WyzGuys Tech Talk

A quick Saturday digest of cybersecurity news articles from other sources.

Yes, There Really Is A Windows 11

Urgent Alert –  WD My Book Live users wake up to find their data deleted

Storage-device maker advises customers to unplug My Book Lives from the Internet ASAP.

Western Digital, maker of the popular My Disk external hard drives, is recommending customers unplug My Book Live storage devices from the Internet until further notice while company engineers investigate unexplained compromises that have completely wiped data from devices around the world.

The mass incidents of disk wiping came to light in this thread on Western Digital’s support forum. So far, there are no reports of deleted data later being restored.

The First Mobile Phone Call Was Made 75 Years Ago

The first mobile phone service, for 80-pound telephones installed in cars, was demonstrated on June 17, 1946, 75 years ago.  The evolution of the cell phone illustrates what it takes for technologies to go from breakthrough to big time

This week, a lot from Bruce Schneier

Is 85% of US Critical Infrastructure in Private Hands?

Most US critical infrastructure is run by private corporations. This has major security implications, because it’s putting a random power company in — say — Ohio — up against the Russian cybercommand, which isn’t a fair fight.

When this problem is discussed, people regularly quote the statistic that 85% of US critical infrastructure is in private hands. It’s a handy number, and matches our intuition. Still, I have never been able to find a factual basis, or anyone who knows where the number comes from. Paul Rosenzweig investigates, and reaches the same conclusion.

So we don’t know the percentage, but I think we can safely say that it’s a lot.

Adding a Russian Keyboard to Protect against Ransomware

A lot of Russian malware — the malware that targeted the Colonial Pipeline, for example — won’t install on computers with a Cyrillic keyboard installed. Brian Krebs wonders if this could be a useful defense.  (Bob’s Note – I did this myself, it is quick and easy.)

The many ways a ransomware attack can hurt your organization

Loss of revenue, brand and reputation damage, employee layoffs and business closures were some of the effects of a ransomware attack, according to Cybereason.

Why Kubernetes is our modern-day COBOL, says a tech expert

Commentary: Today’s infrastructure becomes tomorrow’s legacy, but there are ways to build that avoid pitfalls.

Clop ransomware suspects busted in Ukraine, money and motors seized

Victims in South Korea and the USA, suspects busted in Ukraine.

IcedID: From Word to Lateral Movement in 1 Hour

In May 2021, we observed a threat actor conducting an intrusion utilizing the IcedID payloads for initial access. They later performed a number of techniques from host discovery to lateral movement, using RDP and SMB to access the file servers within an enterprise domain.

IcedID (known as BokBot) first observed in 2017, continues to be an active and capable threat against both individuals and organizations. The IcedID malware utilizes a modular malware framework and incorporates a number of anti-forensic and defense evasion capabilities. This malware has like others before it moved into the initial access broker market being used as an entry point for follow on activity like Cobalt Strike, and has lead to multiple domain wide ransomware deployments such as Revil and Conti.  More..

Cobalt Strike – When Good Tools Go Bad

This article describes how the popular Cobalt Strike penetration testing tool is being abused by cybercriminals.  Cobalt Strike is a popular tool with cybersecurity professionals. Unfortunately, it’s also utilized by threat actors.  New research shows how Cobalt Strike is being weaponized in campaigns deploying malware ranging from the Trickbot banking Trojan to Bazar.