Newsletters

RunZero is one of this newsletter's four main supporters and this week's featured sponsor. The company's main product is its network discovery and asset inventory platform, which can be used to find any managed and unmanaged assets inside a customer's network. To learn more, please check out this runZero product demo below:

Pig-butchering crackdown: The US Department of Justice said it seized seven websites that were being used to trick victims as part of an online scam scheme known as "pig butchering." Pig butchering schemes are a combination of romance, investment, and cryptocurrency scams, where victims are approached via dating sites and then social-engineered into making various investment or cryptocurrency transactions. Pig butchering scams originated in Southeast Asia—where they have deep ties to criminal cartels—and are spreading globally. The DOJ said the seized domains impersonated the Singapore International Monetary Exchange and were used to steal more than $10 million from at least five victims.

Ten BEC scammers charged: The US DOJ has charged ten suspects across the US for stealing more than $11.1 million from state Medicaid programs and private health insurers. Officials said the group used BEC schemes where they posed as business partners to divert money from their victims' bank accounts into accounts operated by their money mules. The DOJ said that five state Medicaid programs, two Medicare Administrative Contractors, and two private health insurers fell victim and lost money to the group.

Quantum encryption deadline: The Office of Management and Budget has ordered federal agencies to scan their systems and provide an inventory of assets containing cryptographic systems that could be cracked by quantum computers in the coming years. Agencies have a deadline until May 4, 2023, according to an OMB memo [PDF]. The memo comes after the White House directed US government agencies to mitigate risks from quantum computers earlier this year and after the NSA ordered that all government agencies that handle classified information must use quantum-resistant encryption algorithms by 2035. [Additional coverage in FedScoop]

AGs ask FTC for online privacy regulation: A coalition of 33 state attorneys general have urged the US Federal Trade Commission to pass regulation around online data collection practices. AGs said they are "concerned about the alarming amount of sensitive consumer data that is amassed, manipulated, and monetized," and that they regularly receive inquiries from consumers about how their data is being hoarded and abused. [Read the full letter here/PDF]

Indian privacy regulation: The Indian government has published the long-awaited first public draft of its upcoming data privacy law—known as the Digital Personal Data Protection Bill. According to the law's text, companies that operate in India and handle the personal data of Indian citizens must use clear and plain language to describe what data they collect and for what purpose. The new law includes many clauses similar to the EU GDPR, such as requiring companies to notify users about security breaches, and allowing users to delete their data from online services. Companies that fail to comply with this upcoming regulation risk some of the largest fines in the world for a privacy breach, fines of up to 500 crore rupees—up to $61 million.

Universal health code in China: The Chinese government is planning to digitize the health records of its citizens and assign them a "universal health code" by 2025. The move has sparked fear among Chinese activists that the digitized health records could be used to bar citizens' access to certain services, jobs, or benefits based on their medical history, genetic information, or family history.

Qatar WC app warning: Officials for the Dutch, German, French, and Norwegian governments have warned against installing Qatar's World Cup apps Ehteraz and Hayya, citing several privacy and security concerns. German officials specifically recommend that in cases where the use of any of the apps is necessary, that users install the apps on a separate phone that does not store any of their personal data and then wiping the device after use during the World Cup events.

US-China cyber report: In its yearly report to Congress, the US-China Economic and Security Review Commission has found that "China has developed formidable offensive cyber capabilities over the past decade and is now a world leader in vulnerability exploitation." The commission also found that China "enjoys an asymmetric advantage" over the US in cyberspace due to its unwillingness to follow norms for responsible state behavior. The report found that China selectively applies and promotes norms to benefit its authoritarian view of cyberspace and is "creating new organizations to supplant existing cyber governance mechanisms in line with its vision for the internet."

On November 12, Australia's Minister for Cyber Security and Home Affairs Clare O'Neil announced "an ongoing, joint standing operation to investigate, target and disrupt cyber criminal syndicates with a priority on ransomware threat groups". Speaking to the ABC's Insider's program the next day, O'Neil used strong language, describing the operation as "a partnership of new policing between the Australian Signals Directorate (ASD), which are the cyber guns of the Australian Public Service, and the Australian Federal Police (AFP)".

