Cybersecurity News Round-Up: Week of March 21, 2022

Hello and welcome to the GlobalSign blog!

It’s probably not much of a surprise, but this week many of the top stories revolve around ransomware. 

We begin with a new report from the Federal Bureau of Investigation (FBI)’s Internet Crime Unit, which says ransomware gangs breached the networks of at least 649 organizations from multiple US critical infrastructure sectors in 2021. The report on 2021 Internet Crime says the actual number of organizations that were impacted may be even higher since the FBI only started tracking such incidents last June. It should be noted the FBI did not include attacks in its statistics if the victims did not file a complaint with its Internet Crime Complaint Center (IC3). 

Ransomware group Lapsus$ has hit some big new targets — Microsoft and identity management company Okta. The criminal gang breached both companies in recent hacking sprees. Microsoft had some of its source code released after Lapsus$ compromised an account, but it says that the code isn’t sensitive. In Okta’s case, the company says attackers gained access to a support engineer’s laptop for five days in January. The incident resulted in the exposure of data for 366 of its customers. The newest hits on Microsoft and Okta come on the heels of Lapsus$ attacks on LG, Nvidia and Samsung. 

With Lapsus$ increasing its exposure via its successful hacks, cybersecurity researcher Brian Krebs has written this informative piece that takes a closer look at the group. 

Also this week, a new report from security monitoring and data analytics vendor Splunk says companies have just 42 minutes to mitigate ransomware attacks once encryption occurs. Because it’s such a limited amount of time, cybersecurity teams may not be able to respond quickly enough. According to Infosecurity, Splunk evaluated the speed at which 10 ransomware variants encrypt data to compile its report. In order of fastest first, the variants analyzed by Splunk were: LockBit; Babuk; Avaddon; Ryuk; REvil; BlackMatter; DarkSide; Conti; Maze; and Mespinoza (Pysa).

That’s a wrap for another busy week following all the events in cybersecurity. Have a great weekend and hope you visit our blog next week! 

Top Global Security News

Bleeping Computer (March 23, 2022) FBI: Ransomware hit 649 critical infrastructure orgs in 2021

The Federal Bureau of Investigation (FBI) says ransomware gangs have breached the networks of at least 649 organizations from multiple US critical infrastructure sectors last year, according to the Internet Crime Complaint Center (IC3) 2021 Internet Crime Report.

However, the actual number is likely higher given that the FBI only started tracking reported ransomware incidents in which the victim a critical infrastructure sector organization in June 2021.

Also, the FBI did not include attacks in its statistics if the victims did not file a complaint with the FBI’s Internet Crime Complaint Center (IC3).

“The IC3 received 649 complaints that indicated organizations belonging to a critical infrastructure sector were victims of a ransomware attack,” the FBI said [PDF]. “Of the 16 critical infrastructure sectors, IC3 reporting indicated 14 sectors had at least 1 member that fell victim to a ransomware attack in 2021.”

READ MORE 

Bloomberg News (March 23, 2022) Cyberwar or Not, Ransomware Is Still Rampant 

The world is bracing itself for a new level of cyberwarfare. But in the meantime, most hackers don’t need any geopolitical prodding.

A recent wave of auto-related breaches have wreaked havoc on businesses. Last week, Bridgestone confirmed that hackers had compromised internal systems in a February incident that investigators later determined was a ransomware attack. While the tire company said it restored access, the breach forced the temporary suspension of production at multiple factories in North and South America. It was the kind of increasingly common disruption with the ability to scramble global supply chains.

The intrusion at Bridgestone came around the same time that Toyota’s Japanese factories paused operations after a cyberattack on one of its suppliers. And in yet another incident, scammers breached the automotive supplier Denso, claiming to steal more than 157,000 purchase orders, emails and other company data, Reuters reported. 

READ MORE 

Infosecurity Magazine (March 23, 2022) Fastest Ransomware Encrypts 100k Files in Four Minutes

Network defenders have just 43 minutes to mitigate ransomware attacks once encryption has begun, a new study from Splunk has warned.

The security monitoring and data analytics vendor evaluated the speed at which 10 ransomware variants encrypt data to compile its report, An Empirically Comparative Analysis of Ransomware Binaries.

Using a controlled Splunk Attack Range lab environment, the firm executed 10 samples of each of the 10 variants on four hosts – two running Windows 10 and the other two running Windows Server 2019.

READ MORE 

Data Breach Today (March 22, 2022) Okta, Microsoft Confirm Breaches Connected to Lapsus$ Hack

Identity management company Okta and Microsoft have confirmed breaches by the Lapsus$ group, which has been on a high-profile hacking spree.

Microsoft saw some of its source code released after Lapsus$ compromised an account, but it says that the code isn’t sensitive. Okta says that attackers in January gained access to a support engineer’s laptop for five days, which resulted in the exposure of data for some of its customers.

Lapsus$ has been behind a number of recent incidents, including supposed breaches of LG, Nvidia and Samsung.

On Tuesday, images allegedly stolen from Okta appeared on a Telegram page apparently run by Lapsus$. Subsequently, however, Lapsus$ revised the contents of the page to instead claim that “we did not access/steal any databases from Okta – our focus was only on Okta customers.”

The crime group claimed to have gained “superuser/admin” access to multiple systems used by Okta.

READ MORE 

International Business Times (March 21, 2022) Anonymous Strikes Russia With Printer Attack That Disrupts Kremlin’s Propaganda 

Ever since declaring war against Russian President Vladimir Putin, Anonymous, the decentralized international activist and hacktivist collective, has continued to relentlessly hit the Kremlin with attacks that are undermining the country’s leadership and disrupting its narrative on the ongoing invasion of Ukraine. The latest is a printer hack, which allows the collective to send a message across the transcontinental country.

The details of the latest attack against Russia were shared by Anonymous on the micro-blogging site Twitter. “We have been printing anti-propaganda and tor installation instructions to printers all over #Russia for 2 hours, and printed 100,000+ copies so far. 15 people working on this op as we speak,” the tweet read.

International Business Times had the opportunity to talk to one of the hacktivists and they confirmed the hack.

READ MORE

Other Industry News

‘Serpent’ Backdoor Used in Malware Attacks on French Entities – Security Week

Background check company sued over data breach – Infosecurity

Canada’s National Research Council detects ‘cyber incident’, investigation underway – CTV News 

Researcher uses 379-year-old algorithm to crack crypto keys found in the wild – Ars Technica

The NRA confirms it was hacked last year – The Verge

‘Unique Attack Chain’ Drops Backdoor in New Phishing Campaign – Dark Reading

We are headed for an ecosystem of cyber have’s and have nots: Cisco Advisory CISO – ZDNet 

IoT Security and the Internet of Forgotten Things – Security Intelligence