Research, identify, write and post a summary, and be prepared to discuss in class an article you found about a current event in the Information Security arena. For this week’s theme, research a current cybercrime theme – such as a recent attack, or management research on how organizations are dealing with cybercrime.
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Kelly Sharadin says
The log4shell vulnerability an evolution of the recent log4j vulnerability that has been targeting organizations’, seeks to leverage the log4j attack vector by imbedding themselves within the data supply chain of the victim’s data lake pipelines. Organizations using the open-source extract-transform-load (ETL) software are vulnerable to this attack if they have not upgraded to the latest security fix. These RCE exploits if successful are able to evade detection via firewall and scanning due to encryption and compression that allows the exploit to blend in with normal pipeline traffic. Adversary’s goals could include the ability to manipulate machine learning within the data lake. The article provides an example of Telsa’s autopilot program if machine learning is designed to ‘stop at red lights’, in theory attackers using the log4shell vulnerability could modify this data to ‘go at red lights’.
https://www.darkreading.com/cloud/log4shell-exploit-data-lake-ai-poisoning
Vraj Patel says
A recent data breach at the Oklahoma City Indian Clinic (OKCIC) compromised the personal identifiable information (PII) of 40,000 people. On May 12th, the OKICIC posted on their website that they had a data breach. When the data breach was discovered, the OKICIC hired a third-party to do forensics on the incident. According to the OKICIC, customers’ PII, such as their names, dates of birth, Social Security numbers, treatment information, phone numbers, medical records, prescription information, health insurance policy numbers, and driver’s license numbers was impacted.
Reference:
https://www.infosecurity-magazine.com/news/oklahoma-city-indian-clinic-data/?&web_view=true
Antonio Cozza says
Costa Rica is facing extreme difficulty as the same week that its new president Rodrigo Chavez has been sworn in, rampant cyberattacks have barraged its government agencies; 27 different (mostly government) agencies were targeted and attacked, 9 of which are government agencies that are “very affected.” Chavez has stated that the attacks have “enormous” impact on the Central American economy, specifically with foreign trade. In April, before Chavez was inducted, the previous president dealt with a requested $10 million ransom from Russian hacker group Conti, which it refused to pay. At his inauguration, Chavez declared a national state of emergency. The country’s tax collection systems for customs were actually forced offline and rendered useless, but they were able to stand up a substitute platform for some transactions to go through.
https://www.reuters.com/world/americas/cyber-attack-costa-rica-grows-more-agencies-hit-president-says-2022-05-16/
Shubham Patil says
US and Canada have agreed to work together to improve coordination around reporting of ransomware attacks that can affect cross-border critical infrastructure. They also plan to identify and implement options to strengthen “sectors of our economies that are increasingly targeted by criminals and to implement effective responses.”
Both sides welcomed negotiations for a potential bilateral agreement relating to the US Clarifying Lawful Overseas Use of Data Act (CLOUD Act). If finalized and approved, the agreement would make it easier for Canadian and US investigative authorities to access communications and associated data in the other country for the purposes of prevention, detection, investigation and prosecution of serious crime, such as terrorism, child sexual exploitation and abuse and cybercrime.
https://www.infosecurity-magazine.com/news/us-and-canada-collaborate-to/
Oluwaseun Soyomokun says
The Thanos ransomware constructor was created by a cardiologist turned accused malware hacker.
According to a US criminal complaint unsealed on Monday, Moises Luis Zagala Gonzalez, 55, a citizen of France and Venezuela who lives in Ciudad Bolivar, Venezuela, engaged in attempted computer intrusions and conspiracy to commit computer intrusions (May 16).
Zagala is accused of selling and leasing ransomware packages produced by him to cybercriminals.
According to US prosecutors, he is also suspected of educating would-be attackers on how to use his wares to extort victims and then boasting about successful crimes.
https://portswigger.net/daily-swig/medical-doctor-charged-with-creating-the-thanos-ransomware-builder
Kyuande Johnson says
Cyber attack on Costa Rica grows
27 Cyber Attacks were launched against Costa Rican Institutions in one month. This increase in attacks occurred when their new leader President Rodrigo Chaves reported into office. The attacks have had an “enormous” impact on foreign trade and tax collections. There were reported hacker attacks on the country’s finance ministry, which spread to other state institutions after authorities refused to pay a $10 million ransom demanded by the Russian hacker group Conti. Chaves did not provide an updated list of institutions targeted by the hackers. Its clear that the country is at war and it is currently at a state of emergency.The governments of Israel, the United States and Spain have provided assistance to help protect Costa Rican computer systems and repair the damage.The full extent of the damage is not yet known. The attacks have forced the finance ministry to deactivate Costa Rica’s tax collection systems, which is being substituted by another platform until further notice.
https://www.reuters.com/world/americas/cyber-attack-costa-rica-grows-more-agencies-hit-president-says-2022-05-16/
Mitchell Dulaney says
“Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service”
Eternity is a set of related malware functions that are being packaged and sold on a subscription basis by developers on Telegram. Threatpost reports that the different functions range from a cryptocurrency miner, credentials stealer, clipboard monitoring service, and a computer worm, all with different annual subscription fees. These functions were built on top of code from a public Github repository. Eternity is being sold via Telegram, a practice which is growing increasingly common due to the encryption and privacy features of the platform. There are approximately 500 members of the Telegram channel selling this particular set of malware tools.
Security experts including a vice president at Shared Assessments are using this example to warn end users about the dangers of saving passwords and other sensitive data like payment card information to their computers using internet browsers. Because of the accessibility and prevalence of tools such as the Eternity package, users should assume that their passwords have already been compromised and take steps to secure their data with that in mind.
https://threatpost.com/telegram-spread-eternity-maas/179623/
Anthony Wong says
CREAM Finance Exploited for $130M
Decentralized Finance (DeFi) uses emerging technologies such as blockchain to offer traditional financial products and services without relying on brokerages, exchanges or banks. DeFi uses a lending protocol called CREAM Finance to provide these services. Attackers have been inspecting the open source code and exploiting vulnerabilities to steal money from the platform. The vulnerability within the blockchain is called flash loans where money can be borrowed without any collateral to ensure it will be paid back. As a result, hackers have stolen $130 million so far.
https://www.yahoo.com/now/cream-finance-exploited-117m-defi-165911747.html
Tal Eidenzon says
OKTA Breach aftermath
In this article, identity Authentication company, OKTA, is being sued for misleading directors regarding a breach that was announced earlier this year. The lawsuit alleges that OKTA downplayed and and made false statements regarding the breach. This news reaffirms a recent trend of directors and officers being named in cyber security breach related lawsuits. This underscores the importance of due diligence and due care.
https://www.insurancejournal.com/news/national/2022/05/23/668806.htm