Double encryption ransomware attacks on the rise

These attacks have occurred in the past, typically from separate ransomware organizations compromising the same victim simultaneously. But the antivirus company Emsisoft reported it has seen dozens of examples of threat actors deploying two types of ransomware in an attack. In some instances the operator will disclose the double encryption scheme up front, in other cases, victims will pay to remove an initial encryption only then to be informed of the other. Attackers can either simply re-encrypt the encrypted data, or take a side-by-side approach, with the different ransomware strains used on different bits of data. Security researchers say though that double encryption doesn’t further complicate efforts to remediate using backups. 

(Wired)

The UK seeks advice on defending against supply-chain attacks

The UK’s Department for Digital, Culture, Media, and Sport announced its seeking advice on how to increase cybersecurity efforts to defend against software supply-chain attacks and strengthen IT Managed Service Providers. This comes as part of the nationwide “cyber resilience” program in the UK’s National Cyber Security Strategy. Members of firms that either procure or provide IT services can now complete a survey to provide input, with responses due by July 11th. The government will look at the responses as it builds new policy to strengthen its infrastructure security. 

(Bleeping Computer)

Eufy leaks customer camera feeds to strangers

The smart home company Eufy confirmed that a software bug in a server update resulted in some users being shown live and recorded camera feeds of unassociated accounts, although the company maintains this impacted 0.001% of users. The error exposed camera feeds in United States, New Zealand, Australia, Cuba, Mexico, Brazil, and Argentina, with European users not impacted. The issue also did not appear to impact users accessing the cameras exclusively over HomeKit Secure Video. The company recommends users unplug and reconnect the camera, then log out and back into your account to ensure no one else has access. 

(9to5Mac)

Senate to introduce breach notification legislation

A bipartisan group of US Senators, led by Senate Intelligence Chair Mark Warner and Senator Marco Rubio, plan to introduce new legislation in the coming weeks mandating cyberattack reporting by critical infrastructure operators, major IT service providers, and other companies doing business with the government. Lawmakers reportedly began drafting the legislation in the wake of the SolarWinds Orion supply chain attack, with the recent Colonial Pipeline ransomware attack adding urgency to the process. 

(Politico)

Thanks to our episode sponsor, Trend Micro

Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register.

Parler returns to Apple’s App Store

The app for the social network Parler was removed from the App Store initially due to inadequate content moderation policies following the January 6th Capitol riots. Apple previously approved changes to Parler’s moderation policies in April, with the relisting of the app dependent on Parler choosing to publish it. On iOS, the app uses an algorithm to “automatically detect violent or inciting content” and other objectionable content against Apple’s terms, but this content is still available on the web-based version. The app remains barred on the Google Play Store, although can be sideloaded. 

(Yahoo News)

Hacker forum bans ransomware ads

The XSS forum announced it will prohibit ads for ransomware affiliate models and for rentals of ransomware strains. The site’s operators claim the forum was founded around a main purpose of “knowledge,” not to serve as a marketplace for criminal operators. The Darkside ransomware operators previously ran an ad for its affiliate program on the site, as well as several other prominent ransomware operations. The other major hacking forum Exploit has not announced any ban on the ads. 

(The Record)

Two-thirds of CISOs don’t feel ready for a cyber attack

The finding comes from the “2021 Voice of the CISO Report” from Proofpoint, surveying 1,400 CISOs from mid and large sized organizations. 53% of respondents said they were more concerned with the fallout of such an attack in 2021 than they were in 2020. The types of attacks the CISOs were most concerned about varied, with 34% worried about Business Email Compromise attacks, 33% watching out for cloud account compromise, and 29% worried about supply-chain attacks. 58% respondanded that human error was their biggest cyber-vulnerability.

(InfoSecurity Magazine)

A simple anti-malware trick

Security researcher Brian Krebs reported that DarkSide and other Russian-language affiliate moneymaking programs have long included a hard-coded do-not-install list of countries, primarily Eastern European countries, including Ukraine and Russia. These lists are based on the languages of installed virtual keyboards on Windows. While Krebs cautions that a lot of malware doesn’t use this approach, it may prove effective in the short term. However, malware often carried similar do-not-install lists for virtual machine installs, but the increased usage of them have seen malware increasingly not carry such prohibitions.  

(Krebs on Security)