Cyber Security Headlines: Lazarus targets macOS, Geopolitical DDoS, Meta takes down influence networks

Lazarus Group targets macOS users

We’ve seen a number of threat groups use the surging job market as a perfect vector for cyber attacks. The security researchers at SentinelOne report that the North Korea-linked Lazarus Group operates a campaign targeting macOS users. This lures users with job offers at Crypto.com. ESET and Malwarebytes reported on the campaign originally last month, targeting Windows users with similar crypto-related jobs. It’s not clear how the campaign specifically delivers the initial malware payload. Some reports suggest private messaging on LinkedIn. These likely represent short-term campaigns focused on theft, given the threat actors do not obfuscate any binaries in the attacks. 

(InfoSecurity Magazine)

Geopolitics behind recent DDoS surge

It seems like in 2022, we’ve talked about another record breaking DDoS attack every couple of weeks. A new report from NETSCOUT found that these likely come from a rise in wars and regional disputes in the year. The company tracked over six million DDoS incidents, finding they used 57% more bandwidth than last year. The overall number of DDoS attacks remained consistent, the extra bandwidth reflects more intensity. Countries with ties to the war in Ukraine saw the most impact. Finland saw a 258% increas in DDoS attacks since applying for NATO membership. Ireland, India, Taiwan, Belize, Romania, Italy, Lithuania, Norway, Poland, and Latvia also saw notable increases. 

(The Record)

Meta takes on influence networks

In a report released Tuesday morning, Meta said it took down a network of fake Facebook accounts from China attempting to interfere in American politics ahead of November midterm elections. Meta’s report claims the accounts were posing as Americans, attacking politicians and posting about inflammatory issues. The small network of 84 accounts were not given a chance to grow. Meta did not claim the account network was linked to Chinese intelligence agencies, only that posts occurred between 9am and 5pm in China. The report also described the takedown of a larger 1,600 account Russia-based network focused on anti-Ukraine propaganda in Europe. This network produced fake social media posts and spoofed websites copying prominent news outlets. Meta says “This network was the largest of its kind we’ve disrupted since the war in Ukraine began”.

(NBC News)

Study finds organizations deluges with cybersecurity incidents

A new report from the security vendor Trellix found that the average SecOps team managed 51 cybersecurity incidents per day. 36% reported seeing significantly higher, dealing with 50 to 200 incidents daily. 46% agreed to being “inundated by a never-ending stream of cyber-attacks.” Siloed systems remained a common pain point, with 60% saying poorly integrated products reduced organizational efficiency in responding. This also appears to cost organizations money, with 84% saying they estimated losses from the incidents at up to 10% of annual revenue. 

(InfoSecurity Magazine)

Thanks to today’s episode sponsor, Votiro

Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com.

Australian police investigate Optus ransom

The embattled carrier disclosed that local police were investigating the release of personal data of 10,000 customers. This came along with a demand for $1 million in cryptocurrency. The threat actor later deleted the post with the data, and seemed to apologize for the attack. Australian police began working with the FBI and other international law enforcement agencies to try to track down the attacker. Additionally, state governments in New South Wales, Victoria, Queensland and South Australia began the process of allowing victims of the attack to change their driver’s license numbers and get new ID cards. 

(AP, The Guardian)

American Data Privacy and Protection Act looks to narrow HIPAA gap

Back in July, the House Energy and Commerce Committee voted 53-2 to advance the bill. The ADPPA seeks to address privacy issues in under-regulated spaces in the digital health data economy not covered under HIPAA. It would also provide for better enforcement, empowering the Federal Trade Commission with more resources and overt authority to regulate it. HIPAA enforcement falls to the resource-constrained Food and Drug Administration. The bill appears to have bipartisan support to not stall out as it makes its way through Congress. The bill would preempt states with local privacy laws. 

(SC Magazine)

ITU election takes shape

The International Telecommunication Union is a 157-year-old organization originally formed to coordinate telegraphs across countries. In 1949 it integrated into the United Nations system. It does not govern the Internet, but it does have 193 member countries and 900 participating organizations. This allows it to decide on things that affect the internet. That scope means all the countries agreed to it. So who runs it has a lot of influence over the Internet, particularly over standards and interoperability. And this week in Romania, the ITU is choosing a new head to succeed China’s Zhao Houlin who has led the ITU for the past eight years. It’s down to two people. Former US Commerce Department telecom expert Doreen Bogdan-Martin. And seemingly perpetual Russian deputy minister for telecommunications, Rashid Ismailov.

(Wired)

Oracle settles with SEC on bribery 

The settlement resolves charges that the company violated the Foreign Corrupt Practices Act for a second time. The SEC claimed the company used a slush fund to pay bribes to foreign officials in India, Turkey and the United Arab Emirates from 2016 to 2019. This follows a settlement on similar charges dating back to 2012 in India. Oracle does not deny or admit to the SEC’s findings in the settlement, but will pay $23 million. 

(CNBC)

Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. Since 2015, he's worked in technology news podcasting and media. He dreams of someday writing the oral history of Transmeta.