This month’s news includes some fascinating discoveries, some interesting nation-state action against cyber criminals, and, of course, ransomware news. Read on to find out what we’re talking about this month.
FBI & MI5 Leaders Give a Warning on Spying
The head of the FBI and the head of MI5, a British intelligence agency, came together for the first time to deliver a warning on China. In their statements, the two directors say China is spying on companies, stealing technology that is crucial to the expansion and growth of a company within its industry, thereby undercutting the hard work to take advantage of that market to gain an economic advantage. The two directors warned they are running an exponential number of investigations into China, which is why they came together in an unprecedented way to deliver the message.
“This is important because it shows how worried the US and UK are about Chinese state-backed attacks aimed at stealing technology to take economic advantage. As we remarked in the past, deception technology can make a real difference with helping companies to detect such attacks at an early stage. Deception can even detect them before they occur, during the reconnaissance phase.” — Fernando, Founder
Source: The Guardian, July 7
North Korea State-Sponsored Cyber Actors Use Maui Ransomware
State-sponsored North Korean cyber actors are using Maui ransomware to attack the healthcare and public health sector. At this link, the Cybersecurity and Infrastructure Security Agency (CISA) creates a framework to help those in the healthcare and public health sector combat these actors, as well as including the TTPs and IoCs. According to the FBI, since May of 2021, there have been reports of Maui ransomware, which was used to lock servers owned by organizations in the healthcare industry. Read the post for tips on how organizations within this targeted industry can maintain their servers and mitigate future threats of ransomware attacks.
“The work that CISA, FBI, and other government entities do surrounding cyber threats is extremely important for the overarching cyber community and private sector as a whole. These alerts share credible Intel so organizations can properly defend against these cyber criminals. When you have real-time, tailored, actionable threat intelligence you are in a better position to take a proactive cybersecurity stance.” — Shunta Sanders, Head of Solutions Architecture - North America
Source: CISA, July 7
Almost Everyone Faced an Industrial Attack in The Last Year
According to CSO, Barracuda found that 94% of respondents have experienced some form of attack on their Industrial IoT or Operational Technology systems within the last year. Attackers quickly adapt and find new ways to attack systems, but organizations lack that same level of adaptation when they secure their systems, often showing a lack of cyber security protocols. Barracuda specifically points out the healthcare industry and the manufacturing industry; both of whom have very weak security protocols for attacks. The report mentions the Russian invasion of Ukraine as an example of how the critical infrastructure of countries becomes a strong attack vector.
“This article shows how prevalent attacks on IoT (IIoT) or operational technology (OT) are today. Deception technology can be deployed without having to deploy or install anything in production networks, so it’s a technology that is very well suited for this kind of network. It is able to aid not only with early detection of attacks but also deflecting attackers from real assets, which is especially important on this kind of system.” — The Leadership Team
Source: CSO, July 12
DARPA Is Worried About How Well Open-Source Code Can Be Trusted
Open source code is common in the world of software, but this article dives into its use in critical infrastructure components. Without governing organizations understanding exactly who is behind the open source code, or their intentions, this poses a huge risk. The Linux kernel that forms the background of so much modern software is open source, and it is exposed in ways that are just beginning to be understood. The article also details the new project of the US military research branch DARPA, SocialCyber. It is a collective of cyber researchers that will research the code and analyze the community around the Linux kernel to understand the ecosystem as a whole.
“Today, almost all companies rely in some way on open-source code. We have seen in the past how malicious actors have introduced backdoors in open-source projects, and this will happen in the future. Even if they can not prevent it from happening, critical infrastructure companies can make use of deception technology to mitigate the risk of being backdoored.” — Fernando, Founder
Source: Technology Review, July 14
Threat-Landscape of Financial Attacks
Virustotal offers interesting research here on how attackers move within financial institutions. The data acquired by Virustotal is via submission; they then analyze the data and depict the information in a manner that is useful for reference. This article, specific to the financial sector, features a pie chart of top malware families used by attackers and lists the most popular attack groups. The report notes that remote control utilities are commonly used in financial sector attacks as they seem to have exploits attackers can manipulate to their advantage. The concluding section discusses the outcomes of specific attacks.
“The insightful article sheds light on the most commonly used variants of malware targeted at the financial industry, and it’s safe to say this is just a sample. Many more pieces of malicious software have been used as well. Once again this article and articles like this underscore the importance of tailored, real-time actionable threat intelligence. The only way to defend against attackers.” — Shunta Sanders, Head of Solutions Architecture - North America
Source: Virustotal, July 21