AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/20/2021

CISA says BlackMatter ransomware group behind recent attacks on agriculture companies

CISA, the FBI and NSA officially implicated the BlackMatter ransomware group in the recent attacks on two agriculture companies, confirming the assessments of some security researchers who said the gang was behind incidents involving New Cooperative and Crystal Valley in September. New Cooperative — an Iowa-based farm service provider — was hit with a ransomware attack on September 20 and BlackMatter demanded a $5.9 million ransom. Crystal Valley, based in Minnesota, was attacked two days later. Both attacks came as harvests began to ramp up for farmers. In the advisory, CISA, the FBI and NSA said BlackMatter has targeted multiple US critical infrastructure entities since July. The advisory provides a detailed examination of BlackMatter’s tactics and outlines how the group typically attacks organizations. 

 

83% of ransomware victims paid ransom

A new survey of 300 US-based IT decision-makers found that 64% have been victims of a ransomware attack in the last 12 months, and 83% of those attack victims paid the ransom demand. Cybersecurity company ThycoticCentrify released its “2021 State of Ransomware Survey & Report” on Tuesday, featuring the insights of IT leaders who have dealt with ransomware attacks over the last year. Of those surveyed, 72% have seen cybersecurity budgets increase due to ransomware threats, and 93% are allocating special budgets to fight ransomware threats. Half of the respondents said they experienced a loss of revenue and reputational damage from a ransomware attack, while 42% indicated they had lost customers as a result of an attack. More than 30% said they were forced to lay off employees as well. Respondents said the most vulnerable vectors for ransomware attacks were email (53%), followed by applications (41%) and the cloud (38%).

 

Consolidating your tech stack improves your cybersecurity posture

CISOs and IT security leaders today must address both rapid change across the threat landscape and rapid evolution of the IT environment. Cybercriminals continue to evolve new and more sophisticated attack methods. At the same time, attack surfaces continue to expand with the adoption of cloud, the growth of IoT, and more commonplace work-from-anywhere practices.  Faced with a more complex threat environment and a more complex infrastructure to defend, many IT executives have invested in more and more point solutions in the ongoing hunt for the next best-of-breed silver bullet. The result is tech stack sprawl which, ironically, can put mid-sized companies at even greater risk as complexity interferes with protection. The answer is consolidation — replacing multiple single-purpose products with fewer multi-function ones.

 

Facebook May No Longer Be Called Facebook Starting Next Week

Facebook wants to change its company name as soon as next week; this is based on a report coming from The Verge. The new company name will reflect Facebook’s focus on creating a metaverse, a concept that has quickly taken a massive hype in the tech world. Mark Zuckerberg is planning to talk about the name change at the upcoming annual Connect conference on October 28th, but the name might end up being revealed earlier, as per the report. The rebrand will likely put Facebook as a separate product under a new parent company responsible for overseeing other products and services like WhatsApp, Instagram, Oculus, and more. This is not shocking, as Google also did something similar back in 2015 when it set up a parent company called Alphabet.

 

Brave Browser Says Goodbye to Google As Default Search Engine, Replaces With ‘Privacy-Preserving’ Brave Search

The increasingly popular privacy-focused browser Brave is officially saying goodbye to Google as its default search engine, replacing the world’s most popular search engine in favor of “Brave Search,” the company announced in a blog post. Brave Search is Brave’s answer to customers wanting a “privacy-preserving” search engine, and it’s built using Brave’s own “independent index, and doesn’t track users, their searches, or their clicks.” Brave users in the United States, United Kingdom, and Canada will automatically have Brave Search set as their default search engine in the address bar instead of Google. Brave Search is also replacing other default browsers, such as Qwant in France and DuckDuckGo in Germany.

 

“Killware”: Is it just as bad as it sounds?

On October 12, after interviewing US Secretary of Homeland Security Alejandro Mayorkas, USA TODAY’s editorial board warned its readers about a dangerous new form of cyberattack under this eye-catching headline: “The next big cyberthreat isn’t ransomware. It’s killware. And it’s just as bad as it sounds.” But while “killware” sounds scary, the term itself is unhelpful when describing the many types of cyberattacks that, like USA TODAY wrote, “can literally end lives,” and that’s because nearly any type of hack, no matter the intention, can result in death. Complicating this is the fact that the known cyberattacks that have allegedly led to deaths already have a category: ransomware. Further, the term “killware” can confuse antivirus customers seeking reassurance that their own vendor is protecting them from this threat, but antivirus vendors do not stop attacks based on intent, they stop attacks based on method.

 

Hacker steals government ID database for Argentina’s entire population

A hacker has breached the Argentinian government’s IT network and stolen ID card details for the country’s entire population, data that is now being sold in private circles. The hack, which took place last month, targeted RENAPER, which stands for Registro Nacional de las Personas, translated as National Registry of Persons. The agency is a crucial cog inside the Argentinian Interior Ministry, where it is tasked with issuing national ID cards to all citizens, data that it also stores in digital format as a database accessible to other government agencies, acting as a backbone for most government queries for citizen’s personal information. The first evidence that someone breached RENAPER surfaced earlier this month on Twitter when a newly registered account named @AnibalLeaks published ID card photos and personal details for 44 Argentinian celebrities.

Related Posts