A slightly cut-down format this week as it’s my birthday 😊
Interesting stats
82% of ransomware attacks impact organisations with fewer than 1,000 employees, according to Coveware (see threat intel, below)
$600 million the ‘minimum’ cryptocurrency payments made to ransomware gangs in 2021, with 1/3 of that believed to be tied to the Conti ransomware gang, according to Chainlysis therecord.media
$547 million lost by American’s to romance scams in 2021, according to the Federal Trade Commission bleepingcomputer.com
2021 was a bumper year for cyber startups, mergers and acquisitions… $29.5 billion venture capital raised by cyber security startups in 2021 ($12 billion, 2020), with another 286 M&A transactions, totalling $77.5 billion according to data from Momentum Cyber techcrunch.com
In brief
Attacks, incidents & breaches
- Washington State Department of Licensing has disclosed a potential breach of 250,000 professionals following suspicious activity detected at the end of January zdnet.com
- Vodafone Portugal 4G, 5G, fixed-line, SMS, and other services knocked offline by a “deliberate and malicious cyberattack” therecord.media
- A “serious incident” at the UK Foreign, Commonwealth and Development Office (FCDO) has been revealed following a procurement notice explaining why the public tender process had not been followed in awarding BAE Systems Applied Intelligence (my old employer) a £476,000 ($630K) contract for ‘business analyst and technical architecture support’ techcrunch.com
- Slovenian television station PopTV broadcasts and new output was disrupted in an apparent extortion attempt therecord.media
- Approximately 500 e-commerce sites running version one of Adobe’s Magento shopping software have been compromised by a MageCart card skimming operation arstechnica.com
- Delay of game: the corporate network of the NFL’s San Francisco 49ers infected with BlackByte ransomware therecord.media
Threat intel
- Following law enforcement actions against them, ransomware gangs are less likely to target larger, international firms, and are instead seeking higher payouts from mid-sized organisations, according to Coveware bleepingcomputer.com
- A good write-up of Qbot and how quickly an infection results in theft of credentials and browser history, potentially across your network thedfirreport.com
- North Korea’s Lazarus group is sending out job offers again as lures, this time pretending to be from Lockheed Martin zdnet.com
- Joint advisory from the US, UK and Australia warns of ‘increased globalised threat’ of ransomware cisa.gov
- The UK’s Financial Conduct Authority, who regulate the financial services sector, has written to large UK banks telling them to strengthen and test defences against potential cyberattacks as Russia/Ukraine tensions continue to rise ft.com
- FritzFrog, a peer-to-peer/decentralised botnet with infections rising quickly, targets SSH servers using known credentials arstechnica.com
- SentinelLabs claim to have joined the dots on an APT group aligned with Indian state interests, with attacks coming before arrests by law enforcement and, in some cases, appear to be a part of planting evidence on the devices of human-rights activists, lawyers and academics theregister.com
Vulnerabilities
- Log4J vulnerability scores ‘perfect 10’ amid nineteen security issues patched in latest SAP release zdnet.com
Double-whammy for mobile OS bugs this week:
- Zero-interaction remove escalation of privilege vulnerability patched in February’s Android 12 security update zdnet.com
- Remote code execution vulnerability in Apple’s WebKit fixed, with CISA urging US government organisations to patch quickly theregister.com
Cyber defence
- Microsoft Office update will block macros in documents downloaded from the internet arstechnic.com
- Decryption keys for Maze, Egregor and Sekhmet ransomware families have been released by someone claiming to be one of the developers techcrunch.com
- An employee of Volkswagen’s payments division was fired for raising concerns over potential fraud stemming from cyber security vulnerabilities (h/t Mario) ft.com
Security engineering
- Turn on the new _Virtual Machine Threat Detection (VMTD) feature in Google Cloud to automatically detect and block crypto mining operations therecord.media
- A logic flaw in DPD Group’s package tracking API allowed researchers from Pen Test Partners to view personal information of deliveries. The shipping reference alone was used to load a map of the delivery location, from which the postcode could easily be deduced bleepingcomputer.com
- Over 2,800 maintainers of almost 8,500 npm packages are using email addresses tied to domain names that have expired and are therefore open to hijacking, according to researchers from Microsoft and North Caroline State University therecord.media
Operational technology
- The infotainment systems in some Mazda’s near Seattle have been ‘bricked’ after a local radio station broadcast station information that included an image file with no extension. The ‘Connectivity Master Unit’ used the file extension to determine the file type, rather than the header of the file, and without it is unable to process the update, leaving the owner’s stereos in a loop. Dealerships are reporting that replacement units are needed — currently costing $1,500 each due to the global chip shortage! arstechnica.com
Privacy
- The Internal Revenue Service “will quickly develop and bring online an additional authentication process that does not involve facial recognition” following backlash at requirements to use the commercially available ID.me service arstechnica.com
- Apple is introducing extra warning messages to AirTags, reminding users that they are tied to their Apple ID and that this may be reported to law enforcement, to dissuade malicious use for stalking techcunch.com
- French data protection authorities say Google Analytics can breach GDPR. Commission Nationale de l’Informatique et des Libertés (CNIL) found the tool breached Article 44, which bans transfers of personal data to countries that don’t have equivalent privacy protections in place zdnet.com
Public policy
- The US’ Secure and Trusted Communications Reimbursement Program, which covers costs for smaller telcos ripping and replacing Chinese-made networking equipment by companies such as ZTE and Huawei, has received applications totalling $5.9 billion, almost 3x the $1.9 billion budgeted costs, 88% of which was being met by the taxpayer at a cost of $11 per person (vol. 3, iss. 36) theregister.com
- The Polish government has announced the formation of the Cyberspace Defence Forces within Poland’s army to carry out reconnaissance, defensive and offensive operations therecord.media
- The UK government has tabled legislation requiring sites hosting pornographic content to verify the identity of their users. The Online Safety Bill has been criticised for its potential to create large databases of personal information while not necessarily preventing children from accessing adult content ft.com
- The US Securities and Exchange Commission (SEC) voted 3-1 in favour of progressing proposals to tighten cyber security incident reporting, with notifications required from financial institutions within 48 hours cyberscoop.com
Law enforcement
- Russian authorities have arrested six people and seized the websites of four carding forums, used to buy and sell stolen payment card information. A comment in the HTML source of the seizure notice — ”Which of you is next? 👮” suggests more arrests to come bleepingcomputer.com, krebsonsecurity.com
- The US Department of Justice has announced the arrest of a New York couple for attempting to launder approximately 120,000 BTC, currently worth around $5 billion. The FBI and IRS Criminal Investigation Unit unravelled the pair’s activities that involved stolen identities, thousands of small-value transactions, and the deposit and withdrawal of funds at various darknet marketplaces. The cryptocurrency was stolen during the 2016 compromise of Bitfinex, a crypto exchange. The victims stand to make a heft profit after the forced-hold of their investment. Bitcoin is up over 3,000% since the Bitcoin was stolen. vice.com, ft.com, arstechnica.com
Mergers, acquisitions and investments
- Operational technology startup Shift5 closes $50 million Series B round to defend transport and vehicle networks techcrunch.com
- Mandiant financial results disappoint Wall Street while rumours swirl that Microsoft may try to acquire the threat intelligence and incident response firm zdnet.com
And finally
“You’ll enjoy today’s Wordle!”
Why yes, yes I did.
Wordle 239 1/6
🟩🟩🟩🟩🟩
Happy Birthday to ME! 🥳