Ransomware victim trolls hackers with obscene pics
Following up on a story we brought to you last week on Cyber Security Headlines, the Bank of Zambia made it clear after suffering a ransomware attack at the hands of the Hive operation, that they were not planning to pay. In response to the attack, the bank posted a picture of male genitalia along with a statement, suggesting the hackers should, “suck this [explicative] and stop locking bank networks thinking that you will monetize something.” While some speculated that the obscene picture and message were posted by another threat actor, a Bank of Zambia official confirmed that the bank had indeed posted it. Hive claimed to have encrypted the bank’s Network Attached Storage (NAS) device, but the bank indicates it has successfully restored its systems.
CISOs list top cyber threats to enterprises in 2022
The 2022 Voice of the CISO report from Proofpoint surveyed 1,400 CISOs from 14 countries to get their perspectives about threats facing their organizations in the coming year. Insider threats, whether malicious or unintentional, ranked as the top concern among CISOs, followed by distributed denial-of-service (DDoS) attacks, which have rapidly increased in frequency in recent years. Email fraud and business email compromise ranked third due to employees remaining a top target of threat actors and cloud account compromise rounded out the top four concerns for CISOs.
YouTube removes more than 9,000 Ukraine war-related channels
YouTube has taken down more than 70,000 videos and 9,000 channels related to the war in Ukraine for violating content guidelines. Examples include the take down of the channel of pro-Kremlin journalist Vladimir Solovyov and suspending Russia’s Ministries of Defence and Foreign Affairs ability to upload videos for describing the war as a “liberation mission”. YouTube has an estimated 90 million users in Russia, where it has been able to continue operating, despite cracking down on pro-Kremlin content. However, the company no longer allows advertising on the platform in Russia, which has drawn protest from some who say well-targeted ads can help counteract Kremlin propaganda.
Bing censoring searches for politically sensitive Chinese names
According to a report from Citizen Lab, the autofill system in Microsoft’s Bing search engine, which offers guesses at what users are searching for, fell silent with respect to names the Chinese government deems sensitive, with examples including President Xi Jinping and deceased human-rights activist Liu Xiaobo. Last year, Microsoft suspended the autofill feature in China to comply with Chinese laws, but the report provides new evidence that censorship in China could influence search results in the US and Canada. Microsoft chalked the issue up to a technical error, adding that autofill suggestions are driven largely by user behavior, and not seeing results doesn’t necessarily mean those results have been blocked.
(WSJ)
Thanks to today’s episode sponsor, Optiv
– An introduction to Zero Trust
– An overview of Optiv’s Zero Trust principles
– How to visualize your Zero Trust journey and place it in the proper context
Catch Jerry’s Zero Trust crash course or learn more by going to www.optiv.com/zerotrust.
Pro-Russia cyberattacks take aim at Italian targets
According to Italian police, cyberattacks by Kilnet, a pro-Russia hacking group, have targeted the televised global singing competition called Eurovision. Authorities claim Kilnet leveraged distributed denial-of-service (DDoS) attacks on Eurovision during the competition’s two semi-final rounds, as well as the final round on May 10. The Italian police reported that their security operations center (SOC) was able to successfully neutralize the attack. Kilnet, however, claimed via their Telegram channel that they were not responsible for the Eurovision attack, but added that they had disabled the Italian state police’s website, which remains inaccessible. Kilnet also declared “war” on the agency as well as ten countries including Italy, the US, the UK, Germany, Ukraine, Poland, Latvia, Romania, Lithuania and Estonia.
PDF smuggles Word doc to drop keylogger malware
Researchers from HP Wolf Security have discovered a new malware distribution campaign that uses a PDF attachment to hide malicious Word documents. Using a PDF is an unusual tactic, as most nefarious campaigns leverage DOCX or XLS email attachments laced with malware-loading macro code. In the campaign observed by the researchers, the PDF is named “Remittance Invoice” and, once opened, users encounter a dubious DOCX file named “has been verified.” Once clicked, a victim machine with macros enabled, will run shellcode that exploits a years-old, but still exploitable RCE bug in Equation Editor (CVE-2017-11882) to run Snake Keylogger, a powerful and evasive info-stealer.
Last week’s ransomware roundup
Last week’s ransomware victims include the Chicago Public School district, which reported on Friday that it suffered a massive data breach, exposing the data of nearly 500,000 students and 60,000 employees after their vendor, Battelle for Kids, suffered a ransomware attack back in December. According the district, it partners with Battelle to upload student course information and assessment data for teacher evaluations.
Additionally, Japanese-based media company Nikkey, the world’s largest financial newspaper, disclosed last week that ransomware infected one of its servers at a Singapore branch. The server likely contained customer data, but authorities are still investigating the extent of the attack.
(Bleeping Computer and Security Affairs)
White hat hackers awarded over $1.1 million at Pwn2Own Vancouver
During the 15th annual Pwn2Own Vancouver hacking competition, which is organized by Trend Micro’s Zero Day Initiative (ZDI), 17 contestants attempted to exploit 21 targets across multiple categories. Highlights include three white hat hackers demonstrating escalation of privilege exploits in Microsoft Windows 11 leveraging integer overflow, improper access control, and bugs in a use-after-free version of the OS. Another participant demonstrated a use-after-free exploit on Ubuntu Desktop. Each of these hackers earned $40,000 with Trend Micro and ZDI awarding a total of $1,155,000 during the competition.