Project Hyphae

Information Security News 5-8-2023

Share This Post

Ransomware Gang Hijacks University’s Emergency Alert System, Threatens Students

Article Link:

  • On May 1st, a group of cyber criminals hacked into and gained control over Bluefield University’s emergency alert system. The ransomware group then sent out a message to students claiming to have stolen data and threatened to continue disrupting the institution if the university’s president refused to pay a ransom.
  • The university initially notified staff and students of a “typical” cyberattack, in which data had been stolen, but it didn’t appear to include financial fraud or identity theft. However, the day after the announcement, the hackers sent out threatening messages and released a portion of the stolen data, presumably to further pressure the school to pay the ransom.
  • This incident highlights a growing trend of ransomware attackers growing bolder and more creative with their attack efforts. An increasing number of ransomware gangs appear to be zeroing in on new ways to intimidate victims.

Attackers Route Malware Activity Over Popular CDNs

Article Link:

  • According to a report by Netskope, an average of five out of every 1,000 enterprise users attempted to download malware in the first quarter of 2023.
  • Additionally, the majority of web malware downloads were delivered over “trusted” methods, as opposed to risky methods like newly registered domains. Specifically, CDNs and cloud service providers including Akamai, Cloudflare, AWS, Azure, and Limelight were commonly abused.
  • Last, the report highlighted that attackers used 261 distinct apps over the first quarter of 2023 for malware downloads. These included OneDrive, Amazon S3 buckets, Weebly, and other services.
  • Link to Netskope’s Report:

Google Rolls Out Passkey Support Across Accounts on All Major Platforms

Article Link:

  • Google has begun rolling out support for passkeys, like biometric authentication, across Google Accounts on all major platforms, adding a new sign-in option that can be used alongside passwords and two-step verification.
  • Google Workspace administrators will soon have the option to enable passkeys for end-users as well.
  • While passkeys aren’t foolproof, they are seen as more secure than passwords or SMS codes.
  • Link to Google’s Announcement:

Think Your Data has no Value? Scammers Disagree

Article Link:

  • According to a report by Avast, there was a 40% rise globally in phishing attacks from Q1 2022 to Q1 2023. Two common threat types that added to this increase include the sending of false bills or invoices and smishing attacks.
  • As the article noted, attackers lure victims in by using the names and likeness of well-known brands or trusted personnel. As such, users struggle to trust communications from others including friends, bosses, and household brands due to the potentially fraudulent nature of these messages.
  • Link to Avast’s Full Report:

Global Cyber Risk Lowers to Moderate Level in 2H’ 2022

Article Link:

  • In the second half of 2022, Trend Micro conducted its Cyber Risk Index (CRI) survey, which surveyed over 3,700 organizations across the globe. The CRI identifies cyber risk level based on two areas: the ability of organizations to prepare for cyberattacks targeting them and the current assessment of threats targeting them.
  • The global cyber risk index was rated as +0.01 (moderate) on a scale between positive and negative ten, with Europe being the most positive (lower risk) region and North America being the most negative (higher risk) region.
  • Trend Micro’s report offers additional insight, including a review of areas that led to higher (worse) risk ratings. These include miscommunication between IT/Security and leadership, an inability to maintain countermeasures, and limited asset oversight.

2 Years After Colonial Pipeline, US Critical Infrastructure Still Not Ready for Ransomware

Article Link:

  • As the second anniversary of the ransomware attack on Colonial Pipeline passes, experts warn that efforts to thwart the potentially debilitating threat to US critical infrastructure, while beneficial, have not been enough.
  • According to data from the FBI, of the 2,385 ransomware complaints received in 2022, 870 involved critical infrastructure. Likewise, 14 of the 16 critical infrastructure sectors had at least one ransomware victim over 2022.
  • While significant progress has been made, much work remains to ensure the security and resilience of critical infrastructure. Additionally, as CISA highlighted, cybersecurity needs to be a priority at the highest level of organizations instead of solely a CIO or CISO issue.
  • Link to CISA’s 2-Year Review:

The Merck Appeal: Cyber Insurance and the Definition of War

Article Link:

  • Merck recently won an appeal that could mean its insurers will have to pay up on a $1.4-billion judgment related to the NotPetya cyberattack in 2017.
  • The New Jersey appellate division judges hearing the appeal noted that the plain definition of war applies to the various insurance policies and that a cyberattack against an accounting firm not engaged in hostilities, while criminal and based on ill-will, was not tantamount to an act of war.
  • Specifically, the judges noted that the usage of “hostile” and considering an incident as part of a war when the firm and its customers are noncombatants would conflict with basic principles that require courts to narrowly construe an insurance policy exclusion, such as a war exclusion.
  • Link to Additional Article/Different Viewpoint:

Google Chrome Will Lose the “Lock” Icon for HTTPS-Secured Sites

Article Link:

  • In September 2023, Google Chrome will stop showing the lock icon when a site loads over HTTPS, partly due to the now ubiquitous use of the protocol and misunderstanding of the padlock symbol.
  • Many users saw this as an indicator of a secure website, leading to the trusting of dangerous websites. As such, organizations like the FBI have had to publish guidance highlighting that the padlock isn’t an indicator of website safety.
  • Therefore, starting with Chrome 117, the “lock” will be replaced with a new “tune” (soundboard) icon for Chrome for Windows and Android and will be removed on Chrome for iOS.
  • Link to Google Chrome’s Announcement:

More To Explore

Information Security News 6-5-2023

‘Picture-in-Picture’ Obfuscation Spoofs Delta, Kohl’s for Credential Harvesting Article Link: NSA and FBI: Kimsuky Hackers Pose as Journalists to Steal Intel Article Link:

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.