al3x@wannaCYbeR(security)~$ echo "Issue \x0B"

Greetings, fellow cyber people, and welcome to the eleventh issue of wannaCYbeR, a weekly newsletter dedicated to those who are just starting in cybersecurity. This week, a new alert on possible Russian cyberattacks on ICS was released, plus APT and ransomware groups made headlines.

New Alert on Russian Attacks on Critical Infrastructure

Yesterday, the cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom releases a joint Cybersecurity Advisory (CSA) stating that Ukrainian allies might soon see a spike in “malicious criminal activity” as a response to “the unprecedented economic costs imposed on Russia as well as materiel support” provided by the U.S. and allies.

“Some cybercrime groups have recently publicly pledged support for the Russian government,” the advisory states, probably referring to the ransomware group Conti pledging allegiance to Russia and paying the consequences for doing that. “These Russian-aligned cybercrime groups have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people. Some groups have also threatened to conduct cyber operations against countries and organizations providing materiel support to Ukraine,” continues the advisory.

This is not the first time that similar information is shared. Personally, I’d much rather read a million of these alerts and have them all remain just warnings as opposed to, for instance, seeing our power grids shut down with no heads up at all.

Take a look at the full joint advisory.

REvil Reloaded?

After months of inactivity, REvil’s ransomware servers are back online and they are listing a good chunk of the previous ransomware operations, with the new site having connections to the previous one. Currently, it’s unclear whether the group responsible for last year’s Kaseya attack would be behind the new operation too, as researchers are still at work analyzing connections and samples.

“The leak site provides details on the conditions for affiliates, who allegedly get an improved version of REvil ransomware and an 80/20 split for affiliates collecting a ransom,” BleepingComputer reports.

However, “On a popular Russian-speaking hacker forum, users are speculating between the new operation being a scam, a honeypot, or a legit continuation of the old REvil business that lost its reputation and has a lot to do to earn it back.”

Read more on BleepingComputer

Lazarus is Phishing

North Korean state-backed hacking group Lazarus made headlines this week after the Cybersecurity and Infrastructure Security Agency (CISA), along with the US Treasury Department (Treasury) and the Federal Bureau of Investigation (FBI) released an advisory stating that the APT group would be targeting employees within cryptocurrency companies with phishing campaigns, with the goal of gaining access to crypto trading systems and make fraudulent transfers.

Lazarus is not new to attacks aiming at a quick but substantial profit. On its record, there are operations such as ‘FastCASH’ when the group compromised a number of bank networks’ SWIFT system endpoints and was able to make fraudulent ATM withdrawals with the help of malware that would send fake confirmations to the requested transactions.

“The technique begins with a large number of email messages that offer a better job to the employees. The emails urge recipients to click on applications posing as cryptocurrency trading and price prediction tools. [..] Once the payload is deployed, cybercriminals can execute commands and send additional malware allowing them to gain access to a victim’s computer and move across a company’s network. The goal is to steal private keys or exploit security gaps that allow for fraudulent blockchain transactions,” Cyberscoop reports .

Even though more than one APT group backed by the North Korean regime focuses on financial cybercrime for quick gains, Lazarus seems to only partially overlap with the group called APT38, as Mandiant reports in his detailed overview of APT38 .

Meme of the Week: Security Cam

Special of the Week #1: Free LinkedIn Learning

Yes, I’m not kidding: if you’re trying to take some classes via LinkedIn but you can’t afford the subscription, there can be a way to access all that goodness for free. The secret lies in your local public library: most libraries have some existing agreements to give their users access to quality online education, and LinkedIn Learning (previously Lynda.com) is one of the most popular platforms.

Unfortunately, LinkedIn doesn’t have a repository of all the libraries affiliated, so you’ll have to do some work and dig into your local library’s website. This page from the Sacramento Public Library , for example, clearly mentions access to LinkedIn Learning.

Once you have verified the agreement, you should find a link that brings you to the LinkedIn Learning login page affiliated with your library (it will include a library ID.) The one for the Sacramento Public Library, for example, is here . You’ll be able to use your library credentials to log in, create a new account, and get access to a whole new world of learning. And I hope you’ll enjoy it!

Special of the Week #2: Free Security+ Video Training

Are you studying for your CompTIA Security+ certification and looking for more training material? Look no further than on Professor Messer’s website. It features some great video content as well as a Discord channel and monthly study groups organized by topic.

Besides Sec+, you can find training material available for A+, and Net+, as well as discounts on many CompTIA vouchers.

Check out the free Sec+ video training.

That's all for this week. If you enjoyed the newsletter, please feel free to share it with your connections. Do you know of a great piece of content I should include? Don’t be shy, reach out!

P.S. In case you were wondering, I don't receive any compensation or sponsorship for the content I share. I do it just because I love to nerd out with other people on topics of common interest.