Edition 7

Edition 7

Highlights:

  • Organizations should figure out where and why they use public key cryptography and mark those systems as vulnerable to quantum attacks.
  • Lockbit Ransomware Gang Says Entrust Is to Blame for DDoS Attack on Its Data Leak Website.
  • Samsung said on Friday that it had a cybersecurity incident that led to some customer information being accessed without permission.
  • Google and YouTube have promised to keep Russian trolls out of the US midterm elections in 2022
  • Google will follow its rules "to stop the spread of election misinformation and false claims that could hurt participation or trust in the voting process."
  • Other big tech companies, like Twitter, Meta, and TikTok, have also written posts about how they plan to fight fake news before the midterm elections.
  • Consumer Protection Agency of Chile Attacked by RansomwareA ransomware attack is happening on the online services of Chile's national consumer protection agency.
  • The attack can stop all virtual machines running and encrypt files with an extension of [.]crypt.


CISA: Get ready for quantum computers now, not when hackers get their hands on them

Quantum computers use quantum mechanics to do calculations that are much more powerful than those that can be done on systems that only use binary computations (0 and 1). The main bad thing about quantum computing is that it could affect how secrets are encrypted, which is crucial to information security. When quantum computers are faster and have more processing power, they can break public key encryption. This could put top-secret communications, banking operations, military operations, government meetings, critical industrial processes, and other kinds of data being sent from one place to another. Cryptographic schemes that are thought to be safe today will be broken in seconds by quantum computers. This will leave people, companies, and even whole countries helpless against their enemies who are better at computers.?

By 2024, NIST plans to put official guidelines on the subject. "Don't wait until our enemies use quantum computers before taking action. Organizations should figure out where and why they use public key cryptography and mark those systems as vulnerable to quantum attacks.

See also:?Post-Quantum Computing Cryptography roadmap


Ransomware variants have increased a lot in the last six months

In the last six months, the number of new types of ransomware has grown by nearly 100%. The rise in variants is due to ransomware actors getting more organized. On the dark web, Ransomware-as-a-Service (RaaS) is becoming increasingly popular. Cybercriminals use services that work like subscriptions and buy plug-and-play ransomware. FortiGuard Labs looked at how malware worked to determine which methods have been used the most in the last six months.?

Malware developers used defense evasion more than any other top eight tactics and techniques focused on the endpoint. Process injection is the second most common method. This is when a criminal tries to get past security by putting code into a process. FortiGuard Labs have found at least seven significant new wiper variants. Attackers use these in targeted campaigns against government, military, and private organizations. Malware that erases hard drives was also found in 24 more countries. Organizations need integrated security solutions to take in real-time threat intelligence, spot threat patterns, and automatically start a coordinated response across networks.


Lockbit vs. Entrust: Ransomware Gang Says DDoS Attack Was Caused By Security Company

Lockbit Ransomware Gang Says Entrust Is to Blame for DDoS Attack on Its Data Leak Website. In June 2022, a hacker group called the hacker collective attacked Entrust. The company did not tell the public the actual name of the person who carried out the attack. On August 8, 2022, the LockBit gang said that they were the ones who broke into Entrust and stole information. But even though the attack used the word "Entrust" more than once, it is still unclear who could have started it because the website (LockBit 3.0) is currently down. Since the negotiations for the extortion amount didn't go as planned, the ransomware gang put small pieces of the stolen data on the internet.


Closer cooperation between networking and security can reduce the threat of ransomware

Ransomware can stop critical infrastructure from working, leave cities unable to provide essential services, and even stop patients from getting the care they need. Blocking ransomware before it can spread is the best way to stop it. For example, a security appliance placed at the network perimeter can prevent malware from getting through before being decrypted. This is in addition to protecting against DDoS, another attack method that ransomware extortionists use.??

Networking and security teams need to work together more to manage threats better. The change means that new technologies are being used that combine networking and security, like zero-trust network access (ZTNA), and that investments in security are given more money as a share of the IT budget. Smart network data is an excellent place for companies to build bridges between their networks and security operations. With ransomware getting smarter every year, it's not just the tools that will protect organizations and limit the damage it does; it's also the people who use them. Watch out for the new risks.


Samsung says there was a data breach that put some of its U.S. customers' information at risk

Samsung said on Friday that it had a?cybersecurity incident ?that led to some customer information being accessed without permission. This event is the second time that Samsung has said it had a security breach this year. There first incident was happened in March 2020, Samsung said it had been attacked by the data extortion group Lapsus$, which led to another data breach.

On this second incident,"An unauthorized third party got information from some of Samsung's U.S. systems at the end of July 2022," the company said in a notice. "As part of our ongoing investigation, we found out on or around August 4, 2022, that the personal information of some of our customers was compromised." Samsung said that hackers could get information like names, contact and demographic information, dates of birth, and product registration information because of the hack. It said that the incident did not affect users' Social Security numbers or credit and debit card numbers. Still, it is also noted that the information leaked may differ for each customer affected.?

