This week’s Cyber Security Headlines – Week in Review, October 3-7, is hosted by Sean Kelly, with our guest, Patrick Benoit, VP, Global Cyber, GRC/BISO, CBRE
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Lazarus hackers abuse Dell driver bug using new FudModule rootkit
The notorious North Korean hacking group has been observed installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack. The spear-phishing campaign unfolded in the autumn of 2021, and the confirmed targets, an aerospace expert in the Netherlands and a political journalist in Belgium, were emailed fake job offers at Amazon. ESET reports that among the tools deployed in this campaign, the most interesting is a new FudModule rootkit that abuses a BYOVD (Bring Your Own Vulnerable Driver) technique to exploit a vulnerability in a Dell hardware driver for the first time.
Ex-NSA employee charged with violating Espionage Act, selling U.S. cyber secrets
The former employee, Jareh Sebastian Dalke, appeared in federal court Thursday on charges that he attempted to transmit classified “national defense information” to an FBI agent he believed was a Russian operative, in exchange for $85,000, according to the Justice Department. He had allegedly told the undercover agent that he had access to information “relating to foreign targeting of U.S. systems and information on cyber operations,” according to the affidavit. Dalke was only employed by the NSA for about three weeks before quitting on July 1, but while there he had a top-secret clearance in his role as an “information systems security designer,” according to the FBI.
Former Uber security chief found guilty of data breach coverup
A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident. Sullivan has been convicted on two counts: One for obstructing justice by not reporting the incident and another for misprision. He faces a maximum of five years in prison for the obstruction charge, and a maximum of three years for the latter. The 2016 hack of Uber occurred as a result of two hackers gaining unauthorized access to the company’s database backups, prompting the ride-hailing firm to secretly pay a $100,000 ransom in December 2016 in exchange for deleting the stolen information.
LA school data published on leak site
The Los Angeles Unified School District confirmed that a ransomware organization began publishing exfiltrated information about students online. The files appeared on the leak site for the Vice Society ransomware organization, known for targeting educational organizations. The attack occurred over Labor Day weekend, with the threat group issuing a ransom demand on September 22nd. The district did not negotiate or pay the ransom, in accordance with advice from the FBI. Bleeping Computer reports folder names in the leaked data suggest it includes social security numbers, passport information, and “Secret and Confidential” documents. NBC Los Angeles’ law enforcement sources say it includes legal records, business documents, and some confidential psychological assessments of students.
And now thanks to this week’s episode sponsor, Hunters
Fraud hitting P2P payment apps
A new report from the office of Senator Elizabeth Warren found an increasing prevalence of fraud and scams using the peer-to-peer payment service Zelle. The banks Bank of America, Truist, Capital One, JPMorgan Chase, PNC Bank, U.S. Bank, and Wells Fargo own the company that operates Zelle. Since the second half of 2021, data from four of these banks shows 192,878 cases of fraud resulting in $213.8 million in losses using payments made with Zelle. Despite bank ownership, the reports found only 3,500 cases where the banks reimbursed for the losses, and in those cases only reimbursing an average of 47%. The Consumer Financial Protection Bureau is expected to issue regulations to require banks to reimburse customers for a wider array of scams and fraud.
Twitter deal isn’t done yet
We covered yesterday that Elon Musk re-offered his original price to take Twitter private, with a share price already approved by Twitter’s board. The deal isn’t done yet, with Twitter getting a new concession in the case. The Delaware Court of Chancery approved Twitter to proceed with a limited investigation into whether whistleblower Peiter “Mudge” Zatko contacted Elon Musk’s lawyers prior to his previous attempt to back out of buying Twitter. This involved a May 6th email sent from an anonymous ProtonMail account claiming to be “a former exec at Twitter leading teams directly involving Trust & Safety/Content Moderation” and offered Musk information on Twitter through alternate channels. If Musk and Twitter reach an agreement to end litigation, the matter would be moot.
Another Australian telco hit with breach
Australia’s largest telco Telstra confirmed it suffered a data breach at a third-part organization, exposing employee data dating back to 2017. It estimates 30,000 people were impacted, with names and email addresses leaked. This comes two weeks after another telco in the country, Optus, suffered a data breach impacting up to 10 million accounts.
Netwalker ransomware affiliate sentenced to 20 years in prison
On Tuesday, a court in Tampa, FL sentenced former Netwalker ransomware-as-a-service affiliate, Sebastien Vachon-Desjardins, to 20 years in prison and ordered him to forfeit $21.5 million.The 34-year-old Canadian man was extradited from Quebec and plead guilty to a series of computer and wire fraud related crimes. After serving his prison sentence, Vachon-Desjardins will have to serve three years of supervised release and will not be permitted to use any device capable of connecting to the Internet. Back in February, Vachon-Desjardins was sentenced to 6 years and eight months for similar charges in a court in Ontario.