Another day, another security list.
Navistar, maker of trucks and military vehicles, was breached and data stolen in an incident on May 20th. This was disclosed via filing with the SEC, and the company says operations were not affected.
An older form of phishing has re surfaced – Agent Tesla, first noted in 2014, has apparently been updated, and is being seen used to procure data. Noted as a low cost ransomware – as low as $15 a license – the authors offer 24/7 technical support too.
On the good news front, the Department of Justice has recovered most of the $4.4 Million dollar ransom paid by Colonial Pipeline. Law enforcement recovered the private key of the DarkSide bitcoin wallet and recovered 63.7 Bitcoins of the roughly 75 bitcoin paid. The activities of ransomware gangs are so extensive it is expected to be an issue raised by President Biden with Russian President Putin in Geneva at a meeting this month.
The DOJ also announced the arrest of a Latvian national behind “TrickBot”, and specifically cite the collaboration between public and private entities.
Of course… it can’t all be good news. A new password breach reported by CyberNews, which says 8.4 billion passwords were just released on a hacker forum. This is likely a rollup of other breaches, and could be the largest collection yet.
Also of note, it isn’t just old technology under assault. There’s malware being reported by researchers as the first to target Windows containers within Kubernetes clusters. Dubbed Siloscape, it’s designed to open a backdoor in poorly configured clusters to then run malicious containers.
Why do we care?
There’s the key detail – poorly configured clusters. It’s seemingly always about poor configuration.
The Washington Post is noting that this seizure of funds is the first recovery by the new task force. That’s encouraging.
We’re now watching for changes in the government’s approach. Will something change after Geneva?