US FCC has declared the Russian cybersecurity vendor Kaspersky as a national security threat following recent political events for fear of cyber espinoage. Federal agencies were required to remove Kaspersky products (such as anti-virus) as far back as 2017. Kaspersky released an offical response stating that the claims of Kaspersky acting in bad faith are unfounded and go on to deny any ties to the Russian government.
I came across this article that details that a UK teen with connection to the cybercriminal gang Lapsus was arrested.
After falling out with his colleagues, he was doxxed and his personal details, along with information that he had accumulated close to $14m in Bitcoin due to his exploits.
I think its interesting that in today’s world, teenagers can become involved with cybercriminal gangs from the confines of their own home, and it reinforces the idea of don’t read a book by it’s cover.
This article from thehackernews describes how the US government released a cybersecurity advisory that detailed state-sponsored campaigns against US energy infrastructure performed by 4 Russian government employees who deployed malware on US and international energy sector networks, allowing them to exfiltrate data. The attacks were done with spearphishing campaigns, trojanized software updates, and watering hole attacks which led users to rogue websites. The targets included the aforementioned, along with oil refineries and nuclear facilities, and one custom malware. TRITON, developed by the group has the capability to take control of critical systems at an unnamed oil refinery in the middle east.
Two weeks ago I reported on a few critical vulnerabilities in Microsoft Exchange which the company had released a patch for. Now, it looks like hackers are exploiting a vulnerability using a tactic known as Conversation Hijacking where hackers send phishing emails in an existing email thread. According to Israeli security company Intezer: “A forged reply to a previous stolen email is being used as a way to convince the recipient to open the attachment. This is notable because it increases the credibility of the phishing email and may cause a high infection rate.”
I found this update especially interesting because the patch to this vulnerability has already been released, however the exploitation is still prevalent. Similar to the Equifax breach, even when a patch is released, corporate flaws can prevent the patch from being implemented in a timely manner, which results in preventable hacks.
Ukraine Suffers Significant Internet Disruption Following Cyber-Attack
A major cyber attack on Ukraine’s national telecommunications provider has led to the “worst” disruption of Internet connectivity in the region since the conflict with Russia. Netblocks, a global Internet monitor, reported that the attack was the “worst” disruption to Ukraine’s Internet service since the Russian invasion began in late February, with connectivity dropping to 13 percent of prewar levels. In a series of tweets, it wrote: “Ukraine’s state Internet provider Ukrtelecom has confirmed a cyber attack on its core infrastructure. Real-time network data shows that service disruptions are continuing and intensifying nationwide, the worst since the Russian invasion.”
State of Washington health district has a data breach recently in 2020. The data breach was a result of a one of the employees falling a victim of a phishing email. The district has confirmed that the personal data might of have been compromised since the attackers were able to gain access of the employee’s email account. During their internal investigation, they have concluded there was no sign of any of the documents being opened or downloaded as of then and assumes that the attacker would have still looked through the documents containing Protected Health Information (PHI) of the individuals within the email using the preview feature. This breach has affected 1,058 individuals by potentially getting their information compromised. The information includes names, dates of birth, case numbers, counselor’s names, test results and dates of urinalysis, medication received, and date of last dose of their medicines.
A Ukrainian government-run telecom company, Ukrtelecom, experienced a Russia-launched cyber attack which impacted telecom services on Monday, March 28th. The attack was thwarted but it did lead to a temporary halt of services. They are currently working to restore services. In the meantime, they have experienced trouble with installing new internet sessions for customers.
This is not the first Russian-launched attack on Ukraine’s telecom companies. Earlier this month, there was an attack of Triolan, a smaller telecom company. The Triolan attack resulted in an isolated, local disruption of service.
New Report on Okta Hack Reveals the Entire Episode LAPSUS$ Attack
Okta has been hacked!! An independent cybersecurity researcher disclosed the timeline for the recently disclosed OKTA data breach. Given that OKTA is a single sign on (SSO) provider for over 300 companies (therefore having access to thousands of PII and authentication credentials), this breach is extremely prevalent. Many people also recycle passwords; if a password that OKTA stored was discovered, in addition to PII, those individuals could have suffered a tremendous data breach. This article discussed how OKTA discovered the breach in late January of 2022—but waited to disclose the breach only until a few days ago. This stands out to me since a very similar timeline was followed during the 2017 Equifax breach, where the public was kept uninformed of personal data exposure for months also. The attacker was discovered to be LAPSUS$– a notorious extortion gang. Seven gang members were arrested by the City of London Police a few days ago, in connection to the investigation following this incident. OKTA also commented on their lack of timely information disclosure: “In light of the evidence that we have gathered in the last week, it is clear that we would have made a different decision if we had been in possession of all of the facts that we have today,” Okta said, adding it “should have more actively and forcefully compelled information from Sitel.” I could not find much information on the degree/amount of breached information; but, I did find a Forbes article that had an interesting quote from a LAPSUS$ member: “For a service that powers authentication systems to many of the largest corporations . . . I think these security measures are pretty poor.” In addition, Forbes went into detail that OKTA serves as an SSO for federal entities who are FedRAMP-certified. This could possibly pose a threat to highly confidential government information—a high risk in a time of international crisis.
