Hello and welcome to our blog. This week there seems to be an abundance of stories involving the government in one way or another.
The biggest story of the week happened last weekend. This is when the hackers successfully compromised the Federal Bureau of Investigation (FBI) external mail system. The FBI said in a press release that fake emails were sent from its Law Enforcement Enterprise Portal system on Saturday, November 13 and were used to communicate with state and local authorities. Spam emails may have been sent to thousands of people and businesses with a warning of a non-existent cyber attack. Fortunately, “No actor has been able to access or compromise any data or (personally identifiable information) on the FBI network,” the office said. “Once we learned of the incident, we quickly fixed the vulnerability in the software, warned partners to ignore fake emails, and confirmed the integrity of our networks. As always, the great Brian Krebs breaks everything down here.
In other news …
On Monday, President Biden enacted a $ 1,000 billion infrastructure bill that includes nearly $ 2 billion for cybersecurity and related provisions. The biggest digital security funding is a Federal Emergency Management Agency e-grants program, administered in consultation with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, reportedly distributing $ 1 billion over four years to state and local governments. . An additional $ 21 million would go to the office of the national cybersecurity director.
Agencies that handle cybersecurity in the US, UK and Australia have accused the Iranian government of sponsoring cybercriminals who exploit Microsoft and Fortinet vulnerabilities specifically targeted at critical infrastructure. The governments of the three countries say that hackers try to take advantage of software flaws and that they are groups specializing in APTs – also known as advanced persistent threats – and have particularly focused on vulnerabilities to the software. within Fortinet.
Also this week, the UK’s National Cyber ​​Security Center announced that it has tackled a record number of UK cyber incidents over the past year, with ransomware attacks originating in Russia dominating its activities. The cybersecurity agency said it helped manage a 7.5% increase in cases in the year through August, fueled by the wave of hackers taking control of company data and requiring payment in cryptocurrency for their return.
Next, a hacking group claims to have accessed the entire database of people who crossed Belarusian borders, including alleged movements of KGB officers and Belarusian President Alexander Lukashenko himself. This incident may be linked to the ongoing political crisis in that country, where a group of hackers called Belarusian cyber-partisans carried out a series of attacks on government databases, in an attempt to help destabilize the diet. The group is made up of a number of tech professionals, most of them based outside Belarus.
In addition, New Zealand’s National Cyber ​​Security Center reported seeing a 15% year-over-year increase in cyber attacks against “nationally important†organizations in the country. More than 400 such incidents were recorded between July 1, 2020 and June 30, 2021, up from 352 a year earlier, according to the latest NCSC annual threat report.
It’s a wrap for the week. Have a good week-end!
Top Global Industry News
Cyberscoop (November 17, 2021) Iranian Government-Backed Hackers Target Critical Infrastructure with Ransomware, US Says
“Cyber ​​agencies in the US, UK and Australia on Wednesday accused Iranian government-sponsored hacking groups of exploiting vulnerabilities in Microsoft and Fortinet this year in a bid to deploy ransomware against critical infrastructure.
Hackers are interested in taking advantage of known software flaws where they can, the agencies said. In March, May and June, the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency saw Iranian “advanced persistent threat” groups take advantage of vulnerabilities in Fortinet, in a case for a server associated with a municipal government American and in another involving networks associated with an American hospital focused on child care.
In October, hackers relied on a vulnerability in Microsoft Exchange ProxyShell “to gain initial access to systems before follow-up operations,†the subject of another recent CISA alert. “
The Guardian (November 17, 2021) UK battles hacking epidemic as Russian ransomware attacks increase
“The National Cyber ​​Security Center (NCSC) said it has tackled a record number of cyber incidents in the UK over the past year, with ransomware attacks originating in Russia dominating its activities. The cybersecurity agency said it helped tackle a 7.5% increase in cases in the year through August, fueled by the wave of hackers taking control of the data from the business and demanding payment in cryptocurrency for their return.
