City of London on high alert after ransomware attack
A suspected ransomware attack on A key supplier of trading software to the City of London appears to be a victim of a ransomware attack that is disrupting activity in the derivatives market. The company, Ion Cleared Derivatives, released a statement on Tuesday describing a “cybersecurity event” that had affected some of its services. Other reports suggest that 42 clients were impacted by the attack. ICD’s software plays a key role in derivatives trading around the world. The attack has been linked to the LockBit group which recently caused major disruption to the Royal Mail.
Watchdog warns that FDIC fails to test banks’ cyberdefenses effectively
According to its own watchdog agency, The Federal Deposit Insurance Corp. is falling short in monitoring cyber risk at the financial institutions it regulates. A report issued in Wednesday from the FDIC’s Office of Inspector General (OIG) “identified major deficiencies in the agency’s IT and cyber risk assessment program, which is known as InTREx.” In its report, the organization’s watchdog found that information used in InTREx was outdated, and that in some cases agency examiners were not completing tests. In addition, the study found that staff were not being kept abreast of latest cyberthreat updates, and that no training for examiners was offered to reinforce InTREx procedures. According to the OIG, unclear procedures have also led to InTREx examiners failing to file exam work papers properly.
UK IT leaders believe foreign states are already using ChatGPT maliciously
“Most IT leaders in the UK believe that foreign states are already using the ChatGPT chatbot for malicious purposes against other nations.” This comment, quoted in CSOOnline is, according to a new study from BlackBerry, which surveyed 500 UK IT decision makers. 60% of respondents do see ChatGPT as being used for “good” purposes, 72% are “concerned by its potential to be used for malicious purposes when it comes to cybersecurity.” Almost half (48%) of respondents predicted that a successful cyberattack will be credited to the technology within the next year, likely through enhanced phishing and business email compromise (BEC) scams.
Experts warn of two flaws in popular open-source software ImageMagick
These flaws could potentially lead to information disclosure or trigger a DoS condition. ImageMagick is a free and open-source software suite for displaying, converting, and editing raster image and vector image files. The vulnerability, labeled CVE-2022-44267 can be triggered when parsing a PNG image with a filename that is a single dash (“-“). When the software parses a PNG image (e.g., for resizing), the resulting image could have embedded the content of an arbitrary remote file.
Thanks to this week’s episode sponsor, Hunters
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage
According to an article in CSOOnline, state-sponsored APTs are “increasingly using ransomware-like attacks as cover to hide more insidious activities.” Sandworm, for example, “used ransomware programs to destroy data multiple times over the past six months while North Korea’s Lazarus group used infrastructure previously associated with a ransomware group for intelligence gathering campaigns.” Some of these activities are intended to destroy data as a sabotage operation, especially in response to countries and companies that ally themselves with Ukraine. Other APT groups use TTPs as false flag operations for cyber espionage. A recent attack campaign attributed to BianLian ransomware group revealed that it was actually an intelligence gathering operation by North Korean state-sponsored Lazarus group that targeted public and private research organizations from the medical research and energy sectors, as well as their supply chain.
Microsoft Edge is getting split screen mode
Microsoft Edge is offering a new “split screen” feature that allows users to view two websites in one window by splitting tabs across the screen. This is apparently part of an internal Edge project codenamed “Phoenix,” and is available behind an experimental flag “Microsoft Edge Split Screen” in Edge Beta, Dev, and Canary builds. Tapping on the toolbar’s new “split tabs” button will show your currently opened page on the left side and a list of all your open tabs on the right side. Clicking on any item in this list will fill the right side panel with that selected page.
Researchers uncover packer used by malware to evade detection for 6 years
TrickGate has been successfully operating for over six years, helping threat actors deploy malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil. “TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes periodically,” Check Point Research’s Arie Olshtein said, calling it a “master of disguises.” Offered as-a-service since at least late 2016, TrickGate helps conceal payloads behind a layer of wrapper code in an attempt to get past security solutions installed on a host. Packers can also function as encrypters by encrypting the malware as an obfuscation mechanism.
British government minister told council to keep quiet after ransomware attack
“An unnamed British government minister told the leader of a local borough council to keep quiet about the impact of a “catastrophic” ransomware attack two years ago, a parliamentary committee was told on Monday.” This according to The Record. The country’s Joint Committee on the National Security Strategy is holding an inquiry into whether the United Kingdom’s national security strategy is effectively addressing the threats posed by ransomware. It was told that in this instance, a minister from central government told Mary Lanigan, the leader of the borough council, “Whatever it is, we’ll meet the cost,” although they ultimately failed to do so — costing the council about £7 million ($8.6 million) — millions in excess of the cash it held in reserve. The attack, attributed to the Conti ransomware group occurred in January 2020. She continued, “We were advised not to go into a great deal of depth about what had happened. The public knew that we’d been hit with a ransom attack, but not how serious that was.”