Google Play now blocks paid app downloads, updates in Russia
The block, from the Google Play Store, starts Thursday due to sanctions. Russian developers can still publish and update free apps, with users still allowed to download them from the store. However, all updates to paid apps will be automatically blocked. While users can no longer pay for subscriptions, Google suggests that developers can grant subscription billing grace periods and free trials.”
NIST releases updated guidance for defending against supply-chain attacks
Titled the “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations,” the guidance from the National Institute of Standards and Technology details the risks at all levels of the organizations, it provides information about major security controls and practices that organizations should adopt to identify, assess, and respond to these threats. The document includes warnings such as the need for diligence towards devices that may have been designed in one country with its components manufactured across multiple countries worldwide, resulting in a dramatic enlargement of the surface of attacks for organizations.
US State Department offering $10 million reward for information about Conti members
In addition to this reward which is for any information that leads to the identification or location of people connected to the notorious Conti ransomware gang, an additional $5 million reward is also being offered for any information that leads to the arrest or conviction of a Conti member. In a statement on Friday, State Department spokesman Ned Price said the group has been behind hundreds of ransomware attacks over the last two years. Specifically, as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti Ransomware variant the costliest strain of ransomware ever documented,” Price said.
Caramel credit card stealing service is growing in popularity
The new service was discovered by Domain Tools, which states that the platform is operated by a Russian cybercrime organization named “CaramelCorp.” This service supplies low-skilled threat actors with a skimmer script, deployment instructions, and a campaign management panel. The service only sells to Russian-speaking threat actors, using an initial vetting process that excludes those using machine translation or are inexperienced in this field. A lifetime subscription costs $2,000, and promises Russian-speaking hackers full customer support, code upgrades, and evolving anti-detection measures.
Thanks to our episode sponsor, Datadog
Built on top of the observability platform, Datadog brings unprecedented integration between security and devops aligned to shared organizational goals.
Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/
Cryptocurrency regulators are scrambling to catch up with hackers who are swiping billions
2022 is already a banner year for hackers and fraudsters who have swindled more than $1 billion from cryptocurrency investors, according to separate estimates by cryptocurrency analysis firm Immunefi. The U.S. Securities and Exchange Commission, which has positioned itself as the industry’s main regulator and enforcer, will be doubling its staff, meanwhile other agencies including the Commodity Futures Trading Commission and individual states like New York have also ramped up enforcement of regulations applicable to the industry. One point of scrutiny, they agree upon, is cybersecurity.
US agricultural machinery manufacturer AGCO suffers a ransomware attack
AGCO, a worldwide manufacturer and distributor of agricultural equipment, has announced that a ransomware attack has impacted some of its production facilities. AGCO did not provide any details about the attack, and is still investigating the extent of the security breach. They state the incident will affect business operations for several days and potentially longer before they fully resume all services. The FBI recently warned food and agriculture sector partners about increased ransomware activity aimed at disrupting the growing season.
Crypto muggings: thieves in London target digital investors by taking phones
Crypto-mugging is a new form of crime that involves thieves physically taking smartphones out of the hands of victims and then using the phone’s crypto apps to initiate transactions, removing crypto assets from the victim’s accounts. Numerous victims in London are coming forward with stories of being physically forced to unlock their smartphones using facial recognition or their own fingerprints. David Gerard, the author of Attack of the 50 Foot Blockchain, a book on digital currencies, points out that cryptocurrency transfers are irreversible, unlike a bank transfer, making this type of crime more attractive to thieves.
Last week’s ransomware roundup
- Ransomware operations continue to evolve, with new groups appearing and others quietly shutting down their operations or rebranding as new groups.
- This was seen this week, with Advanced Intel CEO Vitali Kremez disclosing yesterday that the Conti brand, not the organization itself, was shutting down. However, this does not mean that the threat actors themselves are retiring.
- REvil, or at least some of its members, appear to have relaunched the operation after a sample of their encryptor was found.
- In research-related news, a security researcher discovered DLL hijacking vulnerabilities in ransomware operations and releasing DLLs that can be used to terminate the encryptors before they begin encrypting files. These include Conti, the revived REvil, the newcomer Black Basta, the highly active LockBit, or AvosLocker.
- This week, other research released is from Trellix, who reported that various ransomware operations are linked to North Korean government hacking groups, including the notorious Lazarus gang.
- Attacks we saw this week include using fake Windows 10 updates to distribute Magniber ransomware and the previously-mentioned attack on AGCO, a US agricultural machinery maker.