February was a month full of fascinating revelations and interesting data breaches. The effects of these breaches are wide-reaching and they have consequences in the real world, as we saw with the Florida water hack. Read on to find out what our group chats have been abuzz with this month.
The French version of Solar Winds comes to light, a multiyear hacking spree
The French security agency ANSSI announced that Sandworm, the Russian military hacking team, has stealthily hacked targets via Centreon, a popular IT monitoring tool. The hackers have been in place, undetected, for as long as three years, making this the French version of Solar Winds. The affected companies are mostly IT firms and web hosting companies, and several Centreon servers were compromised. Two different malwares were found on the servers, PAS and Exaramel.
“Centreon is a French company used by the majority of French companies. The Sunware group is targeting key specific companies used by large enterprises and governments. That’s really worrying, because perhaps there are other cases in other countries. The problem is that this group is very smart, they have been working for ages, and we don’t know how many companies have been compromised by this group. This could be just the tip of the iceberg. By using deception you can face these advanced groups.” — David, CEO & Founder
Source: Wired, February 15
Breached water plant employees failed the most simple security tests
A Florida water treatment facility was hacked by an intruder who tried to change the levels of lye in public drinking water using the electronic system. The computer that was hacked used an unsupported version of Windows with no firewall and shared the same TeamViewer password among its employees. Thankfully, other safeguards were in place to catch the change in levels, but the IT security was nowhere near where it needed to be.
“This is important because it was an internal threat on a critical infrastructure facility. This is one of the cases we aim to help deal with using deception technology. In this particular case the issue was something that should not have happened ever (critical infrastructure facilities should comply with at least some minimal security procedures that prevent this kind of issue). Reality, however, shows that there is still a lot of work to do to prevent even the easiest security issues that can be dangerous enough to risk human lives.” — Fernando, Founder
Source: Ars Tecnica, February 10
A global cyberattack scheme run by three North Korean military hackers comes to light
In this federal indictment from the US Department of Justice, three North Korean computer programmers were charged with with participating in a wide-ranging criminal conspiracy to conduct a series of destructive cyberattacks, to steal and extort more than $1.3 billion of money and cryptocurrency from financial institutions and companies, to create and deploy multiple malicious cryptocurrency applications, and to develop and fraudulently market a blockchain platform. These hackers have been called “the world’s leading bank robbers”, and their actions, including the cyberattacks on the entertainment industry in 2018, are now brought to light.
“This indictment is interesting because it talks about a group that was active for a long time, a group that is now directly accused of many things that we knew all along. This shows you that in the cyber world there are consequences, and criminal activities will be pursued and prosecuted. It’s worth a read.” — Member of the integration team
Source: US Department of Justice, February 17
CD Projekt ransomware hack severely disrupts work on Cyberpunk updates
CD Projekt Red, a Polish game developer famous for games like Cyberpunk 2077 and The Witcher series, has been attacked by ransomware threat actors. Devices were encrypted, but the company still has access to its backups. CD Projekt is refusing to pay the ransom demand. The attack was at first attributed to disgruntled gamers, but has since been linked to HelloKitty.
“This is another example of targeted ransomware attack. CD Projekt has been all over the news lately due to the issues with their infamous Cyberpunk 2077 game.” – Fernando, Founder
Source: ZDNet February 9
Researchers discover new malware from chinese hacking group
A “highly malleable, highly sophisticated” malware has been discovered by Palo Alto Network’s Unit 42 threat intelligence team. According to the team, the malware “stands in a class of its own in terms of being one of the most sophisticated, well-engineered and difficult-to-detect samples of shellcode employed by an Advanced Persistent Threat (APT).” Called BendyBear, it is linked to a state-backed Chinese hacker group and is likely designed to steal a target’s technology.
“This attack shows the evolution of the attackers. We can see they do everything possible to make their detection and analysis of their actions difficult. A really interesting read.” — Member of the integration team
Source: Palo Alto Networks February 9