FBI seizes Hive ransomware group infrastructure after lurking in servers for months
After seven months spent lurking inside the notorious ransomware group’s networks, swiping decryption keys for its victims, the FBI and international partners seized infrastructure behind Hive ransomware attacks. Since June 2021, Hive has targeted more than 1,500 victims globally. While staking out Hive’s network, the FBI disrupted multiple attacks, including ones against a Louisiana hospital, a food services company and a Texas school district. Deputy Attorney General Lisa O. Monaco said during a press conference Thursday, “In a 21st-century cyber stakeout, our investigative team turned the tables on Hive, swiping their decryption keys, passing them to victims, and ultimately averting more than $130 million in ransomware payments,” “Simply put, using lawful means we hacked the hackers.”
Layoffs come to IBM – Kyndryl, Watson and Russia to blame
IBM is the latest tech company to jump on the layoff bandwagon with news it would reduce its workforce by around 3,900, which is 1.5 percent of its workforce. These layoffs follow the spinoffs of its Kyndryl and Watson Health units, and also point the finger of blame at events that impacted IBM’s profit and cashflow projections, such as exiting Russia, wage inflation and a strong dollar.
Microsoft says services have recovered after widespread outage
Microsoft services have recovered after tens of thousands of users reported its products, including Outlook and Teams, had stopped working. Microsoft blamed the outage on a change it made to its “Wide Area Network”, which had now been “resolved” They explicitly ruled out a cyber-attack as a potential cause of the issue. Wednesday’s problems affected a range of widely used Microsoft products. Services including Teams and Xbox Live were also reported as not working, and Azure also experienced problems which affected “a subset of users”.
(BBC News)
Yandex denies hack, blames source code leak on former employee
A Yandex source code repository allegedly stolen by a former employee of the Russian technology company has been leaked as a Torrent on a popular hacking forum. Yesterday, the leaker posted a magnet link that they claim are ‘Yandex git sources’ consisting of 44.7 GB of files stolen from the company in July 2022. These code repositories allegedly contain all of the company’s source code besides anti-spam rules. A former senior executive added that the leak does not contain any customer data, nor does it directly threaten to leak proprietary technology, but it does create the potential for hackers to identify security gaps and create targeted exploits.
Thanks to this week’s episode sponsor, SafeBase
BuzzFeed soars on reports of plans to use ChatGPT’s OpenAI, Meta deal
Shares of BuzzFeed more than doubled in value on Thursday on reports the digital media firm was planning to use artificial intelligence to personalize and enhance its online quizzes and content. The Wall Street Journal, which first reported the development, said the company would use ChatGPT creator OpenAI for its content. BuzzFeed will help generate content for Meta’s platforms and train creators to grow their presence online, the report said, citing people familiar with the situation.
(Reuters)
New Python-based RAT uses WebSocket for C2 and data exfiltration
Cybersecurity researchers have unearthed a new attack campaign that has been able to leverage a Python-based remote access trojan (RAT) to gain control over compromised systems since at least August 2022. In a report, analytics company Securonix said, “This malware is unique in its utilization of WebSockets to avoid detection and for both command-and-control (C2) communication and exfiltration.” The malware, dubbed PY#RATION allows the threat actor to harvest sensitive information. Later versions of the backdoor also sport anti-evasion techniques, suggesting that it’s being actively developed and maintained.
Lloyds Bank warns of 80% surge in advance fee scams
The UK bank has warned consumers about the rise of scams in which victims are asked to pay an upfront fee for a product or service that doesn’t materialize. So-called “advance fee” fraud surged by 82% year-on-year in 2022, with fake ads for loans, jobs and rental properties among the most common tactics. Loan fee scams target people on low incomes or with a poor credit history, and approve a loan no matter what. Scammers then request an upfront fee in order to receive the funds, which never arrive. Lloyds states that people aged 25–34 are most likely to fall victim, followed by 35–44 year olds.
The need for EV cybersecurity roadmaps
The Office of the National Cyber Director (ONCD) recently hosted a forum with government leaders and private companies to assess both current and emerging cybersecurity threats involving electric vehicles (EVs). The most infamous story to date concerns a 19-year-old security researcher who, in early 2022, was able to hack into 25 Teslas around the world using a third-party, open-source logging tool known as Teslamate. Other threat vectors that the industry is watching include: Connected vehicle systems such as navigation and optimal route planning that may enable access to key systems and put drivers at risk, charging stations that can become a path to exfiltrate driver data, and the use of infected cards to attack a local power grid while charging. This forum and similar gatherings are looking to establish greater transparency and communication between OEMs as well as urging for stronger password security within the many computers built into the vehicles.