Risky Business #624 -- Ransomware farce continues

Healthcare systems in Ireland, New Zealand among latest targets...
19 May 2021 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • The aftermath of the Colonial ransomware attack
  • Biden signs cybersecurity EO
  • DarkSide crew hounded off the Internet. For now.
  • Ransomware campaigns continue, hitting health, insurance targets globally
  • IIS PoC released
  • Rapid7 discloses Codecov-related source code breach
  • Much, much more

This week’s show is brought to you by AttackIQ. Its VP of Product Mark Bagley and Senior Director of Cybersecurity Strategy and Policy Jonathan Reiber are this week’s sponsor guests.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Colonial Pipeline resumes operations after ransomware prompted closure | Ars Technica
Colonial Pipeline hit by brief network outage amid efforts to harden system | Reuters
US government plans to disrupt hackers behind Colonial Pipeline ransomware, Biden says
DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized – Krebs on Security
Popular hacking forum bans ransomware ads | The Record by Recorded Future
Ransomware hits near pre-Colonial Pipeline levels, data suggests | Reuters
Lawmakers say Colonial Pipeline's refusal to discuss ransom undermines US efforts
Darkside gang estimated to have made over $90 million from ransomware attacks | The Record by Recorded Future
Ransomware Hackers Claim To Leak 250GB Of Washington, D.C., Police Data After Cops Don’t Pay $4 Million Ransom
Biden signs security-focused executive order meant to accelerate breach reporting, boost software standards
Ransomware’s Dangerous New Trick Is Double-Encrypting Your Data | WIRED
Ransomware strikes AXA shortly after insurer announces it will stop covering extortion fees
Irish Prime Minister says government won't pay ransom after hack forces hospitals to alter services
Cyber attack at Waikato hospitals: Patients anxiously wait for updates | RNZ News
Toshiba subsidiary confirms ransomware attack, as reports suggest possible DarkSide involvement
PoC released for wormable Windows IIS bug | The Record by Recorded Future
Security firm Rapid7 says Codecov hackers accessed some of its source code | The Record by Recorded Future
Suspected Pakistani spies use catfishing, stealthy hacking tools to target Indian defense sector
Beyond Lazarus: North Korean cyber-threat groups become top-tier, ‘reckless’ adversaries | The Daily Swig
Florida water plant compromise came hours after worker visited malicious site | Ars Technica
Brazilian gang defrauds Uber, Lyft, DoorDash using GPS spoofing and stolen IDs | The Record by Recorded Future
Operator of WeLeakInfo database marketplace sentenced to two years in prison | The Record by Recorded Future
Pentagon Surveilling Americans Without a Warrant, Senator Reveals
Hackers Are Having a Field Day With AirTags
AirTags Can Be Used To Figure Out When a House Is Empty, Researcher Warns
Two attacks disclosed against AMD's SEV virtual machine protection system | The Record by Recorded Future
Microsoft releases free online ‘playbooks’ to help businesses defend against cyber-attacks | The Daily Swig
Risky Biz Feature Podcast: A primer on Microsoft cloud security - Risky Business