Project Hyphae
Search

Information Security News 3-20-2023

Share This Post

LockBit 3.0 Ransomware: Inside the Cyberthreat That’s Costing Millions

Article Link: https://thehackernews.com/2023/03/lockbit-30-ransomware-inside.html

  • The FBI, CISA, and Multi-State Information Sharing & Analysis Center (MS-ISAC) released a joint alert on March 16th that provided updated IOCs and TTPs for the resurging LockBit 3.0.
  • Since emerging in late 2019, the LockBit actors have invested significant technical effort to develop and fine-tune their malware, issuing two major updates: LockBit 2.0, released in mid-2021, and LockBit 3.0, released in June 2022.
  • Initial access to victim networks is obtained via RDP exploitation, drive-by compromise, phishing campaigns, abuse of valid accounts, and weaponization of public-facing applications. From there, the malware actors work to establish persistence, escalate privileges, and move laterally.
  • Link to Government Alert: https://www.cisa.gov/news-events/alerts/2023/03/16/fbi-cisa-and-ms-isac-release-stopransomware-lockbit-30

BianLian Ransomware Crew Goes 100% Extortion After Free Decryptor Lands

Article Link: https://www.theregister.com/2023/03/19/bianlian_ransomware_extortion/

  • The cybersecurity firm Avast released a free decryptor for BianLian victims in January. Since then, BianLian has shifted away from double extortion (encryption and data leaking) to solely just threatening to expose exfiltrated data. Additionally, the group has changed how they post the masked details of their victims to prove they actually have stolen data.
  • In response to the release of the decryptor, the BianLian group sent out a message claiming that they create unique encryption keys for each victim, making the decryptor useless. However, BianLian have since deleted that post and focused primarily on leaking the data of their victims.
  • A byproduct of the decryptor release and growing experience, BianLian has managed to get victim data up on the gang’s leak site at a faster pace, with some data being uploaded 48 hours after being compromised. Additionally, the messages to victims have become more tailored and detailed.

DNS Data Shows 1 in 10 Organizations Have Malware Traffic on Their Networks

Article Link: https://www.csoonline.com/article/3690518/dns-data-shows-one-in-10-organizations-have-malware-traffic-on-their-networks.html

  • According to Akamai, between 10% and 16% of organizations encountered C2 traffic in their network in any given quarter, suggesting the possibility of an in-progress attack or breach.
  • From the data collected, 44% of the malicious traffic observed is related to botnets, with initial access brokers, info stealers, ransomware, RATs, and other threats making up the other 66% of bad traffic.
  • Link to Akamai’s Report: https://www.akamai.com/blog/security/a-deep-dive-on-malicious-dns-traffic

Top 50 Most Impersonated Brands by Phishing URLs

Article Link: https://www.helpnetsecurity.com/2023/03/15/impersonated-brands-by-phishing-urls/

  • According to Cloudflare, various finance, technology, and telecom brands were the most commonly impersonated industries, due to the unprecedented access and financial benefit that banks, email and social media, and phone companies can give attackers.
  • These attempts come in the form of an email, text message, or mistyped website URL that looks like it’s from a well-known brand but is actually a malicious party. Likewise, phishing URLs like the ones identified by Cloudflare prey on victims trusting large companies by name alone.
  • Several of the impersonated brands include AT&T, Microsoft, Coinbase, FedEx, and Steam.
  • Link to Cloudflare’s Report: https://blog.cloudflare.com/50-most-impersonated-brands-protect-phishing/

Universities and Colleges Cope Silently with Ransomware Attacks

Article Link: https://www.csoonline.com/article/3690413/universities-and-colleges-cope-silently-with-ransomware-attacks.html

  • While researchers suggest that ransomware is declining some, recent attacks on higher education refute this observation. Specifically, at least 8 North American colleges and universities have reported attacks since December 2022.
  • It is impossible to know how many higher education institutions have become victims of ransomware attacks or whether these incidents are increasing because the institutions are more reluctant than most organizations to reveal the attacks or discuss any other aspect of cybersecurity. The article described the lack of transparency as a “cone of silence” across the higher education sector.
  • Although the possibility of a ransom payout attracts bad actors, it is suggested that ransomware gangs are drawn to easier, less secure organizations like educational institutions. Likewise, what may be missed out on in terms of ransom payout is likely nullified by the sale of stolen data.

Iowa Set to Finalize Sixth US Comprehensive State Privacy Law

Article Link: https://iapp.org/news/a/iowa-set-to-finalize-sixth-us-comprehensive-state-privacy-law/

  • Recently, a comprehensive privacy law, known as SF 262, unanimously passed through both chambers of the Iowa Legislature, with the only step left being the Governor’s signature.
  • SF 262 applies to organizations who process the personal data of 100,000 Iowans or derive 50% of revenue from selling the data of over 25,000 Iowans. This bill allows Iowans to have their data deleted or provided to them and requires a 90-day period for data subject request responses, among other provisions. Not included in the bill are the private right of action, required data assessments, and the ability to opt out of targeted advertising.
  • There are a variety of exceptions to Iowa’s legislation, including organizations that are already required to comply with the CCPA, FCRA, GLBA, HIPAA, FERPA, and COPPA. Essentially, Iowa’s data privacy bill works to cover any compliance holes as opposed to adding onto compliance frameworks.
  • Link to Iowa’s Bill Tracking: https://legiscan.com/IA/bill/SF262/2023
  • Link to Iowa’s Bill Details: https://www.legis.iowa.gov/legislation/BillBook?ga=90&ba=SF%20262

When and How to Report a Breach to the SEC

Article Link: https://www.csoonline.com/article/3690732/when-and-how-to-report-a-breach-to-the-sec.html

  • New cybersecurity reporting requirements for publicly traded companies are expected to be enacted in the spring of 2023, with proposed rules from the SEC looking for more information and transparency from those hit with security incidents.
  • The SEC’s proposed rules include a requirement that companies report any cybersecurity events within 4 business days of determining that it was a material incident, mandatory disclosures regarding the board of directors’ oversight of cybersecurity risk as well as details about the cybersecurity expertise and experience of individual board members, and mandatory disclosures relating to management’s role in addressing cybersecurity risk.
  • As the article notes, a large aspect of the rule change revolves around identifying what makes a cyber incident “material” and then taking the appropriate steps to notify the organization’s board, shareholders, and the SEC (via a Form 8-K).
  • Link to the SEC’s Proposal: https://www.sec.gov/news/press-release/2022-39

Meet Data Privacy Mandates with Cybersecurity Frameworks

Article Link: https://www.darkreading.com/risk/meet-data-privacy-mandates-with-cybersecurity-frameworks

  • Understanding the ongoing changes to data privacy regulations is challenging enough for CISOs and their teams. Implementing the needed changes as they occur only adds complexity and confusion. A way to combat this is by utilizing frameworks.
  • A key component of applying frameworks effectively centers on proactive risk prioritization. This is based on comprehensive, contextual, and historical threat intelligence coupled with active control over the enterprise which can alleviate many of the compliance headaches CISOs face.
  • Several steps that assist in the process of using proactive risk prioritization include understanding how your enterprise is using data, conducting a thorough risk assessment, quantifying cyber risks, and defining a measurable and consumable security awareness policy.


Reach out to our incident response team for help

More To Explore

Information Security News 3-25-2024

Developer Sues Minnesota Contractor After $735K Payment Disappears Article Link: https://www.constructiondive.com/news/beck-sues-ryan-fsa-title-cybercrime/710708/ Truck-to-Truck Worm Could Infect and Disrupt Entire US Commercial Fleet Article Link: https://www.theregister.com/2024/03/22/boffins_tucktotruck_worm/ NIST’s

Information Security News 3-18-2024

Threat Actors Leaked 70 Million Records Allegedly Stolen From AT&T Article Link: https://securityaffairs.com/160627/data-breach/70m-att-records-leaked.html Former Telecom Manager Admits to Doing SIM Swaps for $1,000 Article Link:

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.