Home » Security Bloggers Network » Cybersecurity News Round-Up: Week of November 15, 2021

Cybersecurity News Round-Up: Week of November 15, 2021

by Blog Feed on November 19, 2021

Cybersecurity News Round-Up: Week of November 15, 2021

November 19, 2021
Amy Krigman

Hello and welcome back to our blog. This week, there seems to be an abundance of stories that involve government in some way.

The biggest story of the week actually took place last weekend. That is when hackers were able to compromise the Federal Bureau of Investigation’s (FBI) external email system. The FBI said in a statement that fake emails were sent from its Law Enforcement Enterprise Portal system on Saturday, November 13th and were used to communicate with state and local officials. The spam emails may have been sent to thousands of people and companies with a warning of a non-existent cyberattack. Fortunately, “No actor was able to access or compromise any data or (personally identifiable information) on FBI’s network,” the bureau said. “Once we learned of the incident we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.” As always, the great Brian Krebs’ breaks it all down here.

In other news…

Sponsorships Available

On Monday, President Biden signed a $1 trillion infrastructure bill into law that includes nearly $2 billion for cybersecurity and related provisions. The biggest piece of digital security funding is a Federal Emergency Management Agency cyber grant program, administered in consultation with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, that would distribute $1 billion over four years to state and local governments. An additional $21 million would go toward the Office of the National Cyber Director.

Agencies that handle cyber security in the US, the UK, and Australia accused the Iranian government of sponsoring cybercriminals who have been exploiting Microsoft and Fortinet vulnerabilities specifically targeted at critical infrastructure. The governments of all three countries say hackers are attempting to take advantage of software flaws, and that these are groups who specialize in APTs – also known as advanced persistent threats – and have focused especially on vulnerabilities within Fortinet.

Also this week, the UK’s national cyber security center announced it has tackled a record number of cyber incidents in the UK over the last year, with ransomware attacks originating from Russia dominating its activities. The cybersecurity agency said it had helped manage a 7.5% increase in cases in the year to August, fueled by the surge of criminal hackers seizing control of corporate data and demanding payment in cryptocurrency for its return.

Then, a hacking group claims to have accessed the entire database of people who have crossed borders of Belarus — including the alleged movements of KGB officers and Belarus president Alexander Lukashenko himself. This incident may be tied to the ongoing political crisis in that country, where a group of hackers called the Belarus Cyber-Partisans has carried out a series of attacks on government databases, which are aimed at helping to destabilize the regime. The group is made up of a number of tech professionals, mostly believed to be based outside Belarus itself.

Also, New Zealand’s National Cyber Security Centre announced it has observed a 15% year-on-year jump in cyber-attacks against the country’s “nationally significant” organizations. More than 400 such incidents were recorded between July 1, 2020, and June 30, 2021, up from 352 a year earlier, according to the NCSC’s latest annual threat report.

That’s a wrap for the week. Have a great weekend!

Top Global Industry News

Cyberscoop (November 17, 2021) Iranian government-backed hackers target critical infrastructure with ransomware, US says

“U.S., U.K. and Australian cyber agencies on Wednesday accused Iranian government-sponsored hacking groups of exploiting Microsoft and Fortinet vulnerabilities this year in a bid to deploy ransomware against critical infrastructure.

The hackers are interested in taking advantage of known software flaws where they can, the agencies said. The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency in March, May and June saw Iranian ‘advanced persistent threat’ groups capitalizing on Fortinet vulnerabilities, in one case for a server associated with a U.S. municipal government and in another involving networks associated with a U.S.-based hospital focused on children’s care.

In October the hackers relied on a Microsoft Exchange ProxyShell vulnerability ‘to gain initial access to systems in advance of follow-on operations,’ the subject of another recent CISA alert.”

The Guardian (November 17, 2021) UK fighting hacking epidemic as Russian ransomware attacks increase

“The National Cyber Security Centre (NCSC) said it tackled a record number of cyber incidents in the UK over the last year, with ransomware attacks originating from Russia dominating its activities. The cybersecurity agency said it had helped deal with a 7.5% increase in cases in the year to August, fueled by the surge of criminal hackers seizing control of corporate data and demanding payment in cryptocurrency for its return.

Paul Chichester, director of operations, said that ‘ransomware has certainly dominated a significant portion of year’ and that the hacking epidemic had become “global as a story in the last 12 months”.

Criminal hackers, based in Russia or in nearby Russian speaking territories, successfully targeted organisations such as the London borough of Hackney and the celebrity jeweller Graff in the UK in the past year.”

Portswigger (November 17, 2021) Belarusian hackers claim to have accessed full database of those crossing the country’s borders

“As international tension ratchets up over Belarus’s authoritarian regime, a hacking group claims to have accessed the full database of those crossing the country’s borders, including the alleged movements of KGB officers and president Alexander Lukashenko himself.

Belarus was plunged into crisis last year after the presidential election in August gave Lukashenko a landslide victory. As the opposition cried foul, massive protests broke out across the country, triggering thousands of arrests.

Since then, a group of hackers called the Belarus Cyber-Partisans has carried out a series of attacks on government databases, with the aim of helping to destabilize the regime. The group is made up of a number of tech professionals, mostly believed to be based outside Belarus itself.”

The Daily Beast (November 17, 2021) Wait—The FBI Got Hacked Over a Beef With a Guy Named Vinny?

“To hack an FBI email system, it takes a lot of motivation, even more technical skill, and, perhaps, a dash of humor.

Over the weekend, someone—or a team of someone’s—compromised an FBI email system and sent out a flurry of bogus messages to state and local law enforcement about a supposed cyberattack. But instead of trying to wreak havoc, the purpose of the hack seems to have been to troll one particular information security executive: Vinny Troia, the founder and head of security research at Shadowbyte.

At least, that’s Troia’s version.”

Portswigger (November 16, 2021) Number of cyber-attacks infiltrating critical New Zealand networks soars

“New Zealand’s National Cyber Security Centre (NCSC) has observed a 15% year-on-year jump in cyber-attacks against the country’s ‘nationally significant’ organizations.

More than 400 such incidents were recorded between July 1, 2020, and June 30, 2021, up from 352 a year earlier, according to the NCSC’s latest annual threat report, published today (November 16).

More alarmingly still, the proportion of these incidents that reached the post-compromise stage – where threat actors manage to access and move laterally through networks or otherwise cause the victim harm – more than doubled, from 15% to 33%.”

Bleeping Computer (November 15, 2021) 7 million Robinhood user email addresses for sale on hacker forum

“The data for approximately 7 million Robinhood customers stolen in a recent data breach are being sold on a popular hacking forum and marketplace.

Last week, Robinhood disclosed a data breach after one of its employees was hacked, and the threat actor used their account to access the information for approximately 7 million users through customer support systems.”

Cyberscoop (November 16, 2021) Biden signs infrastructure bill that provides nearly $2 billion for cybersecurity

“Presdent Joe Biden signed a $1 trillion infrastructure bill into law on Monday that includes nearly $2 billion for cybersecurity and related provisions.

The biggest piece of digital security funding is a Federal Emergency Management Agency cyber grant program, administered in consultation with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, that would distribute $1 billion over four years to state and local governments. An additional $21 million would go toward the Office of the National Cyber Director, which has been unable to make key hires since being established earlier this year due to funding shortages.

In all, the legislation — known as the Infrastructure Investment and Jobs Act — is ‘the largest investment in the resilience of physical and natural systems in American history,’ the White House boasted, one that ‘makes our communities safer and our infrastructure more resilient to the impacts of climate change and cyber-attacks.’”