticality of the systems makes quick recovery vital, which increases the likelihood that the victims will pay the ransom. This same criticality also makes law enforcement attention much more likely. However, given the low success rate of law enforcement busts, this is often a chance the groups are willing to take.

Critical infrastructure and many government entities are especially vulnerable to ransomware attacks as limited budgets, aging equipment and shortages in cybersecurity staffing all pose significant challenges for the defenders of these networks. These groups must focus on the top attack vectors used in ransomware attacks, usually email phishing and attacks on remote access portals. Training the users to spot and report phishing emails and improving the organizational security culture, along with ensuring remote access portals are monitored for brute force attacks and that credentials being used have Multi-Factor Authentication (MFA) enabled are some top ways to counter these threats.”

Photo by Andrea Piacquadio from Pexels

It is being reported that several key Ukrainian websites, including two of the country’s largest banks and its defense ministry, were temporarily knocked offline Tuesday as a result of cyberattack https://www.nbcnews.com/tech/security/ukrainian-websites-temporarily-knocked-offline-cyberattack-rcna16328

News Insights:

James McQuiggan, security awareness advocate at KnowBe4, commented: “The DDoS (Distributed Denial of Service) attacks can utilize hundreds or thousands of devices to disrupt the communications for an organization and its internet-facing systems. It is like getting on the highway at rush hour and needing to get from one side of the city to another in 10 minutes, and it is impossible because of the volume of cars on the road, making the trip take 45 minutes. Technology exists to reduce a DDoS attack; however, it is difficult to stop the attack once it starts without disabling the equipment. Organizations can consider having non-essential systems in a cloud environment like their main website or email. They can install and configure anti-DDoS hardware or software in a cloud environment. Most importantly, having a DDoS incident response plan is critical so IT personnel can quickly implement the necessary actions to minimize the attack and effectively return the systems to operation.”

The CISA’s has issued its new “Shields Up” campaign to raise awareness of potential hacking attempts from Russia.

News Insights:

According to Justin Fier, Director of Cyber Intel and Analytics for Darktrace, “Tensions in the Eastern Bloc are heating up — and we must expect that this will spill over into the US. The FBI confirmed that a new strain of ransomware, BlackByte, hit several forms of critical infrastructure in the US. CISA’s “Shields Up” alert highlights several cyber vulnerabilities that nation-state and cyber-criminal actors may leverage. This alert, the most direct of its kind, demonstrates the sense of panic at rising cyber and geopolitical tensions, explicitly referring to Russia as a state sponsor of cyber-threats and warning of “destructive cyber incidents,” like ransomware and wipers previously deployed in Ukraine.

Foreign adversaries no longer have to contemplate deploying nuclear attacks because they can sabotage nations’ most critical assets, effectively debilitating them. As cyber aggressions escalate, organizations across every industry, especially critical infrastructure, need to be vigilant in the face of cyber vulnerabilities, take alerts seriously, and implement patches immediately after release. In a world of digital transformation and automation, CISA’s recommendation that organizations which use ICS and OT test manual controls is alarming given the age and complexity of these manual systems and the pressing geopolitical threat of the current moment.

Like in 2014, when Russia displayed its cyberwar capabilities by crippling the Ukrainian power grid, Russia will likely look to cyber as a proxy for damage and disruption. Russia may look to disrupt critical national infrastructure with a cyber-attack on Ukraine and its allies or cripple the US economy in response to likely future economic sanctions. We no longer have the luxury of extensive vulnerability testing and ignoring warnings; geopolitical tensions are now playing out in cyberspace.”

In a now-declassified 2021 letter, lawmakers warned of “serious problems” with the agency’s data collection

The CIA has a secret repository of information collected about Americans as part of the agency’s foreign surveillance programs, two Democrats on the Senate Intelligence Committee alleged on Thursday. The lawmakers said the agency hid from Congress and the public what amounts to “warrantless backdoor searches of Americans.”

Sens. Ron Wyden (D-Ore.) and Martin Heinrich (D-N.M.) wrote to CIA Director Bill Burns and Director of National Intelligence Avril Haines in April 2021, calling for details about the program to be declassified. The CIA, they claimed, has “secretly conducted its own bulk program … entirely outside the statutory framework that Congress and the public believe govern this collection.” The program does operate under the authority of Executive Order 12333, which has governed intelligence community activity since 1981, the senators said.

