WyzGuys Tech Talk

A quick Saturday digest of cybersecurity news articles from other sources.

LANtenna hack spies on your data from across the room!

Are your network cables acting as undercover wireless transmitters? What can you do if they are?

A few posts from Bruce Schneier

FBI Had the REvil Decryption Key

[2021.09.22] The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didn’t pass it along to victims because it would have disrupted an ongoing operation.

The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs.

But the FBI held on to the key, with the agreement of other agencies, in part because it was planning to carry out an operation to disrupt the hackers, a group known as REvil, and the bureau did not want to tip them off. Also, a government assessment found the harm was not as severe as initially feared.

Fighting ransomware is filled with security trade-offs. This is one I had not previously considered.

Another news story.

ROT8000

[2021.09.23] ROT8000 is the Unicode equivalent of ROT13. What’s clever about it is that normal English looks like Chinese, and not like ciphertext (to a typical Westerner, that is).

The Proliferation of Zero-days

[2021.09.24] The MIT Technology Review is reporting that 2021 is a blockbuster year for zero-day exploits:

One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of hacking tools.

Powerful groups are all pouring heaps of cash into zero-days to use for themselves — and they’re reaping the rewards.

At the top of the food chain are the government-sponsored hackers. China alone is suspected to be responsible for nine zero-days this year, says Jared Semrau, a director of vulnerability and exploitation at the American cybersecurity firm FireEye Mandiant. The US and its allies clearly possess some of the most sophisticated hacking capabilities, and there is rising talk of using those tools more aggressively.  […]

Few who want zero-days have the capabilities of Beijing and Washington. Most countries seeking powerful exploits don’t have the talent or infrastructure to develop them domestically, and so they purchase them instead.  […]

It’s easier than ever to buy zero-days from the growing exploit industry. What was once prohibitively expensive and high-end is now more widely accessible.  […]

And cybercriminals, too, have used zero-day attacks to make money in recent years, finding flaws in software that allow them to run valuable ransomware schemes.

“Financially motivated actors are more sophisticated than ever,” Semrau says. “One-third of the zero-days we’ve tracked recently can be traced directly back to financially motivated actors. So they’re playing a significant role in this increase which I don’t think many people are giving credit for.”  […]

No one we spoke to believes that the total number of zero-day attacks more than doubled in such a short period of time — just the number that have been caught. That suggests defenders are becoming better at catching hackers in the act.

You can look at the data, such as Google’s zero-day spreadsheet, which tracks nearly a decade of significant hacks that were caught in the wild.

One change the trend may reflect is that there’s more money available for defense, not least from larger bug bounties and rewards put forward by tech companies for the discovery of new zero-day vulnerabilities. But there are also better tools.

Bob says:  You are probably aware that there has developed a long-standing and serious threat of attack  against our critical infrastructure, especially our electrical generation and distribution systems, the electrical grid.  The electrical grid is run in most cases by major corporate entities, and smaller rural electric cooperatives, which may mean that there are the financial resources necessary to secure the electrical infrastructure.  Maybe.  Hopefully.  Still, there are over 3500 electric companies in the US.

What might be more frightening is this same risks exist for our water utilities, most of which are owned and operated by relatively speaking small municipal governments.  That would be over 50,000 water supply systems.  As most municipal governments will tell you, they never have enough money.  Ransomware attacks against even large municipal governments such as Baltimore showed how weak municipal cyber-defenses are.  I think we can expect an attack on the water supply system in any future cyberwar attack.  This I believe is a more serious vulnerability than the grid.

Ongoing Cyber Threats to U.S. Water and Wastewater Systems Sector Facilities

Original release date: October 14, 2021

CISA, the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) that details ongoing cyber threats to U.S. Water and Wastewater Systems (WWS) Sector. This activity—which includes cyber intrusions leading to ransomware attacks—threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities. The joint CSA provides extensive mitigations and resources to assist WWS Sector facilities in strengthening operational resilience and cybersecurity practices.

CISA has also released a Cyber Risks & Resources for the Water and Wastewater Systems Sector infographic that details both information technology and operational technology risks the WWS Sector faces and provides select resources.

Two-Thirds of Organizations Have Been a Target of Ransomware

The latest data reveals ransomware’s pervasiveness throughout every industry, size, and type of organization, confirming its’ place as the No. 1 cyberthreat today – and a glaring clue why…

We told you last month about Fortinet’s findings where ransomware grew over 1000% between July 2020 and June 2021. This new data from Fortinet’s 2021 Ransomware Survey Report shows just how egregious ransomware attacks are today, and how organizations aren’t making the connection between the cyberattack and their own users. First a bit of data on the state of ransomware attacks:

• 67% of orgs have been a target of ransomware attacks
• 16% have been hit three or more times
• 96% feel at least moderately prepared (despite the % of attacks indicating otherwise)

So, organizations should take a look at why they are being hit so much, right? I don’t think they see what I’m seeing in the rest of the data – take a look:

• Nearly a third (32%) say there’s a lack of security awareness training
• 61% have user training – but as part of an incident response plan (after and not before???)
• 58% of ransomware attacks in North America start with phishing a user

And most importantly:

In the list of protection and defensive measures essential to secure against ransomware, nowhere to be found is security awareness training:

I can only conclude that some organizations today are not making the connection between their own users playing a part in either helping or stopping ransomware attacks. New-school security awareness training helps you create a proactive security stance designed to stop ransomware attacks that start with phishing as the initial attack vector.

Blog post with links:
https://blog.knowbe4.com/two-thirds-of-organizations-have-been-a-target-of-ransomware