Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


WSJ: “SEC Sues SolarWinds Over 2020 Hack Attributed to Russians”

October 30, 2023 the Wall street Journal broke news that the United States Security and Exchange Commission sued Solarwinds. Here are the first few paragraphs and there is a link to the full WSJ article at the bottom : “the software company victimized by Russian-linked hackers over three years ago, alleging the firm defrauded shareholders by repeatedly misleading them about its cyber vulnerabilities and the ability of attackers to penetrate its systems.

“The SEC’s lawsuit is a milestone in its evolving attempt to regulate how public companies deal with cybersecurity. A hack that steals business secrets or customer data often pummels the victim company’s stock price, showing why firms with public shareholders have to accurately disclose such threats, the SEC says. The regulator recently imposed stricter cybersecurity reporting rules for public companies.

“The lawsuit also presents a different view of the breach of SolarWinds, which portrayed itself as the victim of a highly sophisticated intrusion that other government agencies said was part of a Russian espionage campaign. The intrusion went undiscovered for more than a year and gave intruders footholds in at least nine federal agencies that used SolarWinds’ software.

“The SEC’s role in cybersecurity is controversial, with business groups saying its investigations can shift blame to the victim. Other law-enforcement agencies prefer to keep quiet while they probe hackers and sometimes clash with the SEC over its demands for disclosure. The SolarWinds case is the first time securities regulators have gone to court with civil-fraud claims—the most serious charge at the agency’s disposal—against a public company over a hack.”

I suggest you send this WSJ Link to your C-level InfoSec decision makers. This is a first.

https://www.wsj.com/finance/regulation/sec-sues-solarwinds-over-2020-hack-attributed-to-russians-70562fb5?


September Sees a 32% Increase in the Number of Ransomware Attacks

in Just One Month

Continued analysis of ransomware attacks shows an upward trend in the number of attacks, with September resulting in the highest number of assaults so far this year.

IT security vendor NCC Group’s Cyber Threat Intelligence Report for September 2023 shows some startling revelations about why ransomware attacks are spiking. According to the report:

  • The lion’s share of attacks were focused on the Industrial sector, who took the brunt of one-third of the ransomware attacks in September
  • Half of all attacks targeted the United States, with another 30% focused on Europe
  • Lockbit 3.0 was the dominant player, being responsible for 32% of all attacks last month

What’s also disturbing is the presence of a newcomer ransomware threat group, RansomedVC, who are claiming responsibility for an attack on Sony at the end of September. This group first showed up on NCC Group’s radar in August and jumped to the fourth-most active group in September, giving credence to the need to keep our eyes on their future activities.

Most of these ransomware groups still rely on phishing as their initial attack vector, making it imperative that security awareness training be a critical part of your organization’s cyber defense strategy to fend off social engineering attacks via email used to trick users into kicking off the attack.


Critical vulnerability in Atlassian Confluence server is under “mass exploitation”

A critical vulnerability in Atlassian’s Confluence enterprise server app that allows for malicious commands and resets servers is under active exploitation by threat actors in attacks that install ransomware, researchers said.

“Widespread exploitation of the CVE-2023-22518 authentication bypass vulnerability in Atlassian Confluence Server has begun, posing a risk of significant data loss,” Glenn Thorpe, senior director of security research and detection engineering at security firm GreyNoise, wrote on Mastodon on Sunday. “So far, the attacking IPs all include Ukraine in their target.”


How to Tell if Social Media Is Harming Your Mental Health

While social media can be an amazing tool for connection, inspiration, and business, it’s all too easy to become addicted to the gratification that comes with online popularity. If you’re worried about your mental health as a result of social media, this guide can give you actionable advice to help you take back control.”


How to Secure the 5 Cloud Environment Types

This article explores the key characteristics, security threats, and best security practices for five key cloud security environments: public cloud, private cloud, hybrid cloud, multi-cloud, and multi-tenant cloud.


Visual Examples of Code Injection

Code injection techniques (T1055 from MITRE[1]) is a common technique these days. It’s a nice way for an attacker to hide malicious code into a legit process. A deviation of this technique is called “Process Hollowing”[2] where code of the legit suspended process is wiped and replaced by malicious code. Code injection is performed by calling Microsoft API calls like: VirtualAllocEx(), NtUnmapViewOfSecrio(), WriteProcessMemory(), … (they are many others available)

When I’m teaching FOR610[3], many students are wondering why such API calls are provided by Microsoft to perform so dangerous actions. Indeed, there is no “hacking magic”. Microsoft supports them. for them, it’s difficult to “see” how such program behaves.  More…

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.