“Massive cyberattack against Ukranian ISP has been neutralized, Ukraine says” & “Ukraine destroys dive bot farms that were spreading ‘panic’ among citizens”
Ukrtelecom had an enormous cyberattack on Monday, March 28. The cyberattack reached the core’s IT infrastructure and impacted the entire nation. According to the article, this was leading to the most severe internet disruption registered in Ukraine since the invasion of Russia. Ukrtelecom has temporarily limited providing its services to the majority of private users and business clients.
Additionally, Security Services of Ukraine (SBU) had around 100,000 accounts spreading false information. SBU took over 100 GSM gateway devices, close to 10,000 SIM cards, laptops, and other computer equipment from several BOT farms.
The article I am choosing to summarize this week is about the new agreement between the US and the EU regarding data flows between the two continents. On Friday 3/25, representative from the US and EU announced publicly that they had agreed in principle to a new framework for cross-border transfers. Trans-Atlantic data flows are important for large companies such as Meta and Google because these companies need to be able to provide information and other business services accurately and securely. Meta had previously warned that it may shut down Facebook and Instagram in Europe over the new uncertainty surrounding data flow laws between the two continents after “Privacy Shield”, the preexisting agreement, was invalidated in July 2020. The agreement before Privacy Shield, “Safe Harbor”, was invalidated for the same reasons; supervisory authorities and privacy activists found them to infringe on some civil privacy and rights. Ursula von der Leyen, the European Commission President, said that the new agreement will “enable predictable and trustworthy data flows between the EU and US, safeguarding privacy and civil liberties.
Sophos had a vulnerability in their firewall product that would allow for remote code execution. The vulnerability is an authentication bypass vulnerability in the user portal and web admin. If an attacker were to exploit this vulnerability it would give them control over the device and allow them to turn off the firewall, add users, and dig deeper into an organization’s network. A hotfix was sent out, but those who have not set up automatic updates will have to take action and apply the hotfix manually. This is the third bug found in Sophos products this month.
Thirty-nine per cent of UK businesses identified at least one cyber attack on their operations in the last 12 months, according to the UK government’s ‘Cyber Security Breaches Survey 2022’ report, released today. The ‘Cyber Security Breaches Survey 2022’ revealed that the most common threat vector was phishing attempts, reported by 83 per cent of businesses. With phishing the most common threat vector by a country mile, around one in five (21 per cent) also identified more sophisticated attack types, such as a denial of service, malware, or ransomware attack. Despite its low prevalence, organizations cited ransomware as a major threat, with 56 per cent of businesses having a policy not to pay ransoms.
Data breach remains a critical problem across the world, but one that may be slowly abating.
In the first quarter of 2022, accounts of over 1.8 crore users were breached worldwide, according to research by UK-based VPN company Surfshark. This was, however, 58% lower than the 4.3 crore between October 2021 and December 2021.
“The number of publicly reported data breaches in the US increased by double digits year-on-year in the first three months of 2022, according to the Identity Theft Resource Center (ITRC).The non-profit claimed that the increase represents the third successive year in which Q1 figures have exceeded those recorded 12 months previously.The vast majority (92%) of breaches recorded by the ITRC were traced back to cyber-attacks, with phishing and ransomware the top two causes overall.”
Kelly Sharadin says
US FCC has declared the Russian cybersecurity vendor Kaspersky as a national security threat following recent political events for fear of cyber espinoage. Federal agencies were required to remove Kaspersky products (such as anti-virus) as far back as 2017. Kaspersky released an offical response stating that the claims of Kaspersky acting in bad faith are unfounded and go on to deny any ties to the Russian government.
https://www.bleepingcomputer.com/news/security/us-says-kaspersky-poses-unacceptable-risk-to-national-security/
Andrew Nguyen says
I came across this article that details that a UK teen with connection to the cybercriminal gang Lapsus was arrested.
After falling out with his colleagues, he was doxxed and his personal details, along with information that he had accumulated close to $14m in Bitcoin due to his exploits.
