A new ransomware gang emerges, a patching failure was behind a co-ordinated cyber attack on Denmark, and more.
Welcome to Cyber Security Today. It’s Wednesday, November 15th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
 |
 |
 |
A new ransomware group has emerged from the remains of the Hive group. Hive was taken down by several police agencies in January. But according to researchers at Bitdefender, a gang calling itself Hunters International has emerged from the Hive wreckage. It appears the Hive gang leadership either transferred whatever assets they had to the new group after the police action, or they just renamed themselves. For its part Hunters International says it bought the source code and whatever was left of Hive’s IT infrastructure. Regardless, Bitdefender reminds IT leaders that these days ransomware groups prioritize data stealing over data encryption, so watch for unusual data movements.
By the way, Hunters International recently claimed it stole 200 GB of data last month from a Kentucky property management firm. The data allegedly has personal information about the firm’s tenants.
Speaking of ransomware, the LockBit ransomware gang has published all of the data it allegedly stole from aircraft manufacturer Boeing last month. Boeing has confirmed a cyber attack but said little more.
Meanwhile the FBI and the U.S. Cybersecurity and Infrastructure Security Agency released an update to their background paper on the Royal ransomware gang. It includes information on the gang’s tactics as well as indicators of compromise.
A supposed member of the LockBit ransomware gang told Reuters that China’s Industrial and Commercial Bank paid up after the U.S. branch of the financial institution was hit last week. The news agency was unable to verify the claim.
The FBI knows the names of at least a dozen members of the hacking group that recently broke into Las Vegas casino operators MGM Resorts and Caesars Entertainment. That’s according to the Reuters news agency. It bases that on interviews with several cybersecurity companies who say they know about the progress of the FBI investigation. But these people are baffled why the feds haven’t charged anyone yet. The FBI and the U.S. Department of Justice refused to comment on where the investigation stands.
Australia’s biggest port operator is gradually restarting operations after a cyber attack I told you about on Monday. DP World Australia had to suspend work and cut internet connectivity for three days in major terminals. It’s not expected that full operations will be back to pre-attack levels for several weeks.
Denmark’s computer emergency response team for the critical infrastructure sectors has published a detailed report on last May’s co-ordinated cyberattacks against 22 companies. Eleven providers were quickly compromised on May 11th. One reason why: Their IT departments hadn’t patched Zyxel firewalls although a warning of a vulnerability was issued two weeks earlier. Among the report’s recommendations to IT leaders are these from Cybersecurity 101: Make sure only those services needed are exposed to the internet. And make sure you have a process for quickly patching critical software and hardware. It’s a report all IT leaders should read. There’s a link to it in the text version of this podcast at ITWorldCanada.com.
School districts in the U.S. are pleading with local taxpayers and state officials for more money to fight cyber attacks. According to Minnesota Public Radio, voters in at least 17 communities last week faced ballot questions on letting local school boards raise taxes for cybersecurity improvements. More than half were approved. Which raises the question of who would vote no to this?
Finally, the Mirai botnet of millions of infected computers is used for launching denial of service attacks and spreading malware. It was created by three American teenagers. Read what happened after they were caught at Wired.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon
