Costa Rican government held back by ransomware…again • The Register


In short Last month, the notorious Russian ransomware gang Conti threatened to overthrow the Costa Rican government if a ransom was not paid. This month, another gang of extortionists attacked the nation.

Fresh from a Conti intrusion last month, Costa Rica was attacked by the Hive ransomware gang. According According to the AP, Hive hit Costa Rica’s social security system, as well as the country’s public health agency, which had to shut down its computers on Tuesday to prevent the spread of a malware outbreak.

The Costa Rican government said at least 30 of the agency’s servers were infected and its attempt to shut down the systems to limit the damage appears to have failed. Hive is now asking for $5 million in Bitcoin to unlock infected systems.

Hive and Conti were not known to act together in any way, but Emsisoft ransomware analyst Brett Callow told the AP that there was likely somebody coordination between the two groups.

“Conti has likely partnered with other ransomware operations as it has become increasingly difficult for them to collect payments since declaring their support for Russia and threatening attacks on US critical infrastructure” , Callow said. If it’s not Conti himself, who recently tried to divert attention by rebranding, it could be Wizard Spider, the Russia-linked crime-as-a-service gang believed to be behind Conti. , Ryuk and Trickbot.

Ransomware attacks have become 94.34% faster since 2019

Speaking of digital extortionists, an IBM X-Force analysis of ransomware attacks between 2019 and 2021 found that the average time from initial access to ransomware deployment went from 1,600 hours – over two months – to only 3.85 days.

IBM said most ransomware attacks begin with an Initial Access Broker (IAB) breaking into a system and selling its access. And he singled out Conti, along with his TrickBot malware, as one of the main IABs responsible for increasing the attack speed of ransomware.

“The TrickBot attack path to Ryuk resulted in a 90% increase in ransomware attacks investigated by X-Force Incident Response in 2019,” IBM observed in The report of its findings.

The ZeroLogon vulnerability was the main driver behind the increase in speed and effectiveness of ransomware in 2020, IBM said. That year, the average time dropped to 9.5 days from initial access to ransomware deployment.

To make matters worse, it doesn’t appear that ransomware actors are developing new tools – they’re just getting better at using the ones they have. Instead of innovating, IBM said, rapid attacks are “due to the operationalization of ransomware attacks within ransomware affiliates and their execution against organizations that have not yet implemented protection solutions , detection and response designed to combat the threat of ransomware”.

In other words, patch your systems, back everything up regularly, and verify backups.

CISA warns Dominion voting machines riddled with vulnerabilities

A early leak of a U.S. Cybersecurity and Infrastructure Security Agency (CISA) advisory to state election officials warns of nine separate vulnerabilities in Dominion voting machines used in 16 states.

The search was being conducted in a case unrelated to former President Donald Trump’s false claims that Dominion voting machines were part of an election theft plot that cost him the 2020 contest.

CISA said there was no evidence to suggest the vulnerabilities had been exploited, and University of Michigan computer scientist Alex Halderman, who conducted the research, confirmed this – although he noted that the data was outside the scope of his project.

The CISA memo includes remediation steps for all nine vulnerabilities, including one that requires physical access but could spread malware between machines and allow an attacker to tamper with access cards used by technicians to service machines .

Halderman told the AP that the vulnerabilities would be difficult for someone on the street to exploit — but that doesn’t mean they aren’t dangerous. “[The vulnerabilities] are things that we should be concerned about being exploited by sophisticated attackers, such as hostile nation states, or election insiders, and having very serious consequences,” Halderman said.

Dominion has defended its machines to the AP as both accurate and secure, and officials at all levels of the US federal and state governments have said there is no evidence to support claims of voter fraud. widespread in 2020.

Illinois residents awarded $100 million on Google for privacy

If you live in the prairie state and use Google Photos, the ad giant might have some money for you after settling a class action lawsuit.

According to settlement website, if Illinois residents used the Photos service between May 1, 2015 and April 25, 2022, they could win a piece of the $100 million pie. A class action lawsuit claimed the chocolate factory stored biometric data about residents, in violation of the state’s strict data laws, and Google wants it gone.

Google does not admit any wrongdoing under the settlement. It got off much easier than Facebook, which in 2020 agreed to pay $550 million for claiming it broke strict state rules. Biometric Information Protection Actintroduced in 2008. An attempt to gut the law by a local Democratic politician failed in 2016 and residents can now reap the benefits.

The final nail in the Webmail RCE flaw in a languishing groupware project

A group of Sonar R&D security researchers found a serious defect in Horde Webmail that an attacker could exploit to take full control of a vulnerable instance. The solution? Ditch Horde, say the researchers.

This is a serious bug, and it’s one an attacker can execute with nothing but an email and an externally hosted image file containing malicious code. All a victim needs to do to activate the attack is open the message.

The vulnerability exists in the default configuration of Horde Webmail, and researchers said it could be exploited without any knowledge of the targeted instance. Johannes Dahse, R&D Manager Sonar said that there are over 3,000 Horde instances exposed online.

So what exactly did the developers of Horde miss? Type checking. It turns out that when Horde Webmail loads a user’s address book, it looks for a bit of user information specifying the address book to fetch, and it’s supposed to be a string.

“However, there is no type checking in place that would prevent an attacker from passing an array as a parameter and providing a fully controlled configuration,” Sonar said.

Horde didn’t seem to keep up with their Webmail project. Although many of the organization’s Github repositories have been updated over the past few days, its Webmail Project has not been touched since 2019.

Sonar’s disclosure schedule also reveals the priority of the project. He said the Horde took a month to acknowledge the report, which the researchers wrote in early February, but has yet to issue a fix.

80% of businesses phished by hacked vendors – every month

A report on the human factor in cybersecurity incidents by Proofpoint found that more than 80% of organizations experience an attack from a compromised vendor account within a month.

The report covers a wide range of cybersecurity statistics regarding how hackers target and exploit humans, who are arguably much easier to hack than computers. Along with some interesting attack data, it also highlights just how widespread and successful phishing and other social engineering attacks are.

In total, 20% of people targeted by a malicious attachment opened it, 11% of those sent a link clicked on it, and 4% intentionally entered data into malicious forms. In the past year, more than 20 million messages attempted to deliver malware linked to a ransomware attack, according to the report. That’s a lot of successful attacks that worked because they were targeting humans.

Proofpoint’s report also found that highly privileged users were disproportionately targeted, accounting for nearly 50% of the severe attack risk an organization faces despite representing just 10% of the workforce. The report also found that departments dealing with sensitive information, such as finance, human resources and legal, are attacked more often than those with fewer organizational privileges.

“Most cyberattacks can only succeed if someone falls in love with them,” the report asserts. Verizon said in its data breach investigation report last week that humans were behind 82% of breaches. ®


Comments are closed.