Week of August 30th, 2024

Welcome to Your Cybersecurity Recap: a bite-sized weekly newsletter by cybersecurity enthusiasts, for cybersecurity enthusiasts.

Here are this week’s top takeaways:

FBI Issues Urgent Ransomware Warning

In an urgent joint advisory published yesterday, the U.S. Federal Bureau of Investigation (alongside the Cybersecurity and Infrastructure Security Agency) confirmed that organizations across almost every conceivable industry sector have been targeted by RansomHub ransomware-as-a-service actors.

The advisory, AA24-242A, states that the RansomHub ransomware operations have proven to be both efficient and successful despite only establishing itself this past February.

Formerly known as Cyclops and Knight, RansomHub appears to be a mounting threat because it quickly attracted criminal talent from well-known ransomware groups such as ALPHV and LockBit after law enforcement attention impinged upon its operations.

The FBI states that RansomHub, which adopts the now-standard double-extortion methodology of encrypting and exfiltrating data, has successfully targeted at least 210 organizations across key industries. The group is believed to be responsible for both the UnitedHealth Group ransomware attack and, more recently, the attack on the oil and gas services company Halliburton.

In general, ransomware has ignited crisis-level concerns for global businesses of all sizes. In recent years, the number of ransomware attacks has been exponentially increasing, and this trend is forecasted to continue over the next decade. In 2021 ransomware damages were estimated to be around $20 billion USD— an almost 60% increase above the recorded costs in 2015. Forecasted damages are expected to reach a staggering $250 billion USD by 2031. The number of ransomware attacks increased by 13% above 2020 and accounted for 25% of all successful cyber breaches.

Updates to Google's Chrome Vulnerability Reward Program

It's official: Google has made the decision to migrate from offering a single table view of rewards for reported vulnerabilities that have not been mitigated, and instead separate memory corruption flaws from the rest of the bugs. “This will allow us to better incentivize more impactful research in each area,” said Amy Ressler, a security engineer with the Chrome security team in an interview granted to Forbes, “and also reward for higher quality and more impactful reporting.”

This particularly impacts the memory corruption vulnerabilities area, which has seen a remodelling into four distinct categories:

1. A high-quality report with a clear demonstration of remote code execution through a functional exploit
2. A high-quality report demonstrating attacker-controlled write of arbitrary locations in memory
3. A high-quality report demonstrating memory corruption in Chrome
4. A baseline report consisting of a stack trace and proof of concept to evidence a trigger-able memory corruption in Chrome

Changes to the rewards themselves have also occurred. As an example, one particular type of reward for a MiraclePtr bypass has more than doubled from $100,115 to $250,128.

As first outlined in a 2022 Google security post, MiraclePtr is a technology that prevents the exploitation of use-after-free bugs. As such, any bypass is a grave matter, and this is reflected in the new bounty. As of Chrome 128, Ressler stated, “MiraclePtr-protected bugs in non-renderer processes are no longer considered security bugs. As such, MiraclePtr is considered a declarative security boundary.”

What are your thoughts regarding the changes to this rewards program?