Welcome back to our weekly security news wrap-up.
First up, the biggest story of the week wasn’t a cybersecurity incident per se, but it sure had worldwide attention! I’m talking about Monday’s Facebook outage which also affected Instagram and WhatsApp.
There were many theories about exactly what happened. Naturally, given the rash of ransomware attacks it certainly seemed plausible that Facebook was a victim of such an incident. However, in the end, it was a network routing-configuration gone wrong that caused chaos. There were a lot of laughs around the world about what people would do without FB and its other sites. But outside of the US it was a very different story. Turns out, in other parts of the globe, WhatsApp is used for texting and phone calls by businesses. So, the outage had a true business impact for what could be many thousands of companies.
According to cybersecurity research group Mandiant, the Russian-speaking cybercriminal gang “FIN12” is disproportionately using ransomware attacks to target hospitals and healthcare groups across North America. Mandiant says FIN12 has been around since at least 2018 and targets US organizations with revenues of over $300 million. In addition to hospitals and healthcare groups, other victims have included groups in business services, education, finance, government, manufacturing, retail, and technology.
Attacks on US grain distributors are still taking place with a third company attacked in recent weeks. All are the victims of ransomware attacks and are midwestern grain cooperatives that purchase grain from farmers, and then process, store, and resell it for uses like livestock feed and fuel. Like the JBS meat processing attack which took place in the spring, the attacks on grain distributors could certainly impact the US food supply chain. The fact that the fall is busy harvesting season for farmers only makes these incidents even more concerning.
An anonymous hacker attacked Amazon.com’s video game streaming platform Twitch and then leaked data that includes not only their source code, but a spreadsheet detailing earnings for the platform’s top gamers. The earnings are popping! Some of Twitch’s top earners reached $9.6 million!
Also, this week, the US Department of Justice issued a new Civil Cyber-Fraud Initiative. The initiative calls for government contractors to be held accountable in civil court if they don’t report a breach or fail to meet required cybersecurity standards. The DoJ launched the effort to combat digital threats to sensitive information and critical systems stemming from collaborators of federal agencies.
That’s all for this week. Wishing everyone a great but cyber-safe weekend!
Top Global Security News
The Hill (October 7, 2021) Russian-speaking hacking group scaling up ransomware attacks on hospitals
"A Russian-speaking cyber criminal group is disproportionately using ransomware attacks to target hospitals and healthcare groups across North America as the COVID-19 pandemic continues, according to new research released Thursday.
Cybersecurity group Mandiant labeled the group “FIN12” as part of a report detailing the group’s activities, with Mandiant noting that it has been in existence since at least 2018, but was increasingly hitting organizations in North America with annual revenues of over $300 million with ransomware attacks. Many of these companies made even more, with the average annual revenue of North American groups targeted at just under $6 billion.
According to Mandiant, one in five of FIN12’s victims were healthcare groups, many of which operate hospitals, while other victims have included groups in business services, education, finance, government, manufacturing, retail, and technology."
NBC News (October 7, 2021) Ransomware hackers find vulnerable target in US grain supply
"At least three U.S. grain distributors have been infected with ransomware in recent weeks, raising concerns that hackers have found an easy target in a vital part of the US food supply chain.
All three known victims are midwestern grain cooperatives that buy grain from farmers, and then process, store, and resell it for uses like livestock feed and fuel. The attacks, where organized cybercriminals lock up an organization’s computers and demand a ransom for a program to unlock it, has slowed the distributors’ operations, hampering their ability to quickly process grain as it comes in.
The timing is particularly bad, said Charles Hurbugh, head of Iowa State University’s Grain Quality Laboratory.
'We’re going into harvest, and right now is when they’re taking in a large amount of grain and putting out a large amount of grain,' Hurbugh said. 'It’s a real nasty situation.'"
TIME (October 6, 2021) Twitch Hack Reveals How Much Its Top Game Streamers Make
"An anonymous hacker attacked Amazon.com’s video game streaming platform Twitch and earlier today leaked a trove of critical data including Twitch’s source code and a spreadsheet detailing earnings for the platform’s top gamers.
Leaks on the social media platform 4Chan, popular among conspiracy theorists and gamers, claim to include the entirety of the platform’s Twitch.tv streaming history and an Amazon Game Studios product, still under development, designed to challenge Valve’s dominant Steam storefront. Bloomberg has reported previously on Amazon’s plans for a digital game store.
The leak also offers a glimpse into the wealth generated in the gaming sub-industry. A document listing Twitch’s top earners shows gross earnings since 2019 reached $9.6 million for the platform’s top account, 'CriticalRole.' The account, a set of voice actors, according to their Twitch page, generated an average of $370,000 a year, according to the document. The list points to 13 accounts that have made more than $108,000 a year and at least 80 who’ve collected more than $1 million since 2019."
Bleeping Computer (October 6, 2021) U.S. govt to sue contractors who hide breach incidents
"Under the new Civil Cyber-Fraud Initiative that the U.S. Department of Justice announced today, government contractors are accountable in a civil court if they don’t report a breach or fail to meet required cybersecurity standards.
The initiative gives the DoJ the necessary leverage to fight digital threats to sensitive information and critical systems stemming from collaborators of federal agencies.
Deputy Attorney General Lisa O. Monaco said that the initiative allows the DoJ to pursue government contractors that keep silent about a breach incident or don’t comply with cybersecurity standards."
PC Mag (October 5, 2021) Facebook's Outage Was No Laughing Matter Outside the US
"Across the US, it was easy to joke about the productivity boost allowed by seven hours without the distraction factors of Facebook and Instagram, a company-wide meltdown that outside experts suggested and then Facebook reported was the fault of a network routing-configuration change gone epically wrong.
But the lengthy outage left a much bigger dent in places where WhatsApp doesn’t occupy a distant third place in Facebook’s trinity of social apps. Which is to say, a large part of the globe outside the United States.
'In much of the world, WhatsApp is synonymous with texting and phone calls,' tweets PCMag's Jill Duffy, author of the upcoming book Everything Guide to Remote Work. 'In much of the world, everyone uses WhatsApp, including businesses, to conduct everyday business.'”
TechRadar (October 5, 2021) President Biden wants to kill off ransomware for good
"The US will convene a meeting with its NATO allies and G7 countries this month with the sole intention of addressing the threat of ransomware, President Joe Biden has shared.
This month, the United States will bring together 30 countries to accelerate our cooperation in combating cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, and engaging on these issues diplomatically, said President Biden in a statement.
While ransomware has been one of the major sources of digital disruptions for the past few years, the cybercriminals have taken undue advantage of the loopholes that appeared as businesses migrated to remote working in response to the global pandemic."
SearchSecurity (October 4, 2021) 2 suspected ransomware operators arrested in Ukraine
"Two suspected members of an unnamed ransomware gang have been arrested in Ukraine.
The coordinated operation involving the French National Gendarmerie, the Ukrainian National Police, the FBI, Europol and Interpol led to two arrests Tuesday, along with the seizure of $375,000 in cash. Additionally, the joint effort resulted in the takedown of luxury vehicles worth over 200,000 in euros, but more importantly, it led to the asset freezing of $1.3 million in cryptocurrencies, which are commonly used in ransom demands.
While the Europol statement, released Monday, referred to the suspects as "two prolific ransomware operators known for their extortionate ransom demands" it does not reveal the name of the ransomware gang. Europol did not respond to a request for comment at press time.
Europol estimated the demands between five and 70 million in euros. Those numbers have become common as ransom demands continue to increase. For example, REvil demanded $50 million during an attack against PC manufacturer Acer in March."