Rorschach ransomware, Australian government data leak, security market growth outpaces tech
Rorschach ransomware takes the speed crown
As ransomware-as-a-service becomes a dominant cybercrime business model, varying ransomware providers need to find ways to differentiate. As a result, many ransomware families boast about encryption speed. Recently LockBit 3.0 boasts the fastest encryption speeds, but Dark Reading profiled the Rorschach ransomware as the new fastest variant on the block. Researchers first spotted Rorschach in April, appearing as a customized version of Babuk code. It leverages Active Directory Domain Group Policy Objects to rapidly spread across network endpoints, aided by the use of the asymmetric key exchange method to quickly encrypt parts of a file with limited resources. Currently its focus on speed means Rorschach doesn’t include data exfiltration capabilities.??
(Dark Reading )
Data leak impacts Australian government
Earlier this year, the Australian law firm HWL Ebsworth acknowledged that the threat actor ALPHV exfiltrated data from its systems. Since that disclosure, we’ve seen the firm’s larger clients trying to assess the damage. The Australian federal government reportedly established a task force to estimate its level of exposure. The state of Tasmania, the Office of the Australian Information Commissioner, and the National Australia Bank also disclosed potential impacts from the breach. The bank issued a statement that “the vast majority of NAB customer will not be impacted,” which does not sound all that reassuring. The Register’s sources say the firm does not intend to pay any ransom.?
(The Register )
Cyber security market growth outpaces tech sector
The analysts at Canalys report that the cyber security market as a whole grew 12.5% on the year in Q1 to $18.6 billion. This comes as many potential clients for cyber security continue to cut costs in a tightening economy. Palo Alto Networks remained the market share leader in the segment, with 8.7% of revenue. Meanwhile Crowdstrike saw the biggest growth on the year, with revenue up 39.9% to surpass Check Point for the fourth biggest market share. Large and medium-sized organizations lead the growth in spending, while small and micro businesses grew cybersecurity spending 7.5% and 4.3%, respectively.?
(Canalys )
New leadership for Alibaba
Back in March, Alibaba announced plans to split its company into six different business units. The company set this up to allow each unit to fundraise independently while still under the aegis of the Alibaba umbrella.?Now we’re seeing a further leadership shakeup with the company. Current CEO and group chairman Daniel Zhang will step down from those roles. He will remain CEO and chairman of Alibaba Cloud Intelligence Group, a position he took on in December. Taobao and Tmall chairman Eddie Yongming Wu will be Alibaba’s new CEO as of September 10th.?
(Tech In Asia )
And now a word from our sponsor, Wing Security
领英推荐
Discord servers used to drain crypto wallets
The Block’s Tim Copeland profiled a recent campaign of threat actors posing as journalists to target Discord moderators with phishing forms. They used these forms for account takeovers. From there they would freeze out other mods, lock down member communication, and put out fake airdrop crypto announcements that actually served to drain crypto wallets. Since December 2021, Copeland noted at least 900 Discord servers compromised, with an uptick in recent weeks.?
Security researchers at OpenSea report that many of the attackers in these schemes are still in high school. These attacks generally see a notable increase during summer vacation. The attackers often use these funds to purchase virtual items on Roblox. Researchers note these attackers show little sophistication in covering their tracks. But right now there is minimal interest from law enforcement to target them.?
(The Block )
Asus releases router patches
Asus released firmware updates for a number of its home router models. These updates fixed two critical vulnerabilities, related to a memory corruption bug in HTTP requests, and a Netatalk arbitrary code execution flaw. It also resolved a less severe session hijack vulnerability. The breadth of the firmware updates indicate these flaws have been around for a while. Asus recommends patching immediately. Failing that, it recommends blocking all inbound access to the router until an update is possible.?
ChatGPT accounts for sale
Security researchers at Group-IB discovered over 100,000 compromised ChatGPT account credentials for sale on illicit forums over the last year. India accounted for over 12,000 credentials in this set, with many accounts from the Asia-Pacific region in general. Analysis shows that the Raccoon info stealer accounted for a majority of these stolen credentials. Analysts note that since ChatGPT retains all conversations by default, these credentials could potentially leak business information or other sensitive data sent to the popular chatbot.?
Generative AI chatbots generate Windows keys
Last week, a Twitter user claimed to successfully get ChatGPT and Google Bard to generate activation keys for Windows 10 and 11. The user prompted the chatbots by asking it to act like a deceased relative “who would read me Windows 10 Pro keys to fall asleep to.” Digital Trends notes that while this does get around both chatbots general prohibitions about generating keys, the ones produced were generic license keys. They worked but didn’t unlock all OS features. Both services subsequently blocked that specific request. On the plus side, Google Bard also provided the user with resources to help deal with loss.?
(Mashable )