Aqua identified numerous high-profile targets, including organizations such as Google and Lyft
Monthly Archives: June 2023
Excel Data Forensics
In this detailed article about academic plagiarism are some interesting details about how to do data forensics on Excel files. It really needs the graphics to understand, so see the description at the link.
(And, yes, an author of a paper on dishonesty is being accused of dishonesty. There’s more evidence.)
NSA Releases Guide to Mitigate BlackLotus Bootkit Infections
Microsoft patched exploited boot loader flaw but did not revoke trust in unpatched loaders
Pilot data of American Airlines and Southwest stolen in data breach
A cybersecurity incident at a third-party vendor has impacted the personal information of pilots of at least two US airlines, including American Airlines and Southwest Airlines.
Personal information, including name and social security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification numbers were compromised, according to breach notification of the airlines.
Blacktail: Unveiling the tactics of a notorious cybercrime group
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
In recent months, a cybercrime group known as Blacktail has begun to make headlines as they continue to target organizations around the globe. The group was first spotted by the Unit 42 Team at Palo Alto Networks earlier this year. Since February, the group has launched multiple attacks based on their latest ransomware campaign labeled Buhti.
An interesting detail about the organization is that they do not make their own strains of malware. Rather, they opt to repurpose pre-existing strains to achieve their end goal of monetary gain. Two of the most popular tools that have been used by the cybercrime group are LockBit 3.0 for targets using Windows OS and Babuk for targets using Linux OS. Both LockBit 3.0 and Babuk are strains of ransomware that encrypt files on a victim’s machine and demand payment in exchange for decrypting the files. These tools allow Blacktail to operate using a RaaS (ransomware as a service) model which falls in line with their goal of monetary gain.
Lockbit 3.0 is the latest version of the Lockbit ransomware which was developed by the Lockbit group in early 2020. Since its launch it has been linked to over 1400 attacks worldwide. This has led to the group receiving over $75 million in payouts. This ransomware is most distributed through phishing attacks where the victim clicks on a link which starts the download process.
Babuk is a ransomware that was first discovered in early 2021. Since then, it has been responsible for many cyber-attacks that have been launched against devices using Linux OS. This strain of ransomware serves a similar purpose to Lockbit 3.0 and its main purpose is to compromise files on a victim’s machine and make them inaccessible until the ransom is paid.
Recently, this group has been seen leveraging two different exploits. The first is CVE-2023-27350 which allows attackers to bypass the authentication required to utilize the Papercut NG 22.05 on affected endpoints. They leverage this vulnerability to install programs such as Cobalt Strike, Meterpreter, Sliver, and ConnectWise. These tools are used to steal credentials and move laterally within the target network. The second vulnerability, CVE-2022-47986, which affects the IBM Aspera Faspex File Exchange system allows attackers to perform remote code execution on the target devices.
Blacktail represents a significant threat in the world of cybercrime, employing a wide range of sophisticated methods to attack its victims. From phishing and social engineering to ransomware campaigns and APT attacks, their tactics demonstrate a high level of expertise and organization. To counter such threats, individuals, businesses, and governments must prioritize cybersecurity measures, including robust firewalls, regular software updates, employee training, and incident response plans. The fight against cybercrime requires constant vigilance in order to stay one step ahead of the attackers.
Reference:
Companies Call for Changes to UK’s Cyber Essentials Scheme
How CISOs can balance the risks and benefits of AI
The rapid pace of change in AI makes it difficult to weigh the technology’s risks and benefits and CISOs should not wait to take charge of the situation. Risks range from prompt injection attacks, data leakage, and governance and compliance.
All AI projects have these issues to some extent, but the rapid growth and deployment of generative AI is stressing the limits of existing controls while also opening new lines of vulnerability.
If market research is any indication of where the use of AI is going, CISOs can expect 70% of organizations to explore generative AI driven by the use of ChatGPT. Nearly all business leaders say their company is prioritizing at least one initiative related to AI systems in the near term, according to a May PricewaterhouseCoopers’ report.
The CISO’s toolkit must include political capital within the C-suite
Over the past 18 months, there has been a bit of a sea change in the chief information security officer (CISO) role. Fundamentally, the CISO is the individual who is responsible for the protection of an entity’s information.
The US Securities and Exchange Commission (SEC) has issued a proposed rule change on cybersecurity risk management, strategy, governance, and incident response disclosure by public companies that requires publicly traded companies to provide evidence of the board’s oversight of cybersecurity risk. Couple this with the former CSO of Uber being found guilty on charges of “obstruction of the proceedings of the Federal Trade Commission” and it is clear the hand at the helm must be able to navigate all types of seas in their entity’s political milieu. In this regard, the CISO needs to acquire political capital.