Hi, everybody - Chad here. In case you missed it, today is Wednesday; not Tuesday. Good news: here’s your weekly Security Wrap-Up. Bad news: I officially need a new router. Once again, some pretty troubling stories in our little world this week. Here’s a peek at a few doozies:
LockBit ransomware recruiting insiders to breach corporate networks
In ransomware news, the LockBit 2.0 ransomware gang seems to be actively recruiting corporate insiders to help them breach/encrypt networks. In return, they’re promising the insider payouts of one million dollars. Various ransomware gangs operate as a Ransomware-as-a-Service organization, which consists of a core group of devs who maintain the ransomware and payment sites and recruited affiliates who breach victims’ networks and encrypt devices. While this kind of tactic sounds like a long-shot, it’s not the first time threat actors attempted to recruit an employee to encrypt their company’s network (nor will it be the last). In August 2020, the FBI arrested a Russian national for attempting to recruit a Tesla employee to plant malware on the network of Tesla’s Nevada Gigafactory.
The State Department and 3 other US agencies earn a “D” for cybersecurity
In some pretty unsettling news, a recent US Senate Committee report has revealed that cybersecurity at eight federal agencies is so poor that half of them earned grades of D (three got Cs, and only one received a B). This week’s report, titled Federal Cybersecurity: America’s Data Still at Risk , analyzed security practices by the same eight agencies they analyzed in 2020 (including the Social Security Administration and the Departments of Homeland Security, State, Transportation, Housing and Urban Development, Agriculture, Health and Human Services, and Education). It found that only one agency had earned a grade of B for its cybersecurity practices last year. That’s not great.
Auditors found that State Dept. systems, often operated without required authorizations, ran software (including Microsoft Windows) that was no longer supported, and failed to install security patches in a timely manner. If only there were some way to automate those updates…
Security researchers warn of TCP/IP stack flaws in operational technology devices
The security of our industrial control systems terrifies me. Right before quarantine happened, I read Lights Out by Ted Koppel, which details the antiquated, vulnerable state of the devices controlling our power grid(s). Vulnerabilities in the communications protocols used by these industrial control systems could allow bad actors to tamper with/disrupt services, as well access data on the network. In this case, the vulnerabilities relate to TCP/IP stacks - communications protocols commonly used in connected devices - in NicheStack, used throughout operational technology (OT) and industrial infrastructure. All versions of NicheStack before version 4.3, including NicheLite, are affected by the vulnerabilities
Ransomware Volumes Hit Record Highs as 2021 Wears On
Oh, good…more ransomware news! Incidents of ransomware have already seen a significant increase in 2021, with global attack volume growing by 151% for the first half of the year, as compared with the year-ago half. Meanwhile, the FBI has warned that there are now 100 different strains of ransomware circulating around the world.
If you like numbers that make you queasy, there had already been 304.7 million attempted attacks within SonicWall Capture Labs’ telemetry. To put that in perspective, the firm logged 304.6 million ransomware attempts for the entirety of 2020. The top three ransomware strains seen in the wild by the firm are Ryuk, Cerber and SamSam, according to the report from SonicWall.