Newsletters

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

The FBI and CISA are taking measured steps to control the narrative around interference in the US election, going public this week with a detailed account of recent US intrusions by a Russian espionage actor.

As forecast in last week's newsletter (see "Recent US Government intrusions had a Russian energy about them"), attacks now attributed to Energetic/Berserk Bear (aka DragonFly) were described in impressive detail in a CISA advisory that offers defenders a trove of indicators to work with.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

The US Department of Justice has unsealed charges against six members of Russia's GRU military intelligence Unit 74455, the group known as "Sandworm", connecting them to several of the most destructive and impactful cyber attacks in history.

The indictment accuses Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin of contributing to:

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

In late September, private sector threat analysts planning a takedown of the TrickBot botnet were surprised to discover that somebody was already a step ahead of them.

On September 22 and again on October 1, an unknown party pushed a new configuration file to TrickBot infected-devices that redirected command and control (C2) traffic back to the infected machine's own loopback address (127.0.0.1). The attacker also fed bogus records into TrickBot's database of infected devices.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

Over 250 hospitals across the United States have resorted to pen and paper for the last nine days after the corporate network of Universal Health Services (UHS) was infected with Ryuk ransomware last Sunday.

The Wall Street Journal reported that UHS decommissioned systems used for "medical records, laboratories and pharmacies" at 250 US sites as a preventative measure after detecting the malware infection.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

The US Department of Justice has doxxed over 50 state-sponsored hackers from China and Iran in a spree of indictments and sanctions.

The indictments exposed 'front companies' for intelligence services in both countries that engage in cybercrime and espionage operations. They included:

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

Despite repeated attempts by this newsletter to rename CISA the "Critical Infrastructure Security Agency", the stubborn bureaucrats and LOSERS in Congress want to stick with "Cybersecurity and Infrastructure Security Agency". Our name works better, but whatever. (Apologies for the repeated error).

Eight weeks out from the 2020 Presidential election, the United States hasn't had to contend with the 'hack and leak' operations that marred the lead-up to the 2016 election. Yet.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

Chile's national CSIRT placed the country on 'high alert' yesterday after one of the country's largest banks was crippled by a ransomware attack.

On Sunday, Banco Estado announced that malicious software has been detected on its systems over the weekend. The bank reassured clients that digital channels (ATMs, websites, apps) were unaffected but encouraged them to avoid branches the following day. Despite these assurances, hundreds of users complained on social media that some online banking features were not working.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

The US Government has stepped up its campaign to expose North Korea's state-backed cybercrime operations, this week doxxing malware the DPRK uses to cash out attacks on banks and the techniques it uses to launder funds stolen from cryptocurrency exchanges.

Four US Government agencies co-authored an update to a 2018 report on how North Korea's "BeagleBoyz" steals funds from ATMs. “BeagleBoyz” is IC-speak for a cybercrime unit within North Korea's General Reconnaissance Bureau accused of stealing up to US$2 billion for Kim Jong-Un's regime.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

Uber's former chief security officer Joe Sullivan has been charged with obstruction and misprision (concealing evidence of a felony) over his role in Uber's handling of a 2016 data breach.

The US Department of Justice alleges in a criminal complaint that while Uber CSO, Sullivan withheld information about an ongoing security incident from Federal Trade Commission (FTC) investigators, who were investigating the ride-sharing company over a 2014 breach that pre-dated Sullivan's tenure.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

The NSA’s exposure of Linux malware developed by Russia’s GRU is capturing the lion’s share of attention this week, but the issue affecting everyone right now is something less flashy but a lot more urgent: OAuth phishing.

This week we learned that attackers stole 28,000 emails from the SANS Institute after tricking one of its employees into installing a malicious Microsoft 365 app that allowed access to their mailbox.