Saturday, December 04, 2021

Inevitable.

https://thehackernews.com/2021/12/pegasus-spyware-reportedly-hacked.html

Pegasus Spyware Reportedly Hacked iPhones of U.S. State Department and Diplomats

Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group, according to multiple reports from Reuters and The Washington Post.

At least 11 U.S. Embassy officials stationed in Uganda or focusing on issues pertaining to the country are said to have singled out using iPhones registered to their overseas phone numbers, although the identity of the threat actors behind the intrusions, or the nature of the information sought, remains unknown as yet.

The attacks, which were carried out in the last several months, mark the first known time the sophisticated surveillance software has been put to use against U.S. government employees. [I doubt it was the first time… Bob]



Good news for my Computer Security students.

https://www.axios.com/government-business-cyber-jobs-601a027c-cf68-47bb-96ca-da46237052f6.html

U.S. faces urgent anti-hacker crisis

The Biden administration is accelerating efforts to fill nearly 600,000 vacant cybersecurity positions in the public and private sectors bogging down efforts to protect digital infrastructure.

Why it matters: Following a deluge of ransomware attacks targeting critical government and corporate infrastructure this year, clogs in the talent pipeline are leaving federal, cash-strapped local governments and Big Business even more susceptible to hacking.

A nonprofit, Public Infrastructure Security Cyber Education Systems, provides university students hands-on experience: monitoring real-time data on local government networks.


(Related)

https://pisces-intl.org/2021/12/02/pisces-and-ncc/

PISCES and NCC

PISCES Director Steve Stein and Western Washington Professor Erik Fretheim, discuss the new partnership with Colorado’s National Cyber Center.



Local ransomware

https://www.theregister.com/2021/12/03/dmea_colorado_cyber_attack_billing_systems/

Utility biz Delta-Montrose Electric Association loses billing capability and two decades of records after cyber attack

A US utility company based in Colorado was hit by a ransomware attack in November that wiped out two decades' worth of records and knocked out billing systems that won't be restored until next week at the earliest.

The attack was detailed by the Delta-Montrose Electric Association (DMEA) in a post on its website explaining that current customers won't be penalised for being unable to pay their bills because of the incident.

"We are a victim of a malicious cyber security attack. In the middle of an investigation, that is as far as I’m willing to go," DMEA chief exec Alyssa Clemsen Roberts told a public board meeting, as reported by a local paper.

She is said to have confirmed that the co-operative's billing systems were also taken down by the attackers, telling a local TV station: "And we lost the majority of our historical data for the last 20-25 years. Since then we have been slowly rebuilding our network."



Tracking a wholesale hacker…

https://krebsonsecurity.com/2021/12/who-is-the-network-access-broker-babam/

Who Is the Network Access Broker ‘Babam’?

Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. In this post we’ll look at the clues left behind by “Babam,” the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occasions over the past few years.


(Related)

https://therecord.media/fbi-says-the-cuba-ransomware-gang-made-43-9-million-from-ransom-payments/

FBI says the Cuba ransomware gang made $43.9 million from ransom payments

The US Federal Bureau of Investigations said today that the operators of the Cuba ransomware have earned at least $43.9 million from ransom payments following attacks carried out this year.

In a flash alert sent out on Friday, the Bureau said the Cuba gang has “compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors.”

The FBI said it traced attacks with the Cuba ransomware to systems infected with Hancitor, a malware operation that uses phishing emails, Microsoft Exchange vulnerabilities, compromised credentials, or RDP brute-forcing tools to gain access to vulnerable Windows systems.

Once systems are added to their botnet, Hancitor operators rent access to these systems to other criminal gangs in a classic Malware-as-a-Service model.

The FBI document [PDF] released earlier today highlights how a typical Hancitor-to-Cuba infection takes place and provides indicators of compromise that companies could use to shore up their defenses.

It is also worth mentioning that Cuba is also one of the ransomware groups that gather and steal sensitive files from compromised companies before encrypting their files. If companies don’t pay, the Cuba group will threaten to dump sensitive files on a website they have been operating on the dark web since January this year.



Forecasting change...

https://www.pogowasright.org/what-is-the-online-privacy-act-of-2021/

What is the Online Privacy Act of 2021?

Odia Kagan of Fox Rothschild writes:

U.S. Congresswomen Anna Eshoo (D-California) and Zoe Lofgren (D-California) have reintroduced House Resolution 6027 for the Online Privacy Act of 2021.
Some of the bill’s key differentiators from CCPA, CDPA and CPA:
  • limitations on the disclosure of personal information to third parties that are not subject to the Act/jurisdiction of the US (Counter-Schrems II) (Section 204)
  • disclosure in privacy notice needs to name parties with whom information was shared (not just categories)

Read more of the key differences at Privacy Compliance & Data Security


No comments: