Did you miss me? :-)
In case you don't remember: you used to be subscribed to this newsletter that sent you infosec news every week. I shut it down about 10 months ago, but have decided to start it up again.
While it was nice not having the pressure of curating for almost a year, I learned a simple truth: I don't keep up with security news very well if I don't have to summerise it for thousands of people. Go figure :D
I'm not going to be too hard on myself though, last time I got a bit burned out. The current plan is to write when I feel comfortable, maybe have a minimal edition a bit more often (the ones where I just share links, not summerize). And I'll send on Monday or Tuesday now, which works better for me than Friday's.
No promises on how it all works out, but I'm eager to get going. I hope you'll enjoy each issue!
Breaches and leaks
That's one thing that's different from my last issue: the sheer number of ransomware infections, goodness. There's too many to list all of them, so here's a sample of infected organisations this week:
Quite a few of these had their data leaked too, as part of the ransom extortion.
Some other breaches or leaks:
- Service NSW, an Australian governement agency, had 738GB of data stolen, affecting 186.000 customers: link.
- Crypto exchange Eterbase had $5.4 million stolen: link.
- The Digital Point webmaster forum had an unsecured Elasticsearch instance with 800.000 users in it: link.
They are seeing increased attacks from Russia, China and Iran. No real surprise there of course. Still gives me the creeps though that this is an almost normal thing now.
The exact technical details or exploitation steps weren't made available yet. From what I understand it's about weakening certain encryption keys used when two Bluetooth devices pair. There seem to be mitigations for this in the latest Bluetooth specs, vendors are recommended to implement those.
Several countries have issued warnings about increasing Emotet ransomware activity. Their method is always the same: infect one victim, revive old e-mail threads and attach a malicious attachment, like an infected Word doc or zip file, and spread out that way.
This isn't something to be worried about. The researchers themselves admit it's a very hard to execute timing attack. But it's good to know about nonetheless.
That seems like a sensible thing to do.
A great overview of the ProLock ransomware, which seems to be directed specifically at large, juice targets, with an average ransom between $400.000 and $1mil.
I got a bit of a soft spot for finance, so this was a real interesting read for me. It surprised me too, I figured a large percentage of money laundering these days would happen through crypto, using tumblers and what not. Turns out that the good ol' traditional laundering ways are still favored, for now.
This isn't the case yet, it's just a Gartner prediction. But it's an interesting thought excercise to think about how this might change things, should it ever become law.
I liked this technical write-up of a recent attack using malicious Docker containers by a group called TeamTNT.
This is a fun list to read: Sophos sharing their most succesful phishing templates, including such innocious gems as "Scheduled server maintenance" and "Car lights on".