I think its interesting that in today’s world, teenagers can become involved with cybercriminal gangs from the confines of their own home, and it reinforces the idea of don’t read a book by it’s cover.
https://www.infosecurity-magazine.com/news/uk-teen-arrested-in-lapsus/
Antonio Cozza says
This article from thehackernews describes how the US government released a cybersecurity advisory that detailed state-sponsored campaigns against US energy infrastructure performed by 4 Russian government employees who deployed malware on US and international energy sector networks, allowing them to exfiltrate data. The attacks were done with spearphishing campaigns, trojanized software updates, and watering hole attacks which led users to rogue websites. The targets included the aforementioned, along with oil refineries and nuclear facilities, and one custom malware. TRITON, developed by the group has the capability to take control of critical systems at an unnamed oil refinery in the middle east.
https://thehackernews.com/2022/03/us-charges-4-russian-govt-employees.html
Patrick Jurgelewicz says
Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware
https://thehackernews.com/2022/03/hackers-hijack-email-reply-chains-on.html
Two weeks ago I reported on a few critical vulnerabilities in Microsoft Exchange which the company had released a patch for. Now, it looks like hackers are exploiting a vulnerability using a tactic known as Conversation Hijacking where hackers send phishing emails in an existing email thread. According to Israeli security company Intezer: “A forged reply to a previous stolen email is being used as a way to convince the recipient to open the attachment. This is notable because it increases the credibility of the phishing email and may cause a high infection rate.”
I found this update especially interesting because the patch to this vulnerability has already been released, however the exploitation is still prevalent. Similar to the Equifax breach, even when a patch is released, corporate flaws can prevent the patch from being implemented in a timely manner, which results in preventable hacks.
Dan Xu says
Ukraine Suffers Significant Internet Disruption Following Cyber-Attack
A major cyber attack on Ukraine’s national telecommunications provider has led to the “worst” disruption of Internet connectivity in the region since the conflict with Russia. Netblocks, a global Internet monitor, reported that the attack was the “worst” disruption to Ukraine’s Internet service since the Russian invasion began in late February, with connectivity dropping to 13 percent of prewar levels. In a series of tweets, it wrote: “Ukraine’s state Internet provider Ukrtelecom has confirmed a cyber attack on its core infrastructure. Real-time network data shows that service disruptions are continuing and intensifying nationwide, the worst since the Russian invasion.”
https://www.infosecurity-magazine.com/news/ukraine-internet-disruption-cyber/
Vraj Patel says
State of Washington health district has a data breach recently in 2020. The data breach was a result of a one of the employees falling a victim of a phishing email. The district has confirmed that the personal data might of have been compromised since the attackers were able to gain access of the employee’s email account. During their internal investigation, they have concluded there was no sign of any of the documents being opened or downloaded as of then and assumes that the attacker would have still looked through the documents containing Protected Health Information (PHI) of the individuals within the email using the preview feature. This breach has affected 1,058 individuals by potentially getting their information compromised. The information includes names, dates of birth, case numbers, counselor’s names, test results and dates of urinalysis, medication received, and date of last dose of their medicines.
Reference:
https://www.infosecurity-magazine.com/news/washington-health-district-2-data/
Madalyn Stiverson says
https://www.reuters.com/business/media-telecom/ukrainian-telecom-companys-internet-service-disrupted-by-powerful-cyberattack-2022-03-28/
A Ukrainian government-run telecom company, Ukrtelecom, experienced a Russia-launched cyber attack which impacted telecom services on Monday, March 28th. The attack was thwarted but it did lead to a temporary halt of services. They are currently working to restore services. In the meantime, they have experienced trouble with installing new internet sessions for customers.
This is not the first Russian-launched attack on Ukraine’s telecom companies. Earlier this month, there was an attack of Triolan, a smaller telecom company. The Triolan attack resulted in an isolated, local disruption of service.
Lauren Deinhardt says
https://thehackernews.com/2022/03/new-report-on-okta-hack-reveals-entire.html
New Report on Okta Hack Reveals the Entire Episode LAPSUS$ Attack
Okta has been hacked!! An independent cybersecurity researcher disclosed the timeline for the recently disclosed OKTA data breach. Given that OKTA is a single sign on (SSO) provider for over 300 companies (therefore having access to thousands of PII and authentication credentials), this breach is extremely prevalent. Many people also recycle passwords; if a password that OKTA stored was discovered, in addition to PII, those individuals could have suffered a tremendous data breach. This article discussed how OKTA discovered the breach in late January of 2022—but waited to disclose the breach only until a few days ago. This stands out to me since a very similar timeline was followed during the 2017 Equifax breach, where the public was kept uninformed of personal data exposure for months also. The attacker was discovered to be LAPSUS$– a notorious extortion gang. Seven gang members were arrested by the City of London Police a few days ago, in connection to the investigation following this incident. OKTA also commented on their lack of timely information disclosure: “In light of the evidence that we have gathered in the last week, it is clear that we would have made a different decision if we had been in possession of all of the facts that we have today,” Okta said, adding it “should have more actively and forcefully compelled information from Sitel.” I could not find much information on the degree/amount of breached information; but, I did find a Forbes article that had an interesting quote from a LAPSUS$ member: “For a service that powers authentication systems to many of the largest corporations . . . I think these security measures are pretty poor.” In addition, Forbes went into detail that OKTA serves as an SSO for federal entities who are FedRAMP-certified. This could possibly pose a threat to highly confidential government information—a high risk in a time of international crisis.
