A Review of the Best News of the Week on Cybersecurity Management & Strategy
Anatomy of Ryuk Attack: 29 Hours From Initial Email to Full Compromise (SecurityWeek, Oct 12 2020)
In the case of the attack observed by the DFIR Report, it all started with a malicious email that carried a link to download the Bazar/Kegtap loader, which injects into multiple processes, and which performs reconnaissance on the infected system, using Windows utilities like nltest and net group, as well as third-party tool AdFind.
The malware remained quiet for roughly one day, after which a second reconnaissance phase was launched, using the same tools, plus Rubeus. Data was exfiltrated to a remote server and the attackers started lateral movement.
To compromise additional systems on the network, the attackers used various methods, including remote WMI, remote service execution with PowerShell, and a Cobalt Strike beacon dropped over SMB. Next, the Cobalt Strike beacon was used as the main pivotal point.
Additional beacons were then established across the environment and PowerShell was employed to disable Windows Defender. Ryuk was executed one minute after being transferred over SMB from the pivot and, once encryption started, the servers used to store backups were hit first.
Here are the questions Congress asks after a ransomware attack (SC Media, Oct 09 2020)
Senator Mark Warner’s letter to UHS provides insight into what companies could face from government watchdogs in the wake of a ransomware attack.
Breach at Dickey’s BBQ Smokes 3M Cards (Krebs on Security, Oct 15 2020)
“One of the digital underground’s most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week. KrebsOnSecurity has learned the payment card data was stolen in a two-year-long data breach at more than 100 Dickey’s Barbeque Restaurant locations around the country.”
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Share today’s post on Twitter Facebook LinkedIn
Five Eyes Repeat Encryption Backdoor Calls (Infosecurity Magazine, Oct 12 2020)
Governments still asking for the impossible
Carnival Corp. Confirms Personal Information Compromised in Ransomware Incident (SecurityWeek, Oct 12 2020)
Leisure travel company Carnival Corporation last week confirmed that personal information pertaining to guests, employees, and crew was compromised in an August 2020 ransomware attack.
The brain of the SIEM and SOAR (Help Net Security, Oct 13 2020)
SIEM and SOAR solutions are important tools in a cybersecurity stack. They gather a wealth of data about potential security incidents throughout your system and store that info for review. But just like nerve endings in the body sending signals, what good are these signals if there is no brain to process, categorize and correlate this information?
US GAO Calls for Greater Cybersecurity for Commercial Airplanes (Infosecurity Magazine, Oct 13 2020)
Agency warns of cyber-risks threatening modern passenger aircraft
Law Firm Seyfarth Shaw Hit by Damaging Ransomware Attack (SecurityWeek, Oct 13 2020)
International law firm Seyfarth Shaw LLP has shut down many of its systems after being hit with a ransomware attack.
The Man Who Speaks Softly—and Commands a Big Cyber Army (Wired, Oct 13 2020)
Meet General Paul Nakasone. He reined in chaos at the NSA and taught the US military how to launch pervasive cyberattacks. And he did it all without you noticing.
2020 Workshop on Economics of Information Security (Schneier on Security, Oct 14 2020)
The Workshop on Economics of Information Security will be online this year. Register here.
Software AG Hit by Data-Stealing Ransomware Attack (Infosecurity Magazine, Oct 12 2020)
Clop variant pegged as likely culprit
NIST Quantum Cryptography Program Nears Completion (Dark Reading, Oct 14 2020)
The National Institute of Standards and Technology’s first post-quantum cryptography standard will address key issues, approaches, an arms race, and the technology’s uncertain future.
Treasury Dept. Advisory Shines Spotlight on Ransomware Negotiators (Dark Reading, Oct 13 2020)
With attacks showing no signs of abating, some companies have begun offering services to help reduce ransom demands, buy more time, and arrange payments.
Zoom Announces Rollout of End-to-End Encryption (Dark Reading, Oct 14 2020)
Phase 1 removes Zoom servers from the key generation and distribution processes.
Barnes & Noble Informs Customers of Cyberattack (SecurityWeek, Oct 15 2020)
Bookselling giant Barnes & Noble has sent email notifications to its customers to inform them of a recent cyberattack.
McAfee Hopes to Raise Up to $682 Million in IPO (SecurityWeek, Oct 15 2020)
McAfee this week set the terms for its initial public offering (IPO), announcing that it’s offering roughly 31 million of its own shares.
Russia Blamed for Cyber-attack on Norwegian Parliament (Infosecurity Magazine, Oct 13 2020)
Norwegian foreign minister says Russia responsible for cyber-attack on parliament
The Ruthless Cyber Chaos of Business Recovery (Dark Reading, Oct 15 2020)
Critical technology initiatives leveraging the best of technology solutions are the only way through the cyber chaos of 2020.
State CIOs face same cyber issues as corporate peers, with budget constraints (SC Media, Oct 15 2020)
States must focus more on digital modernization and improve the role of CISOs, and the cyber issues they face mirror those of broad array of industries. The top barriers state CIOs face sound eerily familiar: lack of sufficient or dedicated cybersecurity budget, inadequate cybersecurity staffing and availability of cybersecurity professionals, and legacy infrastructure and solutions…
UK Fines British Airways for Failures in 2018 Data Hack (SecurityWeek, Oct 16 2020)
Britain’s information commissioner has fined British Airways 20 million pounds ($25 million) for failing to protect personal data for some 400,000 customers, the largest fine the agency has ever issued.