CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Episode 52: April 03 2023

Links

https://www.bleepingcomputer.com/news/security/fake-ransomware-gang-targets-us-orgs-with-empty-data-leak-threats/

https://www.bleepingcomputer.com/news/security/dish-slapped-with-multiple-lawsuits-after-ransomware-cyber-attack/

https://www.bankinfosecurity.com/north-korean-lazarus-group-linked-to-3cx-supply-chain-hack-a-21597

https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/

https://www.hackread.com/ukrainian-hacktivists-russian-military-wives/

Impersonating Ransomware Gangs for Extorsion

  • Not a new scam
    • Being observed since 2019
    • In the end a social engineering scam
  • Midnight
    • Targeting US companies in US
      • Since March 16th
    • Impersonating Ransomware Gangs
      • Post exploit
        • targeted organizations that had previously been victims of a ransomware attack.
      • Data Extortion
      • Claim to be the gang who did it
      • Threaten DDoS
        • low-level DDoS
        • threaten of larger ones
          • unless the extortionists got paid.
        • Example #1
          • employee of a holding company in the industry of petroleum additives
            • claimed to be the Silent Ransom Group (SRG)
              • AKA Luna Moth
              • splinter of the Conti syndicate
                • focused on stealing data and extorting the victim
              • .
                • subject line the name of another threat actor
                  • Surtr ransomware group
                    • December 2021
                    • encrypt company networks
                  • Example #2
                    • authors of the data breach
                    • stole 600GB of “essential data” from the servers.
                    • Sent to senior financial planner
                      • Who left more than 6 months prior
                    • Kroll corporate investigation and risk consulting firm
                      • March 23
                      • increased number of reports for emails received under the Silent Ransom Group name
                      • “This method is cheap and easily conducted by low-skilled attackers. Much like 419 wirefraud scams, the scam relies on social engineering to extort victims by placing pressure on the victim to pay before a deadline. We expect this trend to continue indefinitely due to its cost effectiveness and ability to continue to generate revenue for cybercriminals” – Kroll

DISH slapped with multiple lawsuits after ransomware cyber attack.

  • Dish Networks
    • DISH, an acronym for Digital Sky Highway
    • American Television Satellite provider
      • Own
        • Sling TV
        • Boost Mobile
      • Being Sued
        • multiple class action lawsuits
          • 6 law firms
            • On behalf of shareholders
            • recover losses faced by DISH investors who were adversely affected.
          • ransomware incident that was behind the company’s multi-day “network outage.”
          • overstated its operational efficiency.
            • deficient cybersecurity and IT infrastructure
          • “Attempted to conceal the fact that it maintained “deficient” cybersecurity and IT infrastructure while overstating its operational efficiency.”
          • Unable to properly secure customer data
            • Leaving it vulnerable
          • Cyber Attack
            • February 24th
            • offline with its websites and apps ceasing to function for days.
              • dubbed a “network outage.
              • also hit Boost Mobile
            • February 28th
              • SEC Filing
              • Confirmed it had been hit in ransomware.
              • Stock feel .79 cents to 11.41 share
            • Continues
              • March Still working to get systems back online.
              • March bills were sent out paper version.

Lazarus Group Linked to 3CX Supply Chain Hack

  • 3CX
    • Communications tool
      • macOS and Windows
    • VoIP application
    • compromised
      • compromised by attackers.
      • March 22nd, 2023
      • CVE-2023-29059
      • Self-Hosted
      • Windows
        • 12.407
        • 12.416
      • macOS
        • 11.1213
        • 12.402
        • 12.416
      • Good Version
        • 12.422
      • Volexity
        • Sophos agreed in Attribution.
        • Crowdstrike
          • identified the threat actor as Labyrinth Chollima
            • another name for Lazarus
          • analysis of the tools used in the attack.
            • Attribution to the Lazarus group
          • Reasoning
            • shellcode sequence
              • only used in the ICONIC loader and the APPLEJEUS malware
              • already linked to Lazarus
            • Lazarus
              • North Korean Backed
              • 2009 Founded
              • Financial Sectors
              • Quickly adapting techniques

Ukrainian Hacktivists Trick Russian Military Wives for Personal Info

  • Cyber Resistance
    • aka the Ukrainian Cyber Alliance
  • Trick
    • Social engineered wives of soldiers
      • To hack soldiers email accounts
    • The Con
      • Target: Colonel Sergey Valeriyevich Artoshchenko
        • bombing of a civilian-packed theatre in Mariupol in March 2022.
      • Convinced his wife to do a photoshoot.
        • Wearing husband’s uniform jacket
        • For a pin-up calendar
          • To increase the moral of Russian army
        • Hacktivists posed as an officer from her husband’s regiment.
          • Had her reach out to 12 other military wives.
        • wives took photos wearing the uniforms of their husbands.
          • provided Ukrainian hackers with enough information to track down the personal details of their husbands.
          • COVID-19 vaccination records to locate his current home, duty station, and other details.
        • hacked into the Russian Ministry of Defense website portal to hack email and get details on his salary.
        • got almost all key personal details, such as the colonel’s date of birth, address, and phone numbers.
          • publish his photo and images of his official documents and residence.
        • Wife
          • hacked and shared her private data, including her phone number, passport number, birth date, and email.
          • near nude and nude photos
            • published 2 photos in lingerie.
          • find and isolate various detailed lists of pilots, performance evaluation records of officers, bulletins, memos, theoretical and practical calculations, etc.