CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Website Subscribe

Episode 52: April 03 2023

April 3, 2023 Jim Guckin CyberSecurity News Byte Weekly 30:3743.13M Comments Off on Episode 52: April 03 2023

Links

https://www.bleepingcomputer.com/news/security/fake-ransomware-gang-targets-us-orgs-with-empty-data-leak-threats/

https://www.bleepingcomputer.com/news/security/dish-slapped-with-multiple-lawsuits-after-ransomware-cyber-attack/

https://www.bankinfosecurity.com/north-korean-lazarus-group-linked-to-3cx-supply-chain-hack-a-21597

https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/

https://www.hackread.com/ukrainian-hacktivists-russian-military-wives/

Impersonating Ransomware Gangs for Extorsion

  • Not a new scam
    • Being observed since 2019
    • In the end a social engineering scam
  • Midnight
    • Targeting US companies in US
      • Since March 16th
    • Impersonating Ransomware Gangs
      • Post exploit
        • targeted organizations that had previously been victims of a ransomware attack.
      • Data Extortion
      • Claim to be the gang who did it
      • Threaten DDoS
        • low-level DDoS
        • threaten of larger ones
          • unless the extortionists got paid.
        • Example #1
          • employee of a holding company in the industry of petroleum additives
            • claimed to be the Silent Ransom Group (SRG)
              • AKA Luna Moth
              • splinter of the Conti syndicate
                • focused on stealing data and extorting the victim
              • .
                • subject line the name of another threat actor
                  • Surtr ransomware group
                    • December 2021
                    • encrypt company networks
                  • Example #2
                    • authors of the data breach
                    • stole 600GB of “essential data” from the servers.
                    • Sent to senior financial planner
                      • Who left more than 6 months prior
                    • Kroll corporate investigation and risk consulting firm
                      • March 23
                      • increased number of reports for emails received under the Silent Ransom Group name
                      • “This method is cheap and easily conducted by low-skilled attackers. Much like 419 wirefraud scams, the scam relies on social engineering to extort victims by placing pressure on the victim to pay before a deadline. We expect this trend to continue indefinitely due to its cost effectiveness and ability to continue to generate revenue for cybercriminals” – Kroll

DISH slapped with multiple lawsuits after ransomware cyber attack.

  • Dish Networks
    • DISH, an acronym for Digital Sky Highway
    • American Television Satellite provider
      • Own
        • Sling TV
        • Boost Mobile
      • Being Sued
        • multiple class action lawsuits
          • 6 law firms
            • On behalf of shareholders
            • recover losses faced by DISH investors who were adversely affected.
          • ransomware incident that was behind the company’s multi-day “network outage.”
          • overstated its operational efficiency.
            • deficient cybersecurity and IT infrastructure
          • “Attempted to conceal the fact that it maintained “deficient” cybersecurity and IT infrastructure while overstating its operational efficiency.”
          • Unable to properly secure customer data
            • Leaving it vulnerable
          • Cyber Attack
            • February 24th
            • offline with its websites and apps ceasing to function for days.
              • dubbed a “network outage.
              • also hit Boost Mobile
            • February 28th
              • SEC Filing
              • Confirmed it had been hit in ransomware.
              • Stock feel .79 cents to 11.41 share
            • Continues
              • March Still working to get systems back online.
              • March bills were sent out paper version.

Lazarus Group Linked to 3CX Supply Chain Hack

  • 3CX
    • Communications tool
      • macOS and Windows
    • VoIP application
    • compromised
      • compromised by attackers.
      • March 22nd, 2023
      • CVE-2023-29059
      • Self-Hosted
      • Windows
        • 12.407
        • 12.416
      • macOS
        • 11.1213
        • 12.402
        • 12.416
      • Good Version
        • 12.422
      • Volexity
        • Sophos agreed in Attribution.
        • Crowdstrike
          • identified the threat actor as Labyrinth Chollima
            • another name for Lazarus
          • analysis of the tools used in the attack.
            • Attribution to the Lazarus group
          • Reasoning
            • shellcode sequence
              • only used in the ICONIC loader and the APPLEJEUS malware
              • already linked to Lazarus
            • Lazarus
              • North Korean Backed
              • 2009 Founded
              • Financial Sectors
              • Quickly adapting techniques

Ukrainian Hacktivists Trick Russian Military Wives for Personal Info

  • Cyber Resistance
    • aka the Ukrainian Cyber Alliance
  • Trick
    • Social engineered wives of soldiers
      • To hack soldiers email accounts
    • The Con
      • Target: Colonel Sergey Valeriyevich Artoshchenko
        • bombing of a civilian-packed theatre in Mariupol in March 2022.
      • Convinced his wife to do a photoshoot.
        • Wearing husband’s uniform jacket
        • For a pin-up calendar
          • To increase the moral of Russian army
        • Hacktivists posed as an officer from her husband’s regiment.
          • Had her reach out to 12 other military wives.
        • wives took photos wearing the uniforms of their husbands.
          • provided Ukrainian hackers with enough information to track down the personal details of their husbands.
          • COVID-19 vaccination records to locate his current home, duty station, and other details.
        • hacked into the Russian Ministry of Defense website portal to hack email and get details on his salary.
        • got almost all key personal details, such as the colonel’s date of birth, address, and phone numbers.
          • publish his photo and images of his official documents and residence.
        • Wife
          • hacked and shared her private data, including her phone number, passport number, birth date, and email.
          • near nude and nude photos
            • published 2 photos in lingerie.
          • find and isolate various detailed lists of pilots, performance evaluation records of officers, bulletins, memos, theoretical and practical calculations, etc.

CyberSecurity News Byte is a weekly podcast, condensing the latest cybersecurity news, in an easily digestible format. News that you need to know to keep yourself and your organization safe from today’s threats.

Facebook Twitter Instagram

© 2021-2022 All Rights Reserved. Developed By Podcrease