Info@NationalCyberSecurity
Info@NationalCyberSecurity
0

TeamViewer abuse, ransomware hidden costs | #ransomware | #cybercrime


Cyber Security Headlines: Week in Review (January 22 - 26, 2024) with guest Mike Kelley, vp, CISO, The E.W. Scripps Company

This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Mike Kelley, vp, CISO, The E.W. Scripps Company

Here are the stories we plan to cover TODAY, time permitting. Please join us live at 12:30pm PT/3:30pm ET by registering for the open discussion on YouTube Live.

TeamViewer still being abused to breach networks in new ransomware attacks

According to security firm Huntress, the popular remote access tool TeamViewer is still being used by ransomware actors to break into the endpoints of organizations to deploy encryptors. Bleeping Computer points out that the techniques have not changed much since a 2016 attack in which the Surprise ransomware was successfully deployed after threat actors used a credential stuffing attack. TeamViewer, in a statement, reminded customers and the media that, most instances of unauthorized access involve a weakening of TeamViewer’s default security settings through the use of easily guessable passwords which is only possible by using an outdated version of their product. The company stresses the need for complex passwords, two-factor authentication, allow-lists, and regular software updates.

(Bleeping Computer and Huntress)

Ransomed schools reveal a hidden cost of ransomware: mold

One of the lesser discussed but still serious outcomes of a ransomware attack was revealed last month when the Pawtucketville Memorial Elementary School of Lowell, MA, released its indoor air quality assessment, prepared by the Massachusetts Department of Public Health. Mold growth in the elementary school caused a delay in its opening due to “conditions that appear to have to have been brought on this past summer by a combination of lack of heating, ventilation, and air conditioning (HVAC) system controls, due to a cyberattack of the City of Lowell’s computer systems.” This is just one of a number of schools that have suffered structural and environmental damage due to ransomware. Others, including in a school district in Ohio were forced to cancel classes due to a TrickBot infection that required the re-imaging of 1,000 computers and laptops.

(Lowell, MA and ZDNet)

Australia sanctions REvil hacker behind Medibank data breach

Australia announced Tuesday, that it will leverage its new cyber sanctions against a Russian national allegedly responsible for the 2022 hack of Australian health insurance provider, Medibank. Aleksandr Gennadievich Ermakov, who is believed to be a member of the REvil ransomware group, leaked personal health information of nearly 10 million Medibank customers. Australian authorities worked with international partners to tie Ermakov to the hack. While Ermakov’s arrest is unlikely, Australia’s new sanctions (introduced in 2021) allow Australia to impose travel bans and asset freezes. Those who attempt to provide assets to Ermakov could also face imprisonment and heavy fines. Australian authorities are confident that simply naming Ermakov will cause significant harm to his cyber operations. The United States and United Kingdom also announced sanctions against Ermakov.

(Bleeping Computer and The Guardian)

X adds support for passkeys on iOS 

X, formerly Twitter, announced Tuesday that it will support the use of passkeys, which offer users a more secure login method than traditional passwords. Passkeys have already been adopted by Apple iOS  and by Google as well as a number of high-profile apps including PayPal, TikTok, and WhatsApp. Passkey technology uses biometric authentication like Face ID or Touch ID, a PIN, or a physical security authentication key to validate login attempts, therefore combining the benefits of two-factor authentication (2FA) into a single step. X’s move comes on the heels of high-profile Twitter account hacks including that of the U.S. Securities and Exchange Commission. 

(TechCrunch)

Thanks to today’s episode sponsor, Conveyor

Conveyor, the security questionnaire automation software known for generating the most accurate AI answers to questionnaires is launching a much-requested feature.
Conveyor’s AI can now use uploaded security documents like a SOC 2 and security policy whitepapers to auto-generate precise answers to entire questionnaires in seconds.
See why customers like Lucid and Carta are raving about the software and try the AI yourself in a free proof of concept at www.conveyor.com.

Brits warn of the AI impact on ransomware

The UK’s National Cyber Security Centre published an assessment maintaining it was “almost certain” new AI tools would cause an increase in ransomware attacks, with an uneven benefit to threat actors. The NCSC said it used academic material, open source tools, industry insight and classified intelligence for this finding. Right now the agency said AI tools assist with reconnaissance and social engineering, but likely will extend to malware development and vulnerability detection. The assessment believes only highly resourced threat actors will see the benefit of AI tools, and likely not see this impact ransomware attack volume until 2025. 

(The Record)

Watch for increasing sophistication from threat actors, says Experian

Experian’s 11th annual Data Breach Industry Forecast includes six predictions that they suggest will cause even more excitement in the cybersecurity industry this year. In short, these are the expansion of third-party vendor breaches will extend to fourth, fifth and even sixth party breaches, manipulating tiny bits of data such as transportation coordinates to cause chaos, attacks on supply chains for rare earth materials, and insider activities such as learning stock market insights early to earn cash in through legitimate markets. A link to the report is available in the show notes to this episode.

(ITSecurityGuru.org and Experian’s 11th annual Data Breach Industry Forecast)

Cybersecurity startup funding down 50%

New figures from Crunchbase show that cybersecurity startups saw a big dip in funding, pulling in $8.2 billion in 2023, the lowest total since 2018. That’s down 50% on the year and down 65% from 2021. YL Ventures senior partner Ofer Schreiber characterized this as a come down from bloated valuations in 2021. Analysts also noted that interest in the market remains high and could see significantly more investment this year, as firms look for security solutions around AI. 

(Crunchbase)

Thailand court attempts to suppress data leak

The operator of the site 9near [dot] org announced on an illicit forum that it held a data set on over 55 million people in Thailand. This data included names, ID card numbers, phone numbers, and birthdates. If all of these prove unique individuals, that would mean data on about 83% of the country’s population. The criminal court of Thailand ordered a block placed on the site. Resecurity analysts passed on a report that the country’s Rural Doctors Society suspected the leak originated from the Public Health Ministry’s Immunization Centre. 

(Resecurity)

CISA boss targeted in “harrowing” swatting attack

CISA Director Jen Easterly has confirmed she was the subject of a swatting attempt on December 30 after a bogus report was made of a shooting at her home. Swatting involves a serious crime being falsely reported, causing heavily armed law enforcement officers to rush to the scene. These hoaxes are not only intimidating for victims but, in some cases, have turned deadly. Easterly described the incident as “harrowing” and added that harassment of public officials, including swatting incidents and personal threats, has become a troubling trend in recent years. CISA declined to answer questions about who was behind the crime or why Easterly was targeted.

(The Register and Dark Reading)



Source link

National Cyber Security

FREE
VIEW