"What they will do is scour the world, hunt down the criminal syndicates and gangs who are targeting Australia in cyber attacks and disrupt their efforts. This is Australia standing up and punching back."

Risky Biz News described the events that led to the announcement:

It is currently unknown who is behind the Moldova Leaks website, but Litvinenco said his ministry has already started a formal investigation into the hack, which will also look at the Minister of Internal Affairs, which the official said has the technical capabilities to obtain such conversations at its disposal—suggesting that investigators don't rule this out as an insider attack.

But even if this could be the work of some hacker-for-hire mercenary group, several infosec figures believe this is the work of Russia's GRU agency, which has executed hack-and-leak operations in the past to push Russia's political interests abroad.

And as a former part of the Soviet Union, Russia has quite an interest in keeping Moldova under its sphere of influence and not letting it align with the EU and Romania.

O'Neil's statement came on the same day that the AFP issued a press release identifying the Medibank hackers as being located "in Russia."

"We believe we know which individuals are responsible but I will not be naming them," said AFP Commissioner Reece Kershaw. "What I will say is that we will be holding talks with Russian law enforcement about these individuals."

After years during which law firms, cyber-insurance providers, and even security firms and law enforcement have closed their eyes during ransomware negotiations and allowed victims to pay ransom demands in order to placate attackers, these criminal cartels have grown their operations and intensified attacks feedings on profits but also on a sense of invincibility.

DDOS attacks on election day: Some websites operated by the Mississippi state government were knocked offline during the US midterm elections on Tuesday following DDOS attacks claimed by pro-Russian hacktivist groups. None of the attacked websites were involved in the vote and vote counting process.

Not a cyber-attack: Officials from Suffolk County in the state of New York dismissed rumors of a cyber-attack on their infrastructure on Tuesday, on election night, after some election workers had to collect voting tallies on memory cards and drive to a central office to upload the results on state computer servers. Officials said this happened because "electronic security measures put in place to protect elections systems from cyber attacks had overtaxed and slowed an older operating system," which initially made election authorities believe they were the victim of a cyber-attack.

Cyber.org Range expands nationwide: A Louisiana pilot program called Cyber.org Range—designed to teach K-12 students cybersecurity skills—announced it would expand to all 50 US states after receiving funding, including from the US Cybersecurity and Infrastructure Security Agency.

Medibank update: In an update on its data breach disclosure, Australian private health insurance provider Medibank said the personal information of more than 9.7 million Australians was stolen in a ransomware attack last month. The company said it does not plan to pay the threat actor's ransom demand. A ransomware gang known as BlogXX (believed to be a subgroup of the older REvil gang) took credit for the intrusion and data theft.

Cyber-attack cripples Mexico's transportation system: According to a report, Mexico's transportation ministry has stopped issuing new permits, license plates, and driver's licenses for commercial truck operators until December 31 because of a cyberattack that hit the IT infrastructure of the Secretariat of Infrastructure, Communications and Transport (SICT) in late October. (via DataBreaches.net)

Pando crypto-heist: DeFi platform Pando said it was the target of a hack last Saturday when a threat actor tried to steal more than $70 million worth of cryptocurrency from the platform's wallets. The company said it managed to freeze $50 million of the stolen funds, but the attacker successfully stole more than $21.8 million of its funds. Pando said the hacker used an Oracle attack against one of its protocols and is still hoping to negotiate with the attacker to return some of the stolen funds.

Solend crypto-heist: DeFi platform Solend said it lost $1.26 million worth of cryptocurrency following an Oracle attack on its platform, targeting the Hubble (USDH) currency.

Successful defense: In a post-mortem, pNetwork said it successfully defended an attack on its pGALA token.

DSB cyber-attack: Danish train operator DSB said that the disruptions to some of its trains over the previous weekend were the result of a cyber-attack on the infrastructure of one of its IT subcontractors.

Group-IB and Orange researchers said that while the group used basic phishing attacks and off-the-shelf remote access trojans to gain an initial foothold in their victim's networks, OPERA1ER has exhibited both restraint and patience.

Some intrusions lasted months, as the group moved laterally across bank systems while they observed and mapped the internal network topology before springing their attack.

Rustam Mirkasymov, Head of Group-IB's Threat Research in Europe, told RiskyBizNews that the group typically waited and sought to identify and compromise bank systems that handled money transfers.