Microsoft expands program to fill cyber skills gap
Last year, Microsoft began a cybersecurity skilling initiative in the US in partnership with 135 community colleges as part of an effort to grow cybersecurity talent and diversify the industry. This week, the company expanded the initiative to 23 additional countries, including Australia, Brazil, Canada and India. Microsoft will work with local schools, nonprofits, government and businesses to develop localized programs. In these new markets, Microsoft found that on average, only 17% of the cybersecurity workforce is female. Microsoft said it expects there to be 3.5 million cybersecurity jobs open globally by 2025.
(Protocol)
Cyber Crime Losses Up 64% in 2021
According to the FBI’s annual Internet Crime Report, reported losses from cyber crime increased over $2 billion on the year to $6.9 billion, while crime complaints are up 7% from 2020. The report found phishing, non-payment schemes, and personal data breachers the most commonly reported crimes. Business email compromise scams accounted for a third of all losses, followed by investment scams and romance scams as the most prominent. Unlike 2020, the FBI did not break out COVID-19 related criminal activity, which saw 28,500 complaints in that year.
(CNET)
Microsoft confirms Lapsus$ breach
Microsoft confirmed that a threat actor it referred to as DEV-0537, compromised “a single account” and stole some source code, although said it was not severe enough to elevate risk to users. The company claims it detected and shutdown the attack before Lapsus$ could exfiltrate all source code around Bing and Cortana. According to Microsoft’s Threat Intelligence Center, an analysis of the attackers shows that they “gain elevated access through stolen credentials that enable data theft,” often resulting in extortion. Lapsus$ appears to operate as a “cybercriminal actor motivated by theft and destruction.”
Israel blocked Ukraine from accessing NSO spyware
The Washington Post’s source say Israel’s Defense Exports Controls Agency rejected a license that would have allowed NSO Group to offer its Pegasus spyware to Ukraine. The exact timing of this rejection is unclear, although some sources believe it dates back as far as 2019. Sources also say that Estonia had its license for Pegasus revoked by the agency. Both moves are believed to keep NSO’s software licensing in line with Israel’s national diplomatic priorities, specifically about not provoking Russia.
(WaPo)
Thanks to our episode sponsor, Varonis
A look at ransomware attack speeds
How much time do you have to mitigate a ransomware attack once encryption begins? According to Splunk’s “An Empirically Comparative Analysis of Ransomware Binaries” report, about 43 minutes on average. This study looked at 10 ransomware families, looking at the speed it took to encrypt 100,000 files, about 53GB of data. There was a wide variance in this average however. LockBit came out on top, encrypting the files 86% faster than the average, in about 4 minutes. The slowest variant was Mespinoza, which took over 200 minutes to do the same. The report said with such a wide variance, organizations should focus security efforts on prevention and spotting signs of compromise, rather than assuming they can stop encryption already underway.
Ain’t no sunshine for Russia’s weather data access
The European Organization for the Exploitation of Meteorological Satellites called a special council of member states this week, and agreed to suspend licenses of Russian users, cutting off access to Western weather data. The council also suspended a bilateral cooperation agreement with Russia’s meteorological agency. The concern here is that this data could be used to coordinate biological or chemical weapons attacks against Ukraine. Upon the invasion of Ukraine in February, Russia was already cut off from data from EU satellites. This action suspends sharing of meteorological observations.
Hackers target hackers with malware
Researchers at ASEC spotted offers for commodity clipboard stealer malware on forums, posing as cracked versions of BitRAT and Quasar RAT. Clicking on either in the forum took users to an Anonfiles page, which provided a RAR archive to build the malware. Instead the archive contained an installer for ClipBanker, which executed upon reboot. This looks for cryptocurrency wallet targets, and pastes them into a hardcoded wallet. Researchers at Cyble found a similar scheme on a hacking forum, with the address receiving 1.3 Bitcoin from 422 hijacked transactions.
More like network attacked storage, amiright?
Researchers at Censys found that the beleaguered network attached storage devices from QNAP are once again under attack from Deadbolt ransomware. The latest wave of attacks began in mid-March, ramping up from 373 infections on March 16th to 1146 on March 19th. QNAP hardware came under similar attacks back in January, which resulted in QNAP releasing an out-of-band update that included some officially unsupported hardware. This new campaign appears targeted at a more recent version of the Linux kernel found on newer QNAP releases, indicating its more than just a copycat. Once encrypted, the attackers ask for 0.03 Bitcoin to unlock a device, or will release a master key for the princely sum of 50 bitcoin, about $2 million.