Hello and welcome back to our blog. Here's some of the top cybersecurity stories we've been following in the last week.
We heard a lot about the Log4Shell vulnerability late last year. It was considered to be very significant and required immediate patching. Now we are learning that back in February, hackers with connections to the Iranian government broke into an unnamed U.S. government agency’s network. (Though the Washington Post reported it was the U.S. Merit Systems Protections Board.) The hackers utilized the Log4Shell vulnerability to install cryptocurrency mining software and compromise credentials. They initially gained access via an unpatched VMware Horizon server.
After the government of Moldova was impacted by a cyber intrusion last month, several prominent political figures have had their private conversations leaked. That is thanks to a newly registered website dubbed "Moldova Leaks". The leaked messages have caused an uproar, impacting the country's Minister of Justice Sergiu Litvinenco, and Dorin Recean, the country's Defense and National Security Advisor to the President.
To hack back or not? That is the question that was being considered after the recent massive attack on Australia's MediBank. In that incident millions of customer data was leaked. Now it appears there's going to be a cyber brawl! Late last week, Australian Minister for Cyber Security Clare O'Neil announced a taskforce to “hack the hackers” responsible for the MediBank incident. The taskforce involves 100 or so operatives to hunt down those responsible for the damaging attack. Is hacking back a good idea? The idea remains a much-debated topic.
In Canada, top grocery chain Sobey's is apparently still reeling from a major ransomware attack by the BlackBasta ransomware gang. The incident that began in early November has been plaguing its computer systems ever since. Workers from across the country say some stores have run short of items because orders cannot be placed as usual, while at others, food that had gone bad initially either piled up or was frozen because it couldn't be removed from the inventory system.
At a November 17th U.S. Senate hearing, the Secretary of the Department of Homeland Security (DHS) Alejandro Mayorkas said the most significant threat to U.S. ports are cyberattacks. During the hearing on “Threats to the Homeland,” Mayorkas said DHS is increasing the level of technology for ports, especially Customs and Border protection, and the U.S. Coast Guard.
Here is something that is not a surprise: ransomware attackers are taking advantage the weekends and holidays when there is a reduced security staff. A new report from Cybereason shows 44 percent of companies reduce security staffing over holidays and weekends by as much as 70 percent compared to weekday levels. 21 percent reduce staff by as much as 90 percent.
That's a wrap for the week. We'll return after the Thanksgiving break.
Top Global Security News
The Record (November 18, 2022) DHS Secretary: Cyberattacks are the most significant threat to port infrastructure
During a U.S. Senate hearing on “Threats to the Homeland,” Senator Jon Ossoff (D-GA) asked DHS Secretary Alejandro Mayorkas what the most significant threat to port infrastructure is.
“One of the concerns that we have is the cybersecurity threat to ports. We are increasing the level of technology by which our ports operate and that is why not only Customs and Border Protection have a focus on cybersecurity but so does the United States Coast Guard,” Mayorkas said.
“I would identify, with respect to our ports, cybersecurity, as a significant threat stream and we are of course very focused on defending against it and strengthening our cybersecurity.”
Cybernews (November 16, 2022) Government of Moldova shaken by big hack-and-leak operation
A weird newly-registered website called Moldova Leaks has been releasing damaging private exchanges of at least two prominent political figures in this small Eastern European country. The leaked Telegram conversations have caused a major political scandal.
At first, selected private conversations from Sergiu Litvinenco, Moldova's Minister of Justice, were leaked last week. Dorin Recean, the current Defense and National Security Advisor to the President and former Minister of Internal Affairs of Moldova, became the next victim this week.
The leaked messages caused a major political scandal in Moldova. Unsurprisingly, the pro-Russian political opposition parties present them as clear-cut evidence that Litvinenco was corrupt. They’re urging the Parliament to dismiss both him and Dragalin.
Cyberscoop (November 16, 2022) Iranian hackers use Log4Shell to mine crypto on federal computer system
Hackers with connections to the Iranian government broke into a U.S. government agency’s network in early 2022, utilizing a well-known flaw in an open-source software library to install cryptocurrency mining software and compromise credentials, federal cybersecurity officials said Wednesday.
By exploiting the Log4Shell vulnerability, the Iranian-backed hackers broke into an an unpatched VMware Horizon server in February and then used that access to move laterally within the network of an unidentified federal agency, according to Wednesday’s joint advisory from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation.
On Thursday, The Washington Post reported that the affected agency was U.S. Merit Systems Protection Board.
When the Log4Shell vulnerability was discovered late last year, security researchers warned that it would likely be exploited for years to come. Wednesday’s advisory, coming nearly a year after Log4Shell’s discovery, illustrates just how difficult it is to address software vulnerabilities in these widely deployed software packages.
Beta News (November 16, 2022) Companies caught off guard by holiday and weekend ransomware attacks
Ransomware attackers are exploiting the fact that organizations have fewer security staff available at weekends and holiday times in order to launch more devastating attacks.
A new report from Cybereason shows 44 percent of companies reduce security staffing over holidays and weekends by as much as 70 percent compared to weekday levels. 21 percent reduce staff by as much as 90 percent.
"Ransomware actors tend to strike on holidays and weekends because they know companies' human defenses often aren't as robust at those times. It allows them to evade detection, do more damage, and steal more data as security teams scramble to mobilize a response. Cybereason found that risk assessment is slower, it takes companies longer to assemble the team to fight the initial attack, which leads to slower remediation and recovery times," says Lior Div, Cybereason CEO and co-founder.
The Conversation (November 15, 2022) A new cyber taskforce will supposedly ‘hack the hackers’ behind the Medibank breach. It could put a target on Australia’s back
The Australian government is launching an offensive against cybercriminals, following a data breach that has exposed millions of people’s personal information.
On November 12, Minister for Cyber Security Clare O'Neil announced a taskforce to “hack the hackers” behind the recent Medibank data breach.
The taskforce will be a first-of-its-kind permanent, joint collaboration between Australian Federal Police and the Australian Signals Directorate. Its 100 or so operatives will use the same cyber weapons and tactics as cybercriminals use, to hunt them down and eliminate them as a threat.
Details on how the taskforce will operate remain murky, partly because it needs to keep this information away from criminals. But the fact remains that taking an offensive stance, while it could deter further attacks, could also put a big red cross on Australia’s back.
CBC News (November 15, 2022) Inside the turmoil at Sobeys-owned stores after ransomware attack
Employees of Empire Co., the parent company of Sobeys, have begun to speak out about the turmoil unfolding inside the grocery chain since a ransomware attack began plaguing its computer systems earlier this month.
Workers from across the country say some stores have run short of items because orders cannot be placed as usual, while at others, food that had gone bad initially either piled up or was frozen because it couldn't be removed from the inventory system.
Pharmacies were unable to fill new prescriptions for a week, customers cannot redeem loyalty points or use gift cards, and staff were concerned last week they wouldn't get paid because the payroll system is down.
Other Top Security News
FDA, MITRE Publish Updated Medical Device Security Incident Response Playbook - HealthITSecurity