Read the full article:

Senators Say CIA Secretly Collected Data in ‘Warrantless Backdoor Searches of Americans’

https://www.fitchratings.com/research/us-public-finance/us-federal-cyber-plan-could-help-mitigate-water-utility-cyber-risk-10-02-2022

DHS Launches First-Ever Cyber Safety Review Board. The 15-member group will focus on significant cybersecurity events and recommend improvements.

The CSRB’s first report, which will be delivered this summer, will include:

• a review and assessment of vulnerabilities associated with the Log4j software library, to include associated threat activity and known impacts, as well as actions taken by both the government and the private sector to mitigate the impact of such vulnerabilities.
• recommendations for addressing any ongoing vulnerabilities and threat activity; and,
• recommendations for improving cybersecurity and incident response practices and policy based on lessons learned from the Log4j vulnerability.

CISA Director Jen Easterly said, “A continuous learning culture is critical to staying ahead of the increasingly sophisticated cyber threats we face in today’s complex technology landscape. Over two decades in the Army, I learned the importance of a detailed and transparent After Action Review process in unpacking both failures and successes.”

News Insights:

George McGregor, VP, Approov: “We welcome this initiative. It will be important for the board to consider two major reports published last year (https://www.fiercehealthcare.com/tech/report-shows-patient-data-vulnerable-to-hacks-third-party-aggregators) that found that that no effective shielding solutions were in place in mobile health apps: secrets could be acquired from mobile health apps and used to attack APIs directly. The research also highlighted well known vulnerabilities found in some APIs and it was possible to use one user’s (genuine) credentials to access (many) other people’s PHI data. Effective run-time shielding can eliminate these risks.”

Curtis Preston, Chief Technical Evangelist at Druva: “The Homeland Security Department establishing the Cyber Safety Review Board makes it clear that strengthening the nation’s cyber resilience is a top priority in 2022. Cyber attacks unfold very quickly, and hackers are constantly evolving their methods of attack. That means in order for the board to be successful, it will be critical to devise ways to review major incidents at a quick and speedy pace; otherwise, their findings will be outdated and ineffective. In the meantime, organizations should proactively be taking steps to help minimize the impact of the inevitable cyber attack. Every organization should: back up their data securely, monitor their environment for unusual activity, and test their playbook for a speedy and successful recovery. A defense-in-depth strategy that advances an organization’s resilience is the best and only way to fight back.”

Tim Erlin, VP of Strategy at Tripwire: “We’ve all seen cyber attacks grow from a primarily commercial concern to the level of a national security issue. When you have incidents that can shut down pipelines or impact the water supply, it becomes necessary to provide more rigorous investigation and greater transparency. We’ve certainly reached that point with cybersecurity.

The comparison to the NTSB is useful, but won’t be entirely accurate. For example, trying to extend this comparison to their first target, the Log4j vulnerabilities, highlights the differences quickly. Log4j is hard to investigate as a single incident, especially given that it’s not really over yet. Still, there’s plenty to learn and we should expect the findings to shape legislation and regulation going forward.

Cyber security incidents will require very different tools and skills to investigate, and we should all be prepared for some less than satisfying conclusions, especially at the start. The formation of this review board should serve not only to deliver reports, but to continuously improve the best practices for these types of investigations.”

Security Weekly recently reported the Massachusetts law makers are weighing online data privacy bill, bill that would grant Massachusetts residents what supporters describe as fundamental internet privacy rights — including greater control over their personal information — is making its way through the Statehouse.

https://www.securityweek.com/massachusetts-lawmakers-weighing-online-data-privacy-bill

News Insights:

Purandar Das, CEO and Co-founder from Sotero (www.soterosoft.com), an encryption-based data  security solutions company, said,  “Massachusetts is the latest in joining a slow but steady procession of states towards protecting individuals. It is paramount that the consumer and their privacy be protected. Much of the online scams and targeting is based on data being so freely available. Business based on consumer data are too numerous to count. Consumers not having a say in how and when their data is used doesn’t seem to make much sense. Also, the commonly used push back about a uniform federal law doesn’t hold much water either. That seems to be a way to slow things down knowing that any action at the federal level has a lower chance of success or tales too much time. There are examples such as taxes, alcohol laws that are applied at the state level and have been embraced.”