Newsletters

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

Exploits demonstrated at a China-based competition to poke holes in the world's most popular technologies bode poorly for future US dominance in exploit development.

The CCP-endorsed 2020 Tianfu Cup paid out a US$1 million prize pool to domestic hacking teams that could exploit the world's most popular operating systems (Windows, Android, iOS, CentOS), web browsers (Chrome and Safari), smartphones (iPhones and Samsung Galaxy), software infrastructure (VMware ESXi, Docker-CE, QEMU-KVM), apps and home routers.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

You might have noticed this newsletter has arrived later than usual. We held back this week on the off-chance something big would happen during the election, but it turns out it was for nought. The result is looking clearer by the hour and we can confidently say that cyber shenanigans played no part in the outcome.

Officials from CISA, the agency charged with overseeing election security, described election day as "just another Tuesday on the Internet."

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

The FBI and CISA are taking measured steps to control the narrative around interference in the US election, going public this week with a detailed account of recent US intrusions by a Russian espionage actor.

As forecast in last week's newsletter (see "Recent US Government intrusions had a Russian energy about them"), attacks now attributed to Energetic/Berserk Bear (aka DragonFly) were described in impressive detail in a CISA advisory that offers defenders a trove of indicators to work with.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

The US Department of Justice has unsealed charges against six members of Russia's GRU military intelligence Unit 74455, the group known as "Sandworm", connecting them to several of the most destructive and impactful cyber attacks in history.

The indictment accuses Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin of contributing to:

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

In late September, private sector threat analysts planning a takedown of the TrickBot botnet were surprised to discover that somebody was already a step ahead of them.

On September 22 and again on October 1, an unknown party pushed a new configuration file to TrickBot infected-devices that redirected command and control (C2) traffic back to the infected machine's own loopback address (127.0.0.1). The attacker also fed bogus records into TrickBot's database of infected devices.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

Over 250 hospitals across the United States have resorted to pen and paper for the last nine days after the corporate network of Universal Health Services (UHS) was infected with Ryuk ransomware last Sunday.

The Wall Street Journal reported that UHS decommissioned systems used for "medical records, laboratories and pharmacies" at 250 US sites as a preventative measure after detecting the malware infection.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

The US Department of Justice has doxxed over 50 state-sponsored hackers from China and Iran in a spree of indictments and sanctions.

The indictments exposed 'front companies' for intelligence services in both countries that engage in cybercrime and espionage operations. They included:

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

Despite repeated attempts by this newsletter to rename CISA the "Critical Infrastructure Security Agency", the stubborn bureaucrats and LOSERS in Congress want to stick with "Cybersecurity and Infrastructure Security Agency". Our name works better, but whatever. (Apologies for the repeated error).

Eight weeks out from the 2020 Presidential election, the United States hasn't had to contend with the 'hack and leak' operations that marred the lead-up to the 2016 election. Yet.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

Chile's national CSIRT placed the country on 'high alert' yesterday after one of the country's largest banks was crippled by a ransomware attack.

On Sunday, Banco Estado announced that malicious software has been detected on its systems over the weekend. The bank reassured clients that digital channels (ATMs, websites, apps) were unaffected but encouraged them to avoid branches the following day. Despite these assurances, hundreds of users complained on social media that some online banking features were not working.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

The US Government has stepped up its campaign to expose North Korea's state-backed cybercrime operations, this week doxxing malware the DPRK uses to cash out attacks on banks and the techniques it uses to launder funds stolen from cryptocurrency exchanges.

Four US Government agencies co-authored an update to a 2018 report on how North Korea's "BeagleBoyz" steals funds from ATMs. “BeagleBoyz” is IC-speak for a cybercrime unit within North Korea's General Reconnaissance Bureau accused of stealing up to US$2 billion for Kim Jong-Un's regime.