FBI seizes Hive ransomware group infrastructure after lurking in servers for months
The FBI and some international partners have seized the infrastructure behind Hive ransomware attacks after a multi-month stakeout that involved swiping decryption keys for its victims. Hive is a group that has targeted more than 1,500 victims globally within three years. The stakeout allowed the FBI to disrupt numerous attacks, including ones against a Louisiana hospital, a food services company and a Texas school district. Deputy Attorney General Lisa O. Monaco said during a press conference Thursday, “In a 21st-century cyber stakeout, our investigative team turned the tables on Hive, swiping their decryption keys, passing them to victims, and ultimately averting more than $130 million in ransomware payments,” “Simply put, using lawful means we hacked the hackers.”
Layoffs come to IBM – Kyndryl, Watson and Russia to blame
IBM has announced it will reduce its workforce by around 3,900, equalling 1.5 percent of its workforce. These layoffs follow the spinoffs of its Kyndryl and Watson Health units, and also point the finger of blame at events that impacted IBM’s profit and cashflow projections, such as exiting Russia, wage inflation and a strong dollar.
Microsoft says services have recovered after widespread outage
Microsoft services have recovered after tens of thousands of users reported its products, including Outlook and Teams, had stopped working. Microsoft blamed the outage on a change it made to its “Wide Area Network”, which had now been “resolved” They explicitly ruled out a cyber-attack as a potential cause of the issue. Wednesday’s problems affected a range of widely used Microsoft products. Services including Teams and Xbox Live were also reported as not working, and Azure also experienced problems which affected “a subset of users”.
Yandex denies hack, blames source code leak on former employee
A Yandex allegedly stolen by A former employee of the Russian technology company Yandex has allegedly leaked source code on a popular hacking forum. According to Bleeping Computer, the leaker posted “a magnet link that they claim are ‘Yandex git sources’ consisting of 44.7 GB of files stolen from the company in July 2022. These code repositories allegedly contain all of the company’s source code besides anti-spam rules.” A former senior executive stated that the leak doesn’t contain any customer data, but it does create the potential for hackers to identify security gaps and create targeted exploits.
Thanks to this week’s episode sponsor, SafeBase
BuzzFeed soars on reports of plans to use ChatGPT’s OpenAI, Meta deal
Shares of BuzzFeed more than doubled in value on Thursday on reports the digital media firm was planning to use artificial intelligence to personalize and enhance its online quizzes and content. The Wall Street Journal, which first reported the development, said the company would use ChatGPT creator OpenAI for its content. “BuzzFeed will help generate content for Meta’s platforms and train creators to grow their presence online, the report said, citing people familiar with the situation.”
New Python-based RAT uses WebSocket for C2 and data exfiltration
Cybersecurity researchers at Securonix have identified unearthed a new attack campaign that leverages a “Python-based remote access trojan (RAT) to gain control over compromised systems since at least August 2022.” In a report, the analytics company described the malware as “is unique in its utilization of WebSockets to avoid detection and for both command-and-control (C2) communication and exfiltration.” The malware, dubbed PY#RATION allows the threat actor to harvest sensitive information. Later versions of the backdoor also sport anti-evasion techniques, suggesting that it’s being actively developed and maintained.
Lloyds Bank warns of 80% surge in advance fee scams
The UK bank has warned consumers about the rise of scams in which victims are asked to pay an upfront fee, called an “advance fee” for a product or service that doesn’t materialize. This type of fraud has grown by 82% year-on-year in 2022, with fake ads for loans, jobs and rental properties among the most common tactics. Loan fee scams target people on low incomes or with a poor credit history, and approve a loan no matter what. Scammers then request an upfront fee in order to receive the funds, which never arrive. Lloyds states that people aged 25–34 are most likely to fall victim, followed by 35–44 year olds.
The need for EV cybersecurity roadmaps
The Office of the National Cyber Director (ONCD) recently hosted a forum with government leaders and private companies to assess both current and emerging cybersecurity threats involving electric vehicles (EVs). The most infamous story to date concerns a 19-year-old security researcher who, in early 2022, was able to hack into 25 Teslas around the world using a third-party, open-source logging tool known as Teslamate. Other threat vectors that the industry is watching include: Connected vehicle systems such as navigation and optimal route planning that may enable access to key systems and put drivers at risk, charging stations that can become a path to exfiltrate driver data, and the use of infected cards to attack a local power grid while charging. This forum and similar gatherings are looking to establish greater transparency and communication between OEMs as well as urging for stronger password security within the many computers built into the vehicles.