Cybersecurity Industry News Review: March 7, 2023 – Cybersecurity Insiders

[ This article was originally published here ]

Cybercrime may be less gendered than cybersecurity, LastPass provides attack update, CISA warns of Royal ransomware gang, while WHSmith and DISH Network count the cost after both suffered cyberattacks.

If the cybersecurity industry is struggling to achieve gender parity, it could learn some lessons from its criminal underside. A Trend Micro study suggests that underground cyberspace “provides an open environment for people of any gender to find employment or a side business.” Their analysis suggested that gender was not a barrier to finding work as a cybercriminal, while a text analysis suggested that at least 30 percent of the underground forum’s participants could be women. The work has implications for how authorities investigate cybercriminals, with the researchers suggesting that researchers “avoid assumptions of male characters” to avoid inherent bias.

LastPass has not seen any threat actor activity since October 26, it revealed in an update that also detailed a second attack on a DevOps engineer. The password management company had declared the original incident closed. However, that information stolen in that incident was used to identify more targets. This led to an attack on a “senior DevOps engineer” by exploiting vulnerable third-party software. The attackers gained access to cloud backups, which it included system configuration data, API secrets, third-party integration secrets, and encrypted and unencrypted LastPass customer data. AWS GuardDuty alerted the company about this “abnormal behavior.”

The US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory about the Royal ransomware group, which it says has been ramping up its activity since last September and demanding ransoms of up to $11 million. The group uses tried and trusted methods (phishing, public apps, brokers) to gain access to systems and exfiltrate large amounts of data, before implementing their own “custom file encryption program.” Victims are then directed to contact the group via an .onion URL. The advisory delves into the group’s methods and lists indicators of compromise, associated IP addresses, and mitigation techniques.

Microsoft has launched its Intune Suite, which unifies “mission-critical advanced endpoint management and security solutions” into a single package. The vendor said the suite would integrate more closely with Microsoft Security and Microsoft 365, reducing potential exploits. In addition to emphasizing advanced data science and analytics capabilities, the provider also drove potential cost savings, both in terms of ticket price and increased efficiency and lower help desk costs.

Google has expanded the use of client-side encryption in its Workspace apps, adding the feature to Gmail and Calendar. It was already available for your Drive, Docs, Slides, Sheets, and Meet apps. The addition is only for Enterprise Plus, Education Standard and Education Plus customers. It will be up to the administrators to enable the feature. It has been reported that the service is backed by a cloud-based key management service, leaving control of the keys to the customers. Since Google does not control the decryption keys, governments and other entities cannot turn to it to access the data.

US satellite TV operator DISH Network calculates the cost of ransomware for several days last week. The company’s shares hit a 14-year low after the attack. In the United Kingdom, confirmed that the attackers had accessed data, including information about current and former employees. Is the website, customer accounts, underlying customer databases, and plant maintenance systems are on separate platformssaid the firm.

The Vice Society ransomware gang allegedly published data it stole from UK-based metals company Vesuvius last month. Vesuvius disclosed that it was dealing with a cyber incident in early February, saying it had shut down the affected systems and was working with experts to assess the impact on its operations. Cybersecurity observer Graham Cluley speculated that the Vice Society’s release of the data meant that he had been thwarted in his efforts to extract a ransom from Vesuvius. He also noted that the gang had included a “confidentiality” notice on the information, saying that “unauthorized review, disclosure, copying, distribution or use” was “strictly prohibited.”


Source link

James D. Brown
James D. Brown
Articles: 8279