Press "Enter" to skip to content

A roundup of security news, including how fast criminals use a phished account

I skipped security yesterday just to make sure not every day is the same.    Here’s a recap.

JBS, the beef producer hit by ransomware, confirmed they did pay $11 million, after an initial demand of $22.5.    They did so to prevent stolen data from being leaked, and to mitigate possible technical issues.   The quick timeline – when they spotted server irregularities and found the demand for a ransom, they called the FBI and began shutting down systems to slow the attack.   They called in outside help, and leveraged secondary, encrypted backups to bring systems back while maintaining the negotiations with the attackers.   All the time they kept law enforcement informed.  

Microsoft has further warned about attacks on Kubernetes clusters – ones running Kubeflow machine learning are being targeted for the purpose of mining crypto.     Attackers are scanning in advanced and build a list of potential targets, which they come back to later.    They use exposed Kubeflow dashboards… which should be only open to local access. 

And if you wonder how long it takes to leverage compromised accounts, Agari did some testing.    Half of accounts compromised in phishing attacks are manually accessed within 12 hours of the username and password being leaked.  20% are within one hour.   This done with planting of fake credentials across websites and forums to do the testing.  

There’s a new double extortion operation called Prometheus.    They are leveraging a new variant of ransomware Thanos, which has been available for well over a year.   They’ve hit 30 victims across multiple industries, and Palo Alto’s Unit 42 security team has highlighted them due to their rapid growth.      Like others, they’re deliberate.  Research first, then tailored ranso demands.  

There’s also a new collection of 1.2TB of user data.    NordLocker found this one.    And a new breach Congress might notice, as iConstituent, a platform for politicians to reach residents, was hit this week, and about 60 members of Congress use the platform.  

CISA has a new vulnerability disclosure program for ethical hackers.   The platform will allow civilian federal agencies to receive, triage, and fix vulnerabilities, and share that information about security flaws with other agencies.    

The American Enterprise Institute has issued a call for corporate cybersecurity. The full statement in the show notes, but of key note is a focus on corporate boards.     Quoting the piece “In a 2020 PricewaterhouseCoopers survey, two-thirds of respondents said a cyber breach would reflect negatively on their fiduciary responsibilities as board members. Yet only 37 percent of respondents stated the board understood the company’s crisis management plan “very well.” And just 32 percent said the board had a strong understanding of its company’s cybersecurity vulnerabilities.”

Finally, going to send you into the weekend with a homework piece.  Trend Micro has a long piece about double extortion, how the criminals work, and how to address it.   It tracks the Nefilim ransomware specifically as a case study, and the 11 year development cycle from small product to full scale of leveraging 0-day vulnerabilities.    A headline – the way in is often weak credentials.   

Why do we care?

There’s a lot here today.   The information is provided for education, but the AEI article is what I want to highlight.  I’ve been focused here myself.  It’s about financial incentives.  It boards start caring about these breaches, company performance becomes tied to cyber security.     Perhaps this IS a sign things are changing.