It said that the information gathered is needed to help the company ensure its products and services are the best they can be. It's unclear how many customers were affected, who did the hacking, or why it took the company almost a month to tell people about it. In addition to telling users about the security event, Samsung said that it had taken steps to secure the systems that were affected and hired an outside cybersecurity firm to lead the response.


Hive ransomware locked up the Damart clothing store and asked for $2 million

After an attack by the Hive ransomware gang, Damart, a French clothing company with over 130 stores worldwide, is being?asked for $2 million . Since August 15, some of the company's systems have been encrypted, which has made it hard to do business. Damart hasn't talked to the cybercriminals yet, but he did tell the national police about what happened. The company has temporarily reduced some services customers can use as a safety measure. During the network breach, nobody knew if Hive was able to steal any data.?

The gang is using a "double extortion" method to get money twice, and they steal information before it is encrypted. Cybercriminals can pressure the victim to pay a ransom by threatening to leak the data.


Google and YouTube have banned "election trolls" before the US midterms

Google and YouTube have promised to keep Russian trolls out of the US midterm elections in 2022. This promise comes after Google removed the MAGA message board Truth Social from its Play store until the app got rid of violent content. Other election-related content likely to be taken down from YouTube is anything that gives people false information about where and how to vote. Google will follow its rules "to stop the spread of election misinformation and false claims that could hurt participation or trust in the voting process." Other big tech companies, like Twitter, Meta, and TikTok, have also written posts about how they plan to fight fake news before the midterm elections. Google also said it limits how advertisers can target election ads and updated its Political Ads Transparency Report earlier this year.


Consumer Protection Agency of Chile Attacked by Ransomware

A ransomware attack is happening on the online services of Chile's national consumer protection agency. The country's Computer Security Incident Response Team (CSIRT) says that Windows and VMware virtual computer servers were affected. Malware can shut down all virtual machines running and encrypt files with the [.]crypt extension. A government official told El Mercurio in Santiago newspaper that the attack hasn't spread to other parts of the government. Germán Fernández Bacian, a security researcher, says he has a piece of the malware used in the SERNAC attack.?

Only two attacks used the same malware. One was in Canada, and the other was in the Netherlands. The virus can hide from antivirus programs, steal information to get passwords from browsers, and make a list of removable devices like hard drives and USB drives.



Researchers say that the hacking of Italy's GSE was done by the ransomware group BlackCat

The Chilean national consumer protection agency's online services are being affected by a ransomware attack, and it's unclear when they will be back up and running again. The attack can stop all virtual machines running and encrypt files with an extension of [.]crypt. A person from the government says that the attack hasn't spread to other parts of the government. The attack used a specific type of ransomware that locks up log files, executable files, dynamic library files, swap files, and virtual disks. A recent attack on Italy's state-owned energy services company GSE was made by the hacking group BlackCat.?

Carlos Silva, in charge of the CSIRT, says that early signs point to Conti. Researchers think they can't name the family because it could be a "new variant" or an old variant that has been changed. In a ransomware attack, hackers steal information and threaten to leak it, usually in exchange for a payment in cryptocurrency. NTT Data Italia in Italy says that the average cost to recover from a ransomware attack is $1.85 million. The computer networks of the Italian oil company Eni (ENI) were also broken into, but the company says that the damage seems small so far. Another researcher noted that BlackCat posted information about 12 victims in June, 26 victims in July, and two victims in August on a dark website.


Researchers find activity from the Snowballing BianLian Ransomware Gang

BianLian, a new player in the ransomware market, has already gone after businesses in Australia, North America, and the UK. Redacted, a cybersecurity company, says that the rate at which BianLian is setting up new command-and-control (C&C) servers has been going up at a "worrying" rate. The ransomware was made with the open-source programming language Golang (Go), which Google created. It targets SonicWall VPN devices and the Microsoft Exchange Server ProxyShell vulnerability chain. Like other new cross-platform ransomware like Agenda, Monster, and RedAlert, BianLian can start servers in Windows Safe Mode to run its file-encrypting malware without being caught by the security tools that are already installed on the system. A BlackBerry survey found that even businesses with cyber insurance don't have enough ransomware coverage.?

According to Acronis's midyear report, ransomware is still the biggest threat to large and medium-sized businesses.



If you enjoyed reading this post or found it valuable, please consider subscribing and sharing this newsletter. I hope this small step can help many to keep well-updated on cybersecurity related issues.

Ferry Gersang

| ITAM ( IT Asset Management ) Learning|Customer Engineer|Technical Support|CCTV,l Linux Enthusias l Engineer|Project Manager|Sales Manager

2 年

Thank pak Faisal Yahya ??

要查看或添加评论,请登录

社区洞察

其他会员也浏览了