Cyber Security Headlines – December 27, 2021

Rook ransomware is yet another spawn of the leaked Babuk code

A new ransomware operation named Rook has appeared recently on the cyber-crime space, declaring a desperate need to “make a lot of money” by breaching corporate networks and encrypting devices. The Rook ransomware payload is usually delivered via Cobalt Strike, with phishing emails and shady torrent downloads being reported as the initial infection vector. SentinelLabs has found numerous code similarities between Rook and Babuk, a defunct RaaS that had its complete source code leaked on a Russian-speaking forum in September 2021, including using the same API calls to retrieve the name and status of each running service and the same functions to terminate them.

(Bleeping Computer)

Russia fines Google $100m over “illegal” content

A Russian court issued the $100m financial penalty on Friday in response to Google’s alleged “systematic failure to remove banned content.” Although the financial penalty is the largest fine of its kind ever to be issued by a Russian court, it reportedly represents a mere 6.7% of the money Google made in Russia last year. Russian journalist Alexander Plushev speculated on social media that Friday’s markedly more significant fine “may indicate that the political decision to expel Western services from Russia has been made.” Google has been given ten days to appeal against the penalty. The company’s press service said it would decide whether to appeal after studying the court documents.

(Infosecurity)

Fake Christmas Eve termination notices used as phishing lures

A phishing campaign using a well-known malware family is employing a pair of particularly devious methods to trick targets into opening an infected file: fake employee termination notices and phony omicron-variant exposure warnings. The suspicious email told the target that their employment would cease as of Dec. 24, and that the decision was not reversible. An attached password-protected Excel file promised additional details. The emails deployed Dridex malware which would be downloaded to the victim’s computer from a Discord server, and begin stealing credentials.

(Cyberscoop)

BLISTER malware slips in unnoticed on Windows systems

Security researchers have uncovered a malicious campaign that relies on a valid code-signing certificate to disguise malicious code as legitimate executables. One of the payloads that the researchers called Blister, acts as a loader for other malware and appears to be a novel threat that enjoys a low detection rate. The threat actor behind Blister has been relying on multiple techniques to keep their attacks under the radar, the use of code-signing certificates being only one of their tricks. Whoever is behind Blister malware has been running campaigns for at least three months, since at least September 15, security researchers from Elastic search company found. The threat actor used a code-signing certificate that is valid from August 23, though. It was issued by digital identity provider Sectigo for a company called Blist LLC with an email address from a Russian provider Mail.Ru.

(Bleeping Computer and Elastic Security)

Thanks to our episode sponsor, Lookout

Complexity is the enemy of security. With an integrated Zero Trust platform, Lookout makes things simple. Whether data is on employees’ smartphones or in the cloud, Lookout enables organizations to protect sensitive information no matter where it goes. Discover why IDC named the Lookout CASB a major player in its latest MarketScape at lookout.com/idc.

Ubisoft reveals player data breach came from user error

Ubisoft has admitted that data on some players may have been taken after a breach of its IT systems stemming from human error. The French gaming giant explained in a brief post that the misconfiguration of its IT infrastructure was quickly identified, but not before unauthorized individuals were able to access and perform a “possible copy” of the information. Data stolen related to players of the wildly popular Just Dance game.

(InfoSecurity Magazine)

Bluetooth-using home COVID test was cracked to fake results

Security vendor F-Secure has faked a COVID test result on a Bluetooth-equipped home COVID Test. The firm tested the Ellume COVID-19 Home Test, a device selected specifically because it uses a “Bluetooth connected analyzer for use with an app on your phone.” Faked data produced by Ellume unit was happily ingested by an outfit named Azova that certifies the results of COVID tests so that travelers can enter the USA. F-Secure’s post details a test in which one of its staff used the Ellume device to test for COVID, produced a negative result, but used the methods above to falsify the results. According to The Register, the vendor since fixed the device.

(The Register)

Capital One to pay $190M settlement in data breach

Capital One Financial agreed to pay $190 million to settle a class-action lawsuit that customers filed against the firm after a hacker — purportedly a Seattle woman who had held a day job with Amazon Web Services — broke into its cloud-computing systems and stole their personal information. In July 2019, Capital One announced data from about 100 million people in the U.S. was illegally accessed. Federal authorities ultimately arrested Paige A. Thompson, a former Amazon cloud employee living in Seattle, for breaking into the bank’s server. While Capital One and AWS deny all liability, they chose to resolve the claims the interest of avoiding the time, expense and uncertainty of continued litigation.

(Seattle Times)

Jack Dorsey blocked on Twitter by Marc Andreessen

The block comes after Dorsey criticized certain corners of the venture capital industry and made several specific remarks about the firm Andreessen co-founded, Andreessen Horowitz. This week, Dorsey has expressed multiple views on “Web3” — a potential new decentralized version of the internet based on blockchain. Perhaps most notably, the entrepreneur said Web3 would be owned by rich VCs like Andreessen instead of “the people”. Andreessen was the co-inventor of the first widely used, point-and-click web browser, which eventually became Netscape.

(CNBC)