Tag Archive for: shows

A Massive Therapy Hack Shows Just How Unsafe Patients’ Files Can Be

/in


The suburb of Courbevoie sits just west of Paris on the left bank of the Seine. It’s home to La Défense, a thicket of skyscrapers visible from the city that forms a distant, unlovely terminus to the grand axis extending from the Louvre up the Avenue des Champs-Élysées and through the Arc de Triomphe. Just a short walk from Courbevoie’s office towers, at 7:20 a.m. on Feb. 3, 2023, local police arrived at a short-term rental in a modern beige apartment block. They were responding to a domestic violence call.

Outside the apartment, the officers met the young woman who’d phoned. She told them her friend and her friend’s husband were inside. The night before, the three had been out late at a nightclub and the husband had been drinking. There had been a dispute, the woman said. Now she worried her friend was in danger. The officers knocked on the door, no one answered, and they broke it open with a battering ram.

Source…

‘TheMoon’ malware shows its dark side, grows to 40,000 bots from 88 countries

/in


A multi-year campaign leveraging an updated version of “TheMoon” malware has been targeting end-of-life (EoL) small business routers and IoT devices via a cybercriminal proxy service known as “Faceless.”

The Black Lotus Lab team at Lumen Technologies described in a March 26 blog post that they found that “TheMoon” malware, which first emerged in 2014, was operating quietly while growing to more than 40,000 bots from 88 countries by January and February of this year.

Black Lotus Labs first described “TheMoon” malware in 2019 and said it has entered a new phase. For their most recent post, the researchers identified at least one campaign by the Faceless criminal proxy service that began in the first week of March which targeted more than 6,000 ASUS routers in less than 72 hours.

The researchers said Faceless has been growing at a pace of 7,000 users per week and has become an ideal choice for cybercriminals seeking anonymity. The researchers said their telemetry found that this service has been used by operators of botnets such as SolarMarker and IcedID.  

“This is not the first instance of infected devices being enrolled into a proxy service, and it’s a growing trend,” wrote the researchers. “We suspect that with the increased attention paid to the cybercrime ecosystem by both law enforcement and intelligence organizations, criminals are looking for new methods to obfuscate their activity.”

John Gallagher, vice president of Viakoo Labs, said that IoT devices are designed to be “set-it-and-forget-it,” leading to their being favored by threat actors. So even if they are not EoL, they are likely unmanaged and not updated. 

“This is a much bigger issue for enterprises than consumers,” explained Gallagher. “The operators of IoT devices are often cost centers, and have an incentive to not replace equipment unless it isn’t functional anymore. So, enterprises offer vast fleets of IoT devices for threat actors to leverage for DDoS and other attack vectors.”

The result: Gallagher said we now have vast botnet armies of infected IoT devices because there has never been a focus (or incentive) around bot eradication. He said organizations are told to focus on bot…

Source…

Ransomware Attack on Brewery Shows Cybersecurity Risks

/in


The recent ransomware attack against the Duvel Moortgat Brewery demonstrated the very real risk that cybersecurity incidents pose to the alcohol industry, reportedly halting operations for several days at four of Duvel Moortgat’s facilities in Europe and the United States. This attack comes after other major alcohol producers experienced disruptive ransomware attacks in the last several years. Incidents like these can be devastating for a company’s business and reputation, and hackers’ strategies are constantly evolving to maximize their damage. But companies can be prepared with an information security program designed to prevent successful attacks and quickly respond if one occurs. Experienced partners such as McDermott are critical resources throughout this process, enabling companies to better update and fortify their security programs.

The Growing Threat of Attack

Hackers have extorted companies through ransomware attacks for decades, but hacker strategies have evolved to increase the risks to companies, often resulting in a larger ransom for the hacker. A “ransomware” attack traditionally refers to a strategy in which a hacker gains access to a victim’s computer system, encrypts the information on those systems and demands a ransom payment to unlock that information. Victims may try to avoid paying the ransom by restoring most of their systems from backups, but hackers have recently introduced additional strategies that can complicate that recovery. Today, hackers often try to steal the victim’s information before encrypting it on the victim’s system, so that they can sell or publish the information if the victim refuses to pay the ransom. Hackers also may try to “corrupt” backups so that the victim cannot effectively restore its system without the hacker’s assistance. One ransomware group, AlphV, says that it also reports its publicly traded victims to the US Securities and Exchange Commission if they don’t pay the ransom.

Determining whether to pay a ransom is a complicated decision, with either choice presenting notable risks. The ransom will likely be expensive and must be paid without any guarantee that the hacker will make good on its promises….

Source…

A near-miss hack of Linux shows the vulnerability of the internet

/in


One of the most fascinating and frightening incidents in computer security history started in 2022 with a few pushy emails to the mailing list for a small, one-person open source project.

A user had submitted a complex bit of code that was now waiting for the maintainer to review. But a different user with the name Jigar Kumar felt that this wasn’t happening fast enough. “Patches spend years on this mailing list,” he complained. “5.2.0 release was 7 years ago. There is no reason to think anything is coming soon.”.

A month later, he followed up: “Over 1 month and no closer to being merged. Not a suprise.” [sic]

And a month after that: “Is there any progress on this?” Kumar stuck around for about four months complaining about the pace of updates and then was never heard from again.

A few weeks ago, the world learned a shocking twist. “Jigar Kumar” does not seem to exist at all. There are no records of any person by that name outside the pushy emails. He — along with a number of other accounts — was apparently part of a campaign to compromise nearly every Linux-running computer in the world. (Linux is an open source operating system — as opposed to closed systems from companies like Apple — that runs on tens of millions of devices.)

That campaign, experts believe, was likely the work of a well-resourced state actor, one who almost pulled off an attack that could have made it possible for the attackers to remotely access millions of computers, effectively logging in as anyone they wanted. The security ramifications would have been huge.

How to (almost) hack everything

Here’s how events played out: In 2005, software engineer Lasse Collin wrote a series of tools for better-compressing files (it’s similar to the process behind a .zip file). He made those tools available for free online, and lots of larger projects incorporated Collin’s work, which was eventually called XZ Utils.

Collin’s tool became one part of the vast open source ecosystem that powers much of the modern internet. We might think that something as central to modern life as the internet has a professionally maintained structure, but as an XKCD comic published well before the…

Source…