Cyber Risk Update 22 SEP 2023
Malware and TTP
LockBit Is Using RMMs to Spread Its Ransomware. The LockBit group is using native IT management software to live off the land, planting and then spreading itself before deploying its ransomware. https://www.darkreading.com/threat-intelligence/lockbit-using-rmms-spread-ransomware
FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service. The group's use of malware that forces Windows computers to reboot into Safe Mode before encrypting files is noteworthy, advisory says. https://www.darkreading.com/attacks-breaches/fbi-cisa-issue-joint-warning-on-snatch-ransomware-as-a-service
Insider risks are getting increasingly costly. The cost of cybersecurity threats caused by organization insiders rose over the course of 2023, according to a new report from the Ponemon Institute and DTEX Systems. https://www.csoonline.com/article/652964/insider-risks-are-getting-increasingly-costly.html
Fake WinRAR PoC Exploit Conceals VenomRAT Malware. A supposed exploit for a notable RCE vulnerability in the popular Windows file-archiving utility delivers a big sting for unwitting researchers and cybercriminals. https://www.darkreading.com/application-security/fake-winrar-poc-exploit-conceals-venomrat-malware
Nation States
Chinese Spies Infected Dozens of Networks With Thumb Drive Malware. Mandiant researchers say the campaign represents a surprisingly effective revival of thumb drive-based hacking that has largely been replaced by more modern techniques, like phishing and remote exploitation of software vulnerabilities. “USB infections are back,” says Mandiant researcher Brendan McKeague. https://www.wired.com/story/china-usb-sogu-malware/
Elections
Meri Talk: Easterly: AI Posing Risks to Election Information Environment (09/20) https://www.meritalk.com/articles/easterly-ai-posing-risks-to-election-information-environment/
Trends
Cybersecurity Dive: US is making headway on securing cyber infrastructure, commission says (09/20) https://www.cybersecuritydive.com/news/us-securing-cyber-infrastructure/694226/
P2PInfect Botnet Activity Surges 600x with Stealthier Malware Variants https://www.bleepingcomputer.com/news/security/p2pinfect-botnet-activity-surges-600x-with-stealthier-malware-variants/
83% of IT Security Professionals Say Burnout Causes Data Breaches https://www.darkreading.com/attacks-breaches/83-of-it-security-professionals-say-burnout-causes-data-breaches-
Cyber Incidents
'Scattered Spider' Behind MGM Cyberattack, Targets Casinos. The ransomware group is a collection of young adults who also recently breached Caesars Entertainment and made a ransom score in the tens of millions. https://www.darkreading.com/attacks-breaches/-scattered-spider-mgm-cyberattack-casinos
Forbes: Donald Trump Jr.’s X Account Hacked–Falsely Announced Father’s Death (09/20) https://www.forbes.com/sites/petersuciu/2023/09/20/donald-trump-jrs-x-account-hacked--announced-fathers-death/?sh=71db0df537b2
Bleeping Computer: TransUnion denies it was hacked, links leaked data to 3rd party (09/20) https://www.bleepingcomputer.com/news/security/transunion-denies-it-was-hacked-links-leaked-data-to-3rd-party/
Companies often refrain from disclosing that they paid ransoms to cybercrime groups after an attack, fearing that such an admission could bring legal and reputational risks. Casino operator Caesars Entertainment, for example, hasn’t said publicly that it paid hackers after a cyberattack late this summer. The Wall Street Journal reported last week that Caesars paid around half of the $30 million ransom that hackers demanded. The issue reflects challenges federal regulators face in forcing more transparency around how companies deal with cyberattacks. https://www.wsj.com/articles/companies-remain-reluctant-to-admit-paying-off-hackers-e1688946
Progress: Las Vegas casino and hotelier MGM Resorts said Wednesday its properties are "operating normally" but not all digital capabilities are available after a cyber incident disclosed on Sept. 11. Mobile check-in and digital room keys aren't operating and members of the MGM Rewards loyalty program can't use their points, MGM said. https://www.mgmresorts.com/en/maintenance/faq.html
Governance
How to Get Your Board on Board With Cybersecurity. CISOs can refine their soft skills to help get their cybersecurity best-practices message across. Steps include increasing staff incident-response training and staying current with the threat landscape. https://www.darkreading.com/vulnerabilities-threats/how-to-get-your-board-on-board-with-cybersecurity
How Choosing Authentication Is a Business-Critical Decision. MFA may go a long way in improving password security, but it's not foolproof. https://www.darkreading.com/endpoint/how-choosing-authentication-is-a-business-critical-decision
Cyber Insurance
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks. Cyber insurance claims frequency increased by 12% in the first half of 2023 while claims severity increased by 42% with an average loss amount of more than $115,000. https://www.csoonline.com/article/652906/us-cyber-insurance-claims-spike-amid-ransomware-funds-transfer-fraud-bec-attacks.html
Ransomware Cyber Insurance Claims Rose by 27% https://www.securitymagazine.com/articles/99925-ransomware-cyber-insurance-claims-rose-by-27
Privacy
“Every car brand we looked at collects more personal data than necessary and uses that information for a reason other than to operate your vehicle and manage their relationship with you.”— The Mozilla Foundation open-source project, in a study of how 25 major auto companies handle customer information
Guidance
Longer passwords mean better security, experts say. How should passwords be managed, what makes them more secure, and why should the names of pets or children should be avoided? This article explores applying password creation best practices. Among the recommendations is that passwords of 11 to 12 characters probably will be sufficient, but security researchers at SANS Institute recommend 15 or more. https://www.techradar.com/news/internet/policies-protocols/10-ways-to-make-your-passwords-secure-1155444
Comments