Colonial Pipeline confirms it paid the ransom

The company’s CEO Joseph Blount said he authorized paying a $4.4 million ransom to the Darkside ransomware operators, saying he felt compelled to pay because of the high stakes of the infrastructure. Blount said executives were unsure of the extent of the breach and how long it would take to get the pipeline back to operation if they didn’t pay. He further said that at the time, “it was the right thing to do for the country.”

(Dark Reading)

Qlocker ransomware operators shut down

Bleeping Computer reports that all Qlocker Tor sites are now no longer accessible, leaving victims with no way to pay any ransoms. The sites had recently been displaying “This site will be closed soon” banners. Since April 19th, Qlocker had been operating a ransomware campaign exploiting vulnerabilities in QNAP NAS devices. Initially the operators asked for .01 Bitcoin to unlock files, with researchers estimating the operators collected $350,000 in a month. Perhaps an indicator of the approaching shutdown, the operators recently changed to a bait-and-switch approach, asking victims for a further .02 Bitcoin after the initial ransom was paid. 

(Bleeping Computer)

SolarWinds CEO speaks about supply chain attack

Speaking at the virtual RSA Conference, SolarWinds CEO Sudhakar Ramakrishna gave an assessment on the company’s recent high-profile supply chain attack. Commenting on CISO Tim Brown, in the role since 2017, Ramakrishna said “CISOs get undo discredit” in these kind of situations, while CEOs get undo credit when things go well. He also apologized for blaming an intern’s weak password for the breach during congressional testimony, saying the password was for his GitHub account. On the attack, he said threat actors “may have been in our environment” for recon as early as January 2019, accessing systems by as early as September 2019.

(The Record)

Report claims Apple moves Chinese iCloud data to state-owned servers

The New York Times obtained documents that show Apple moved iCloud data of Chinese users, including the encryption keys, from servers outside China to a network of servers from state-owned GCBD. Apple denies the report and says it has control of the encryption keys, the documents are outdated, it uses the latest protections, and keeps third parties disconnected from its networks. The Chinese government also made a statement that it “strictly adheres to principles of data security protection and prohibits and cracks down on relevant illegal activities in accordance with the law.”

(Engadget)

Thanks to our episode sponsor, Trend Micro

Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register.

Darkside ransomware operators collected $90 million

Researchers from blockchain analysis firm Elliptic estimated the amount collected by the Darkside organization since October 2020, with the average payment being at $1.9 million. The researchers examined the Bitcoin wallets used by the ransomware gang to receive the ransom payments from victims over the past nine months. Darkside operates as a ransomware-as-a-service model, keeping 10-25% of ransoms received, with researchers estimating Darkside kept roughly $15.5 million. 

(Security Affairs)

Lead time on chips increases amid ongoing shortage

Shortages in the semiconductor industry are getting worse, with the gap between ordering a chip and taking delivery increased to 17 weeks in April, according to research by Susquehanna Financial Group. This is the longest lead time since the firm started tracking in 2017, and the fourth consecutive month it has increased. The situation has been complicated by a resurgence of COVID-19 in Taiwan, home to Taiwan Semiconductor Manufacturing Co, which is the world’s most advanced chipmaker and counts Apple and Qualcomm among its many customers.

(Bloomberg)

Amazon extends ban on police use of facial recognition 

The company initially announced the ban back in June 2020, now saying the ban will be extended indefinitely. When it initially instituted the ban in the wake of the murder of George Floyd by Minnesota police, the company said it hoped Congress would pass legislation setting out ethical usage of the technology, a sentiment echoed by Microsoft at the time. Amazon’s Rekognition computer vision service was first introduced in 2016, and began being used by the Washington County, Oregon Sheriff’s Office for facial recognition in 2017. 

(Reuters)

Mac malware reaches “unacceptable” levels

In testimony during the Epic vs Apple antitrust case, Apple’s head of software engineering, Craig Federighi said, “we have a level of malware on the Mac that we don’t find acceptable.” He further said Apple uses built-in systems to automatically remove malware from customer’s computers, but that since last May over 130 types of Mac malware were identified, with one infecting 300,000 systems. Federighi said the Mac faces a “significantly larger malware problem” than iOS. 

(CNet)

Microsoft sends Internet Explorer to a farm upstate

Microsoft announced that consumer versions of Internet Explorer will go out of support on June 15, 2022. Windows 10 Long-Term Servicing Channel customers will still include the browser. Microsoft Edge is the formal replacement for IE, which includes an IE mode that supports older ActiveX controls, with Microsoft pledging support to the feature until at least 2029. IE will be remembered fondly by users who enjoy broken web standards, Netscape Navigator haters, and security exploits. Good night sweet prince. 

(The Verge)