Paul Chichester, COO, said “ransomware has certainly dominated for a significant part of the year” and the hacking epidemic has gone “global as a story in the past 12 months.”
Hackers, based in Russia or neighboring Russian-speaking territories, have successfully targeted organizations such as the London Borough of Hackney and famous UK jeweler Graff over the past year.
Portswigger (November 17, 2021) Belarusian hackers claim to have accessed the entire database of those crossing the country’s borders
As international tension mounts over authoritarian Belarusian rule, hacking group claims to have accessed the comprehensive database of those crossing the country’s borders, including alleged movements of KGB officers and the president Alexander Lukashenko himself.
Belarus was plunged into crisis last year after the August presidential election gave Lukashenko a landslide victory. As the opposition cried foul, massive protests erupted across the country, triggering thousands of arrests.
Since then, a group of hackers called the Belarusian Cyber ​​Partisans have carried out a series of attacks on government databases, in an attempt to help destabilize the regime. The group is made up of a number of tech professionals, most of them based outside Belarus itself. “
The daily beast (November 17, 2021) Wait, the FBI got a beef hack with a guy named Vinny?
“To hack into an FBI messaging system, it takes a lot of motivation, even more technical skills and, maybe, a dash of humor.
Over the weekend, someone – or someone’s team – compromised an FBI messaging system and sent a flurry of fake messages to state and local law enforcement about an alleged cyberattack. But instead of trying to wreak havoc, the purpose of the hack appears to have been to troll one particular information security official: Vinny Troia, founder and head of security research at Shadowbyte.
At least that’s the version of Troia.
Portswigger (November 16, 2021) Cyberattacks infiltrating critical New Zealand networks are skyrocketing
“New Zealand’s National Cyber ​​Security Center (NCSC) has observed a 15% year-over-year increase in cyber attacks against organizations ‘of national importance’ in the country.
More than 400 such incidents were recorded between July 1, 2020 and June 30, 2021, up from 352 a year earlier, according to the NCSC’s latest annual threat report, released today (November 16).
Even more alarmingly, the proportion of these incidents that have reached the post-compromise stage – where threat actors manage to gain access and laterally move through networks or cause victim damage – has more than doubled, from 15% to 33%.
Beeping computer (November 15, 2021) 7 million Robinhood user email addresses for sale on the hacker forum
“The data of about 7 million Robinhood customers stolen in a recent data breach is sold on a popular hacking forum and marketplace.
Robinhood last week exposed a data breach after an employee was hacked, and the threat actor used his account to access information from around 7 million users through customer support systems. .
Cyberscoop (November 16, 2021) Biden signs infrastructure bill that provides nearly $ 2 billion for cybersecurity
“President Joe Biden signed a $ 1 trillion infrastructure bill on Monday, which includes nearly $ 2 billion for cybersecurity and related provisions.
The biggest digital security funding is a Federal Emergency Management Agency e-grants program, administered in consultation with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, reportedly distributing $ 1 billion over four years to state and local governments. . An additional $ 21 million would go to the office of the national cybersecurity director, which has been unable to hire keys since its inception earlier this year due to funding shortages.
Overall, the legislation – known as the Infrastructure Investment and Jobs Act – is “the greatest investment in the resilience of physical and natural systems in American history,” boasted the White House, a investment that “makes our communities safer and our infrastructure more resilient.” to the impacts of climate change and cyber attacks.
Other industry news
Ohio hospital faces sixth day of EHR shutdown after cyberattack
Someone Slipped a Card Skimmer into Costco to Steal Buyer’s Data – Wired
The 2021 law on secure equipment is enacted – RCR Wireless
Microsoft warns of surge in contraband HTML phishing attacks – Bleeping Computer
Russian national charged with laundering Ryuk ransoms – BankInfoSecurity
Dark web crooks now teach botnet-building classesZDNet
Ransomware fueled record year for UK cyber response – Cyberscoop
US Department of Education urged to strengthen K-12 schools’ ransomware defenses – Bleeping Computer
AG Ferguson: Washington State sees massive increase in reported data breaches – Lexology
