CISA asks for feedback on reporting rules
Back in March, President Biden signed a new law requiring critical infrastructure owners and operators to report major cyberattacks to CISA within 72 hours and ransomware within 24 hours. CISA Director Jen Easterly said officials will formally begin asking industry leaders for feedback on the regulatory structure for this reporting “in the next couple of days.” The agency will use the feedback to better understand what’s going on in private industry ecosystems to build an effective regulatory apparatus. Easterly emphasizes she wants a “consultative” rule-making process.
New Linux-focused malware targets IoT
Researchers at AT&T Alien Labs detailed the new malware, dubbed Shikitega. This uses a unique multistate infection chain using a series of modules. These modules each serve a specific purpose in the infection chain, along with downloading and executing the next one. It uses a polymorphic encoder to avoid antivirus detection and uses legitimate cloud services for C2 servers. The chain ends with a full device takeover and the installation of the XMRig cryptominer. Alien Labs says this demonstrates the overall rise in Linux-based malware over the last 12-months, up 650% on the year.
Albania cuts diplomatic ties over cyberattack
Albania’s Prime Minister Edi Rama said the country cut diplomatic ties with Iran, citing a major cyberattack in July that shut down several government services and websites. This marks the first time a nation severed diplomatic ties directly over such an incident. A group referred to as “HomeLand Justice” took credit for the attack. Rama said an investigation found “undeniable evidence” that the attack “was orchestrated and sponsored by the Islamic Republic of Iran.” The security firm Mandiant expressed “moderate confidence” the attackers acted in support of Teharn’s anti-dissident efforts.
Twitter will face Mudge allegations in lawsuit
In the latest update to Twitter’s lawsuit against Elon Musk, the billionaire got both good and bad news. Delaware Chancellor Kathaleen St. Jude McCormick denied Elon Musk’s attempt to push back the October trial date for Twitter’s lawsuit, saying Twitter would be unduly harmed in a delay. However she said that Musk should be granted a wide latitude to amend claims before the start of the trial, including incorporating claims made by Twitter’s former security chief Peiter Zatko. The two sides must negotiate to allow for “limited” discovery of Zatko’s documents in the case.
Thanks to today’s episode sponsor, Snyk
Hotel group discloses cyberattack
In a filing with the London Stock Exchange, InterContinental Hotels Groups disclosed “parts of the company’s technology systems have been subject to unauthorized activity.” This began on September 5th and was described as “ongoing.” Customers attempting to book rooms or access rewards saw a maintenance message on hotel sites. Messaging around the attack suggests ransomware. There’s no indication the attack compromised guest data at this time. InterContinental Hotels Group oversees many hotel brands including InterContinental, Crowne Plaza, and Holiday Inn.
ISPs drop lawsuit against Maine privacy law
Back in 2019, Maine passed an internet privacy law. This required internet service providers to obtain opt-in approval before they could use, disclose, sell or provide access to customers’ personal information. A group of industry associations representing ISPs filed a lawsuit in February 2020 on First Amendment grounds. A judge had already dismissed the First Amendment argument last year, but the industry group had still been involved in legislation challenging the law. Now, Maine Attorney General Aaron Frey announced that the group filed to dismiss its lawsuit challenging the state’s internet privacy law.
KillNet strikes Japanese government sites
The Russian-affiliated group claimed credit for a series of cyberattacks across Japan, hitting several companies as well as 20 sites across four government agencies. The Japanese government said it began investigating if a denial-of-service attack took down the sites. It didn’t confirm KillNet’s involvement in recent outages at its e-Gov portal. Security researchers at Check Point Software believe KillNet caused these outages, saying it lines up with Japan’s support for Ukraine in its ongoing conflict with Russia. If true, this follows other attacks by KillNet impacting Italy, Lithuania, Estonia, Poland and Norway.
Cisco passes on patching end-of-life routers
Cisco issued a security advisory, warning that it will not patch a zero-day on its RV110W, RV130, RV130W, and RV215W routers, as they have reached end of life. The company last sold these routers on December 2, 2019. The flaw results from a faulty password validation algorithm that could be used to log into a VPN using “crafted credentials” with IPSec VPN Server enabled. This could ultimately allow the attack to gain admin privileges. Cisco found no evidence of the flaw in the wild, and didn’t find any proof-of-concept exploits.