Cyber Security Headlines: DoppelPaymer disrupted, EPA warns about water security, rising cloud exploitation

Police disrupt DoppelPaymer

Europol announced that law enforcement in both Germany and Ukraine coordinated to take down core members of the ransomware organization. This saw multiple raids across the two countries in February, leading to the arrest of two targeted individuals. German police believe DoppelPaymer’s ransomware operations use five core members to maintain infrastructure and handle negotiations. Police issued warrants for the other three named members, all of which show some connection to Russia. DoppelPaymer emerged on the ransomware scene in 2019. Europol reports it found 37 confirmed attacks on organizations by the group. US victims paid an estimated $42.4 million between May 2019 and March 2021. 

(Bleeping Computer)

EPA releases cybersecurity notice for water systems

The US Environmental Protection Agency released an advisory warning that water systems in the US are increasingly vulnerable to cyberattacks. This comes from both cybercriminal and state-affiliated actors. The Biden administration announced it would make it mandatory for states to conduct security audits on their water systems. The EPA already released guides to security audits for these systems, and will provide technical support for future assessments. The advisory also included public disclosure of three recent ransomware attacks on water systems in California, Maine, and Nevada. This included one where threat actors compromised a system used to control SCADA industrial controls. 

(Security Affairs)

Cloud exploitation on the rise

A new report from CrowdStrike found overall cloud exploitation against organizations increased 95% on the year, with cases involving “cloud-conscious” threat actors nearly tripled. Overall the report confirmed recent finding that attackers continue to increase efficiency, with breakout time down 15% on the year to just 84 minutes. Overall the report found 71% of attack malware-free. Unsurprisingly, the report found that social engineering tactics also increased on the year, particularly targeted around getting around SMS-based multifactor authentication with things like SIM swapping. 

(Security Magazine)

WhatsApp agrees to more privacy transparency

The popular Meta-owned messaging app caused itself an undue amount of trouble when it introduced a new privacy policy back in 2021. This new policy outlined how WhatsApp would share business user data with Facebook. However many people read this to mean all user data would be shared with Meta’s social network. As a result, The European Commission and the Consumer Protection Cooperation Network sent a letter to WhatsApp in 2022, asking the service to ensure users understand what policies they are agreeing to. WhatsApp announced it will follow some of the letter’s recommendations, including giving users the ability to reject policy changes, “prominently” displaying new terms and explaining how these would impact a user’s rights. These changes will only come to the EU for now, Meta did not say if it plans to bring it to the US. 


And now a word from our sponsor, Packetlabs

Struggling to justify cybersecurity investments to decision-makers? Meet ROSI, the superhero of cybersecurity investments! Calculate your Return On Security Investment to quantify the value of prevention and save money by avoiding cybersecurity breaches. ROSI builds synergies between your business, security, and finance teams, bringing everyone together. Download our free buyer’s guide to learn the ROSI formula, how to reduce cyber insurance premiums, and what to look for in a provider. Visit and unleash the power of ROSI in your c-suite discussions today!

China creates data store agency

China’s National People’s Congress approved the creation of the new agency, which will centralize management of data storage in the country. The Wall Street Journal’s sources say this would make it the top regulator for data-related issues. Right now multiple ministries share overlapping oversight. The agency would rule on foreign data exports, set data-collection rules for businesses, and investigate use of algorithms. 


Federal agencies improperly used cell-site simulators

This finding comes from the Department of Homeland Security Office of the Inspector General. The OIG found that the US Secret Service and Immigration and Customs Enforcement did not always follow Federal statutes and privacy policies when using Stingrays and other devices users to decoy cell towers. The public report largely redacts statistical data on usage, so we don’t get a clear picture how pervasively the agencies used these. These agencies are supposed to get a court order for using cell-site simulators, except under exigent circumstances. The report found it failed to do that. The OIG issued six recommendations to guide the agencies in better following its legal and policy obligations, but likely legislative action would be needed to meaningfully improve the situation.

(The Register)

New tools to simulate attacks on ML systems

Microsoft and Mitre announced a new tool called Arsenal, designed to let researchers explore adversarial tactics against machine learning systems. Arsenal operates as a plugin for Mitre’s Adversarial Threat Landscape for Artificial-Intelligence Systems framework. Microsoft will use its Counterfeit automation tool to run AI security risk assessments and feed these into future adversarial attack profiles. Right now the tool operates using limited publicly available information, but Microsoft and Mitre plan to expand this with new techniques seen in the wild. 

(Security Week)

Dark web market leaks millions of payment cards

The card-swapping marketplace BidenCash released information on over 2.1 million payment cards for free. This follows similar leaks in June and October when it released over 1.2 million cards. Flashpoint reports that about 70% of these cards expire some time in 2023, with half the cards belonging to US-based users. The leak included full payment card information, as well as anything needed to further phish these users, like names, addresses, emails, and phone numbers. While BidenCash only appeared online in the last year, it quickly become one of the top card-trading markets. 

(Security Magazine)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.