Xplain hack impacts Swiss cantonal police and Fedpol
Swiss police are investigating a cyberattack that impacted the IT service provider Xplain, which provides services to several Swiss federal and regional government departments, as well as the army, customs, and the Federal Office of Police (Fedpol). The threat actors have already published alleged stolen data from the Federal Office of Police (Fedpol) and the Federal Office for Customs and Border Security (FOCBS) on a Darknet forum, but representatives from these offices state the threat actors only had access to simulated, anonymous data for test purposes.
New Linux ransomware strain BlackSuit shows similarities to Royal
This according to Trend Micro, which examined an x64 VMware ESXi version targeting Linux machines. Their researchers stated, “they’re nearly identical, with 98% similarities in functions, 99.5% similarities in blocks, and 98.9% similarities in jumps based on BinDiff, a comparison tool for binary files.” In line with other ransomware groups, it runs a double extortion scheme that steals and encrypts sensitive data in a compromised network in return for monetary compensation. Data associated with a single victim has been listed on its dark web leak site.
Microsoft is retiring Cortana on Windows starting late 2023
Microsoft has announced that it will soon end support for the Windows standalone Cortana app. It had originally been introduced as part of the Windows Phone operating system, but grew out to other platforms such as Windows 10, Android, and iOS. It was designed to work closely with other Microsoft products, but now faces retirement later this year, 8 years after its inclusion in Windows 10 in 2015. However this only impacts Cortana in Windows. It will still be available in Outlook mobile, Teams mobile, Microsoft Teams display, and Microsoft Teams rooms.
AI-automated malware campaigns coming soon, says Mikko Hyppönen
Cybersecurity pioneer Mikko Hyppönen, who began his cybersecurity career two years before Tim Berners-Lee released the world’s first web browser, is now the chief research officer at WithSecure. In an interview with CSO Online. He states it is “mandatory for the cybersecurity industry to embrace AI technology…It will only be a matter of months before malicious threat actors use widely available AI source code to perfect their techniques for complete automation of malware campaigns.”
Thanks to this week’s episode sponsor, Trend Micro
Beware of the new zip domain phishing technique “file archiver in the browser”
This new phishing technique can be used by phishers to “emulate” a file archiver software in a web browser when a victim visits a .ZIP domain, according to security researcher mr.d0x. As we have been covering here on Cyber Security Headlines, the new top-level domains .zip and .mov. are causing concern among security experts. For this technique, an attacker exploits either the WinRAR file archive utility, or the Windows 11 File Explorer window, using a ‘Scan’ icon to the WinRAR sample. When users click on the icon, a message box reassuring them that the files are secure is displayed, thereby preventing suspicion.
Canadian university dealing with ransomware attack on email system
The University of Waterloo, a Canadian university near Toronto, confirmed last week that it is dealing with a ransomware attack. School vice president Jacinda Reitsma explained that their on-campus Microsoft Exchange email services were affected by the ransomware attack, sparing those who only use their cloud-based email. As a result, students were not able to log in or sign into other educational platforms with their email credentials. A reset was successfully completed by Friday morning. No ransomware group has taken credit for the attack.
US research agency examines cyber psychology to outwit criminal hackers
A new project at the Intelligence Advanced Research Projects Activity — the’s a so-called “moonshot research division” of the U.S. intelligence community is seeking better understand the psychology of hackers, in order to “discover their blind spots and build software that exploits these deficiencies to improve computer security.” Kimberly Ferguson-Walter, the IARPA program manager overseeing the initiative, told CyberScoop “when you look at how attackers gain access, they often take advantage of human limitations and errors, but our defenses don’t do that.” The project is dubbed Reimagining Security with Cyberpsychology-Informed Network Defenses or “ReSCIND,” and includes an open competition, which invites teams to “submit proposals for how they would study hackers’ psychological weaknesses and then build software exploiting them.”
Last week in ransomware
Last week numerous companies reported having data stolen after threat actors utilized a zero-day vulnerability in the MOVEit Transfer program to breach servers. While no one has claimed responsibility for this attack, it resembles Clop ransomware attacks using GoAnywhere MFT and Accellion FTA zero-days to steal files. Also last week it was put forward that the attack on the City of Dallas may have put the Royal ransomware operation in the crosshairs, scaring them into the BlackSuit rebrand mentioned earlier in this episode. Last week IBM released a report about BlackCat/ALPHV’s new ‘Sphynx’ encryptor and other tools used by the operation. We also reported on ransomware attacks on the legal eDiscovery company Casepoint, the City of Augusta, Georgia, and MCNA Dental.