https://www.forbes.com/sites/thomasbrewster/2022/03/22/fury-as-okta-the-company-that-manages-100-million-logins-fails-to-tell-customers-about-breach-for-months/?sh=675cd1168734
Victoria Zak says
“Massive cyberattack against Ukranian ISP has been neutralized, Ukraine says” & “Ukraine destroys dive bot farms that were spreading ‘panic’ among citizens”
Ukrtelecom had an enormous cyberattack on Monday, March 28. The cyberattack reached the core’s IT infrastructure and impacted the entire nation. According to the article, this was leading to the most severe internet disruption registered in Ukraine since the invasion of Russia. Ukrtelecom has temporarily limited providing its services to the majority of private users and business clients.
Additionally, Security Services of Ukraine (SBU) had around 100,000 accounts spreading false information. SBU took over 100 GSM gateway devices, close to 10,000 SIM cards, laptops, and other computer equipment from several BOT farms.
Reference:
https://www.zdnet.com/article/massive-cyberattack-against-ukrainian-isp-has-been-neutralized-ukraine-says/
Michael Jordan says
The article I am choosing to summarize this week is about the new agreement between the US and the EU regarding data flows between the two continents. On Friday 3/25, representative from the US and EU announced publicly that they had agreed in principle to a new framework for cross-border transfers. Trans-Atlantic data flows are important for large companies such as Meta and Google because these companies need to be able to provide information and other business services accurately and securely. Meta had previously warned that it may shut down Facebook and Instagram in Europe over the new uncertainty surrounding data flow laws between the two continents after “Privacy Shield”, the preexisting agreement, was invalidated in July 2020. The agreement before Privacy Shield, “Safe Harbor”, was invalidated for the same reasons; supervisory authorities and privacy activists found them to infringe on some civil privacy and rights. Ursula von der Leyen, the European Commission President, said that the new agreement will “enable predictable and trustworthy data flows between the EU and US, safeguarding privacy and civil liberties.
Browne, R. (2022, March 25). EU and U.S. agree to new data-sharing pact, offering some respite for Big Tech. CNBC.com. Retrieved from https://www.cnbc.com/2022/03/25/eu-and-us-agree-new-data-transfer-pact-to-replace-privacy-shield.html
Dhaval Patel says
Sophos had a vulnerability in their firewall product that would allow for remote code execution. The vulnerability is an authentication bypass vulnerability in the user portal and web admin. If an attacker were to exploit this vulnerability it would give them control over the device and allow them to turn off the firewall, add users, and dig deeper into an organization’s network. A hotfix was sent out, but those who have not set up automatic updates will have to take action and apply the hotfix manually. This is the third bug found in Sophos products this month.
https://threatpost.com/critical-sophos-security-bug-rce-firewalls/179127/
Kyuande Johnson says
Thirty-nine per cent of UK businesses identified at least one cyber attack on their operations in the last 12 months, according to the UK government’s ‘Cyber Security Breaches Survey 2022’ report, released today. The ‘Cyber Security Breaches Survey 2022’ revealed that the most common threat vector was phishing attempts, reported by 83 per cent of businesses. With phishing the most common threat vector by a country mile, around one in five (21 per cent) also identified more sophisticated attack types, such as a denial of service, malware, or ransomware attack. Despite its low prevalence, organizations cited ransomware as a major threat, with 56 per cent of businesses having a policy not to pay ransoms.
https://www.gov.uk/government/news/businesses-urged-to-boost-cyber-standards-as-new-data-reveals-nearly-a-third-of-firms-suffering-cyber-attacks-hit-every-week
Olayinka Lucas says
Data breach remains a critical problem across the world, but one that may be slowly abating.
In the first quarter of 2022, accounts of over 1.8 crore users were breached worldwide, according to research by UK-based VPN company Surfshark. This was, however, 58% lower than the 4.3 crore between October 2021 and December 2021.
Source:
https://scroll.in/article/1022158/despite-global-drop-in-data-breaches-india-remains-among-the-five-worst-hit-nations
Bernard Antwi says
Data Breach Disclosures Surge 14% in Q1 2022
“The number of publicly reported data breaches in the US increased by double digits year-on-year in the first three months of 2022, according to the Identity Theft Resource Center (ITRC).The non-profit claimed that the increase represents the third successive year in which Q1 figures have exceeded those recorded 12 months previously.The vast majority (92%) of breaches recorded by the ITRC were traced back to cyber-attacks, with phishing and ransomware the top two causes overall.”
https://www.infosecurity-magazine.com/news/data-breach-disclosures-surge-14/