Cybercrime/malcode – Lifeboat News: The Blog

May 8
2022

Cybersecurity reporting mandates could make us more vulnerable, not less

Those who call for mandatory reporting have the right intent, but if it’s not implemented in the right way, it will cause more harm than good.

Mandatory reporting almost always puts companies at risk, either legally or through financial penalties. Penalizing an organization for not reporting a breach in time puts it in a worse cybersecurity posture because it is a strong incentive to turn a blind eye to attacks. Alternatively, if a company knows of a breach, it will find ways to “classify” it in a way that falls into a reporting loophole.

The reporting timelines in the law are arbitrary and not based in the reality of effective incident response. The first hours and days after a breach are integral to the actual incident reporting process, but they are chaotic, and teams are sleep-deprived. Working with lawyers to determine how to report and figuring out the evidence that companies do and don’t want to “see” just makes the process harder.

May 7
2022

This New Fileless Malware Hides Shellcode in Windows Event Logs

A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild.

“It allows the ‘fileless’ last stage trojan to be hidden from plain sight in the file system,” Kaspersky researcher Denis Legezo said in a technical write-up published this week.

The stealthy infection process, not attributed to a known actor, is believed to have commenced in September 2021 when the intended targets were lured into downloading compressed. RAR files containing Cobalt Strike and Silent Break.

May 6
2022

US sanctions Bitcoin laundering service used by North Korean hackers

The U.S. Department of Treasury today sanctioned cryptocurrency mixer Blender.io used last month by the North Korean-backed Lazarus hacking group to launder funds stolen from Axie Infinity’s Ronin bridge.

In the wake of the attack, Sky Mavis (the bridge’s creator) revealed that hackers breached the Ronin bridge on March 23 to steal 173,600 Ethereum and 25.5M USDC tokens in two transactions worth $617 million at the time, the largest cryptocurrency hack in history.

The previous most significant theft of cryptocurrency was the $611 million Poly Network hack in August 2021.

May 1
2022

Cybersecurity Incident Disrupts Tenet’s Acute Hospital Operations

Tenet Healthcare Corporation recently experienced a cybersecurity incident in April 2022, which resulted in a temporary disruption to a subset of acute care operations.

The report from Tenet comes on the heels of telephone and computer problems occurring at St. Mary’s Medical Center and Good Samaritan Medical Center in West Palm Beach Florida, that were reported by WPTV NewsChannel 5. Tenet health is the parent company for both of the medical centers.

Patients and staff have contacted WPTV NewsChannel 5 expressing concerns about patient care tied to limits of electronic charting and their inability to communicate by telephone.

Apr 30
2022

Elon Musk’s SpaceX Shuts Down Russian Jamming Attack!

When it comes to responding to emerging threats, the Pentagon’s director for electromagnetic warfare suggested today that the US military’s electronic warfare organization should borrow a leaf from SpaceX.

SpaceX founder Elon Musk said that Russia had jammed Starlink terminals in Ukraine for hours at a time after SpaceX shipped Starlink terminals to Ukraine in February in an apparent effort to help Ukraine preserve its internet connection amid the war with Russia. Starlink was back up and running after a software upgrade, according to Musk, who added on March 25 that the constellation had “resisted all hacking & jamming attempts” in Ukraine.

Assuming Musk — who is known for being a showboater in his public pronouncements — is giving an accurate image, a private company thwarting Russian EW attempts with software updates is the kind of thing that makes Pentagon EW experts sit up and take notice.

“That’s wonderful from the standpoint of an EW technologist. Dave Tremper, head of electronic warfare for the Pentagon’s acquisition office, remarked, “That paradigm and how they executed that is sort of eyewatering to me.” “We need to be able to upgrade in the same way that Starlink was able to when a threat appeared. We need to be able to modify our electromagnetic posture quickly, and we need to be able to change what we’re attempting to do without sacrificing capabilities.”

Subscribe — https://bit.ly/3lPAZZ3

Apr 27
2022

Google Issues Warning For Billions Of Chrome Users

Google Chrome has been successfully hacked yet again with multiple new vulnerabilities that impact the browser across all major platforms. Here’s everything you need to know to stay safe.

New attacks have successfully hacked Google Chrome and users worldwide need to take action…

Apr 26
2022

Russia’s Attack on Ukraine is Making Everything on this Planet Worse

James McCall SpringerHmmm… So quantum computing systems aren’t close to being perfected BUT they’re being used for ransomware attacks?

Is “bleepingcomouter” a bs sensationalist media producer like Futurism?

Len Rosen shared a link.

The “special operation” as Russia calls it has come with a threat of nuclear war, and consequences for food and energy security for many.

Apr 26
2022

Microsoft’s $15 billion cybersecurity business is giving investors new reason for optimism

Nadella told analysts on an earnings call that the operation had reached $10 billion in annual revenue and was “up more than 40%” year over year. In other words, it was outpacing every other major Microsoft product.

The remarks were revelatory. Nadella was known for reviving Microsoft, overseeing a fivefold expansion in market cap by that point in his seven years at the helm. That growth was largely based on turning Microsoft’s cloud business into a more serious threat to Amazon Web Services in a giant market.

By letting investors in on the enormity of Microsoft’s security business, Nadella was casually uncovering a powerful growth engine. Total revenue across the company was up just 14% from the prior year. And by way of comparison, Palo Alto Networks, one of the largest pure-play security software companies, delivered 21% revenue growth over roughly the same period, on a base smaller than $4 billion.

Apr 26
2022

Quantum ransomware seen deployed in rapid network attacks

The Quantum ransomware, a strain first discovered in August 2021, were seen carrying out speedy attacks that escalate quickly, leaving defenders little time to react.

The threat actors are using the IcedID malware as one of their initial access vectors, which deploys Cobalt Strike for remote access and leads to data theft and encryption using Quantum Locker.

The technical details of a Quantum ransomware attack were analyzed by security researchers at The DFIR Report, who says the attack lasted only 3 hours and 44 minutes from initial infection to the completion of encrypting devices.

Apr 25
2022

Hackers say cracking power grid tech was easiest challenge yet

During an industrial control systems hacking challenge, a Dutch team won $40,000 for cracking tech used to control the power grid.