This week’s Cyber Security Headlines – Week in Review, Jan 17-21, is hosted by Rich Stroffolino with our guest, Julie Tsai, Cybersecurity Leader
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com.
Microsoft discloses malware attack on Ukraine government networks
Microsoft said late Saturday that dozens of computer systems at an unspecified number of Ukrainian government agencies have been infected with destructive malware disguised as ransomware.The disclosure suggesting an attention-grabbing defacement attack on official websites was a diversion. The extent of the damage was not immediately clear. The disclosure followed a Reuters report earlier in the day quoting a top Ukrainian security official as saying the defacement was indeed cover for a malicious attack.
According to Ukraine’s deputy secretary of national security and defense council, this attack is attributed to the threat group known as Ghostwriter, which “is a cyber-espionage group affiliated with the special services of the Republic of Belarus.” The deputy secretary noted however that the group was using tools and methods similar to those used by Russia’s SVR spy agency.
(AP News, The Guardian, The Register)
How quick thinking stopped a ransomware attack from crippling a Florida hospital
CNN.com on Sunday carried a feature story about Jamie Hussey, IT director at Jackson Hospital in south Florida, which was recently hit by the Mespinoza ransomware. Hussey quickly realized that the charting software, which was maintained by an outside vendor, had been infected. The article describes his fast switch to “downtime procedures” meaning shifting staff to pen and paper while physically disconnecting the hospital’s electronic health records system from the rest of the computer network to check them for malicious code before reconnecting to the system. Although a story about a hospital being attacked is nothing new, the article shows how Hussey and his newly hired assistant – a cybersecurity graduate – took the reins to ensure a safe recovery for the hospital and its patients. “”Lock it down and piss people off,” he said, adding, “It’s what you have to do just to secure your network.” The article is available at CNN.com – do an internal search for Florida, hospital, ransomware, or check our link at CISOSeries.com.
(CNN)
Renewable energy targeted for cyber espionage
Security researcher William Thomas recently discovered a large-scale cyber espionage campaign targeting the renewable energy industry, active since at least 2019 and targeting over fifteen organizations. Large companies like Schneider Electric, Honeywell, Huawei and HiSilicon were hit, as well as several universities. This campaign used a custom “Mail Box” toolkit to deploy a phishing package, paired with compromised websites used to host phishing pages. The campaign appears to focus on collecting user logins. Activity indicates the Russian-linked APT FancyBear could be behind the campaign.
Microsoft Sees Log4j attacks exploiting SolarWinds Serv-U bug
Threat actors have weaponized a newly discovered bug in SolarWinds Serv-U file-sharing software to launch Log4j attacks against networks’ internal devices, Microsoft warned on Wednesday. SolarWinds issued a fix the day before, on Tuesday. The vulnerability, tracked as CVE-2021-35247, is an input validation flaw that could allow attackers to build a query, given some input, and to send that query over the network without sanitation, Microsoft’s Threat Intelligence Center (MSTIC) said.
Large-scale cyberattack hits the Red Cross
A cyberattack compromised personal and confidential data on more than half a million people helped by at least 60 Red Cross and Red Crescent organizations around the world, the International Committee of the Red Cross announced Wednesday. The organization said the exposed information belonged to highly vulnerable groups, including families separated by conflict. As a result of the attack, the ICRC temporarily shut down its “Restoring Family Links” program, which helps reunite families separated by conflict, disaster, or migrations. The ICRC is “working as quickly as possible to identify workarounds to continue this vital work,” according to a news release.
Thanks to our episode sponsor, Datadog
Hackers can grab stolen credentials using VirusTotal
SafeBreach researchers have found that the popular online service for analyzing suspicious files, URLs and IP addresses, can also be used to collect credentials stolen by malware. With a €600 VirusTotal license, the researchers managed to collect more than 1,000,000 credentials just by executing simple searches with a few tools. Common ways such files can end up in VirusTotal include hackers using VirusTotal to promote selling victim data or third parties, who have their environments configured to automatically upload files to VirusTotal to verify they are “clean”. The researchers noted, “Our goal was to identify the data a criminal could gather with a VirusTotal license,” and added that they have proven this method (dubbed “VirusTotal Hacking”) works at scale.
Beijing 2022 Winter Olympics app loaded with privacy risks
The official app for the Beijing 2022 Winter Olympics, dubbed ‘My 2022,’ was found to have numerous security and privacy issues, including the app’s encryption system leaving data susceptible to man-in-the-middle attacks. The app is also subject to censorship and has an unclear privacy policy which violates both Google and Apple’s guidelines, yet it is available in both of their stores. To top it all off, the app also violates China’s own privacy laws. Finally, the app collects a slew of sensitive personal information from both domestic and foreign users, all of which is shared with the Beijing Olympics Organizing Committee. All athletes, members of the press, and the audience will be required to install the app and add their personal information to it.
NATO and Ukraine sign deal to boost cybersecurity
The agreement comes after a series of cyberattack incidents in Ukraine and heightened tensions over Russia’s invasion. According to a statement from NATO’s Secretary-General Jens Stoltenberg, cybersecurity experts from NATO will be working together with Ukraine to confront the rising cyberthreats in the region. The new cybersecurity collaboration allows Ukrainian access to NATO’s malware information sharing platform along with enhanced cyber cooperation.
(CISOMag)