Saturday 6th July 2024

Good morning everyone, a very happy Saturday to you all and welcome to today's edition of Cyber Daily. In today's edition, we look into the latest developments in digital defence and legislation:

• Meet Zergeca, the Golang-based botnet that's making waves with its powerful DDoS attacks and sophisticated evasion tactics.
• Discover the old-school intimidation methods of the Volcano Demon ransomware gang, who are bringing a personal touch to cyber extortion with threatening phone calls.
• Explore how California lawmakers are stepping up to regulate AI with groundbreaking safety measures, despite pushback from tech giants like Meta and Google.

New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks

Cybersecurity researchers have uncovered a formidable new botnet named Zergeca, written in Golang, and capable of executing potent distributed denial-of-service (DDoS) attacks. The botnet is named after a string found in its command-and-control (C2) servers, "ootheca."

Zergeca stands out for its multifunctionality, supporting not only six DDoS attack methods but also proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and data collection from compromised devices. It leverages DNS-over-HTTPS (DoH) for C2 server resolution and employs the lesser-known Smux library for communications, indicating sophisticated evasion tactics.

There are signs of ongoing development, with threat actors potentially building on experience gained from the Mirai botnet. Zergeca has targeted Canada, Germany, and the U.S. with ACK flood DDoS attacks since early June 2024. The botnet comprises four modules: persistence, proxy, silivaccine, and zombie, each responsible for different malicious activities.

The zombie module, key to its operation, reports device information to the C2 and executes commands, including DDoS attacks and reverse shell functions. Techniques like modified UPX packing and XOR encryption for strings further underline its advanced nature.

Ransomware Gang Volcano Demon Takes Extortion Old-School

Security researchers have identified a new ransomware group, Volcano Demon, that's adding a unique twist to cyber extortion by using phone calls for negotiations.

Unlike most ransomware attacks where data is exfiltrated and threats are made to publish it on the dark web, the Volcano Demon gang opts for direct phone negotiations with victims.

In this unusual approach, the ransomware group contacts victims via phone, making it more likely for staff outside the cybersecurity team to be drawn into negotiations. This method can be more intimidating than an email, with calls being frequent and threatening, often from unidentified numbers.

The group's ransomware, LukaLocker, encrypts files and changes their extensions to .nba. Before encryption, data is exfiltrated, allowing attackers to threaten its release if the ransom isn't paid.

The use of phone calls complicates the victim's response, as any employee could be targeted at any time. This makes it challenging to manage negotiations, which are typically handled by specialists.

The attackers are not shy about making threats, and their ransom notes are blunt: "Your corporate network has been encrypted... we studied and downloaded a lot of your data... attacks will continue."

Despite using phone calls, which might seem less anonymous than the dark web, there's hope that this could eventually help authorities track the attackers.

The old-school phone call method by the Volcano Demon gang highlights the evolving tactics of ransomware attackers. Ensure your cybersecurity measures and response plans are robust and prepared for this unconventional threat.

California Advances AI Safety Legislation Amid Tech Pushback

California lawmakers voted Tuesday to push forward legislation requiring AI companies to implement safety measures to prevent potential catastrophic events like electric grid manipulation or chemical weapon development. This landmark bill aims to mitigate risks posed by evolving AI technology.

While the bill, authored by Democratic state Sen. Scott Wiener, seeks to establish safety standards for AI systems, it faces strong opposition from tech giants like Meta and Google. These companies argue the regulations unfairly target developers instead of malicious users of AI.

Here are the specifics of the bill:

• Threshold: Applies to AI systems costing over $100 million in computing power to train.
• Protection: Developers aren't criminally liable if they test and mitigate risks.
• Enforcement: Only the state attorney general can pursue legal action for violations.

Tech companies and venture capitalists claim the bill could hinder AI development, especially for open-source models, and create regulatory fragmentation. They prefer waiting for federal guidelines.

Governor Gavin Newsom has positioned California as a leader in AI adoption and regulation, though he warns against overregulation. Supporters of the bill emphasise the need for state-level action to avoid past mistakes with social media regulation delays. The proposal includes creating a state agency to oversee AI developers and establish best practices.

California lawmakers are also considering:

• Automation Discrimination: Measures to prevent AI bias in hiring and rental applications.
• Data Privacy for Minors: Restrictions on social media companies collecting and selling data of individuals under 18 without consent.

California's proactive stance on AI safety highlights the balance between innovation and regulation. As AI continues to evolve, staying informed on legislative developments is crucial for businesses and individuals alike.