Ransomware gangs cause headaches for hacker forums too
It may seem like hacker forums are the Wild West of the dark web with virtually no rules. But a recent piece by Cyberscoop details that these sites have etiquette and rules, ones that ransomware groups are seemingly straining. Many of these sites allow ransomware groups to put down deposits as a mark of trust for selling services. If a group goes dark, the site owner can then pay out funds due to clients if they can prove they are owned. These sites even include an arbitration process for disputed transactions. Ransomware groups often are involved in high cost arbitration transactions, but can come out the loser when aggrieved parties publish chat logs with trade secrets and attack vectors that anyone, including law enforcement, can read. The rise of numerous ransomware-as-a-service groups on these forums has made it harder to verify “trustworthy” affiliates, leading some forums to ban ransomware service ads entirely.
Don’t look a Grifthorse in the mouth
The security firm Zimperium discovered a new malware operation dubbed GriftHorse malware, which has infected more than 10 million Android devices in over 70 countries since November 2020. This was distributed using benign-looking apps on both the official Google Play Store and third-party app stores. Once installed, the apps show pop ups for prizes and special offers, all directing users to subscribe to “premium” SMS service. What stood out to security researchers was the quality of the malware’s code, which used a wide spectrum of websites, malicious apps, and developer personas to avoid detection. The researchers estimate the operators are making between €1.2 million and €3.5 million per month.
Ransomware’s impact on patient care
A survey of healthcare organizations by the Ponemon Institute and the security company Censinet found that ransomware attacks against healthcare organizations have led to longer hospital stays, delays in tests and procedures, and a possible increase in patient deaths. 36% of respondents reported an increase of patient complications following a ransomware attack, while 70% reported both longer stays as a result of the attack and delays in testing. 20% of respondents said attacks led to patient deaths, although it should be noted this is in the respondent’s estimation not based on an investigation by a medical board or law enforcement.
FTC looks to strengthen online privacy rules
The Wall Street Journal’s sources say the US Federal Trade Commission is considering new rules for how businesses handle consumer data. This could include deeming some data collection an unfair business practice or designate default data collection unfair or deceptive under its mandate. The commission could also increase privacy protections for minors by updating the 1998 Children’s Online Privacy Protection Act, including enforcement against specific companies. The US Congress is considering similar legislative approaches, although any new rules by the FTC would likely take years to implement.
Thanks to our episode sponsor, VMware
Akamai to acquire Guardicore
The prominent CDN company will pay roughly $600 million in the deal. Guardicore offers enterprise class network micro-segmentation solutions based on a zero-trust and strict permissions architecture that can secure access from on-prem to the cloud. Guardicore’s assets will be integrated into Akamai’s Zero Trust security portfolio, where there is obvious symmetry. The deal is still subject to regulatory approval, but is expected to close in Q4.
Who knew a home surveillance robot might have privacy implications?
At an event that saw Amazon introduce a bevy of new hardware, the company’s splashiest announcement was Astro, a $999 home robot. This is designed to investigate noises, identify strangers, and patrol a home when everyone is away. Vice’s sources, who reportedly worked on the robot project at Amazon, say the device is not ready as a consumer device. The facial recognition to determine strangers in a home reportedly has poor accuracy. Ideally the robot is supported to identify strangers when in sentry mode within 30 seconds, then follow them and record video, and is equipped with a periscoping camera to enable it to see things higher up. The robot is not designed to go down stairs, but in testing often had trouble avoiding them.
Facebook open sources Android bug tool
The tool is called Mariana Trench, and serves as an Android-focused static analysis platform that can perform at scale. According to Facebook, Mariana Trench is “designed to be able to scan large mobile codebases and flag potential issues on pull requests before they make it into production.” At a high level, this allows developers to frame rules for different data flows and look if code could unintentionally lead to data flows that break those rules. Facebook claims that 50% of vulnerabilities found across its entire family of apps are found using automated tools like Mariana Trench.
Now we have to worry about ransomware targeting backups
Conventional wisdom is that good backups, coupled with a good recovery strategy, is critical for combating the threat of ransomware. A new report from the cyber-risk prevention firm Advanced Intelligence shows that ransomware operators are keenly aware of this, with the Conti ransomware operators particularly focusing on backed-up data. Research has shown that the need to restore data is the primary motivator in Conti ransomware negotiations, with extortion over published exfiltrated data a secondary concern. Conti starts its focus on backups from a team building level, recruiting candidates based on that skill. The ransomware gang is particularly focused on compromising backup software from disaster-recovery firm Veeam.