Lazarus Group targets macOS users
We’ve seen a number of threat groups use the surging job market as a perfect vector for cyber attacks. The security researchers at SentinelOne report that the North Korea-linked Lazarus Group operates a campaign targeting macOS users. This lures users with job offers at Crypto.com. ESET and Malwarebytes reported on the campaign originally last month, targeting Windows users with similar crypto-related jobs. It’s not clear how the campaign specifically delivers the initial malware payload. Some reports suggest private messaging on LinkedIn. These likely represent short-term campaigns focused on theft, given the threat actors do not obfuscate any binaries in the attacks.
Geopolitics behind recent DDoS surge
It seems like in 2022, we’ve talked about another record breaking DDoS attack every couple of weeks. A new report from NETSCOUT found that these likely come from a rise in wars and regional disputes in the year. The company tracked over six million DDoS incidents, finding they used 57% more bandwidth than last year. The overall number of DDoS attacks remained consistent, the extra bandwidth reflects more intensity. Countries with ties to the war in Ukraine saw the most impact. Finland saw a 258% increas in DDoS attacks since applying for NATO membership. Ireland, India, Taiwan, Belize, Romania, Italy, Lithuania, Norway, Poland, and Latvia also saw notable increases.
Meta takes on influence networks
In a report released Tuesday morning, Meta said it took down a network of fake Facebook accounts from China attempting to interfere in American politics ahead of November midterm elections. Meta’s report claims the accounts were posing as Americans, attacking politicians and posting about inflammatory issues. The small network of 84 accounts were not given a chance to grow. Meta did not claim the account network was linked to Chinese intelligence agencies, only that posts occurred between 9am and 5pm in China. The report also described the takedown of a larger 1,600 account Russia-based network focused on anti-Ukraine propaganda in Europe. This network produced fake social media posts and spoofed websites copying prominent news outlets. Meta says “This network was the largest of its kind we’ve disrupted since the war in Ukraine began”.
(NBC News)
Study finds organizations deluges with cybersecurity incidents
A new report from the security vendor Trellix found that the average SecOps team managed 51 cybersecurity incidents per day. 36% reported seeing significantly higher, dealing with 50 to 200 incidents daily. 46% agreed to being “inundated by a never-ending stream of cyber-attacks.” Siloed systems remained a common pain point, with 60% saying poorly integrated products reduced organizational efficiency in responding. This also appears to cost organizations money, with 84% saying they estimated losses from the incidents at up to 10% of annual revenue.
Thanks to today’s episode sponsor, Votiro
Australian police investigate Optus ransom
The embattled carrier disclosed that local police were investigating the release of personal data of 10,000 customers. This came along with a demand for $1 million in cryptocurrency. The threat actor later deleted the post with the data, and seemed to apologize for the attack. Australian police began working with the FBI and other international law enforcement agencies to try to track down the attacker. Additionally, state governments in New South Wales, Victoria, Queensland and South Australia began the process of allowing victims of the attack to change their driver’s license numbers and get new ID cards.
(AP, The Guardian)
American Data Privacy and Protection Act looks to narrow HIPAA gap
Back in July, the House Energy and Commerce Committee voted 53-2 to advance the bill. The ADPPA seeks to address privacy issues in under-regulated spaces in the digital health data economy not covered under HIPAA. It would also provide for better enforcement, empowering the Federal Trade Commission with more resources and overt authority to regulate it. HIPAA enforcement falls to the resource-constrained Food and Drug Administration. The bill appears to have bipartisan support to not stall out as it makes its way through Congress. The bill would preempt states with local privacy laws.
ITU election takes shape
The International Telecommunication Union is a 157-year-old organization originally formed to coordinate telegraphs across countries. In 1949 it integrated into the United Nations system. It does not govern the Internet, but it does have 193 member countries and 900 participating organizations. This allows it to decide on things that affect the internet. That scope means all the countries agreed to it. So who runs it has a lot of influence over the Internet, particularly over standards and interoperability. And this week in Romania, the ITU is choosing a new head to succeed China’s Zhao Houlin who has led the ITU for the past eight years. It’s down to two people. Former US Commerce Department telecom expert Doreen Bogdan-Martin. And seemingly perpetual Russian deputy minister for telecommunications, Rashid Ismailov.
(Wired)
Oracle settles with SEC on bribery
The settlement resolves charges that the company violated the Foreign Corrupt Practices Act for a second time. The SEC claimed the company used a slush fund to pay bribes to foreign officials in India, Turkey and the United Arab Emirates from 2016 to 2019. This follows a settlement on similar charges dating back to 2012 in India. Oracle does not deny or admit to the SEC’s findings in the settlement, but will pay $23 million.
(CNBC)