Feds Issue BlackMatter Ransomware Warning
BlackByte decrypter released, Chinese-linked hacking group is targeting telecom companies, Google CEO wants a cyber Geneva Convention, Alleged Turkish hackers deface Trump's website, more
In a joint alert from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the FBI, and the National Security Agency, the government warns of ransomware known as BlackMatter. BlackMatter is likely the successor to the DarkSide ransomware, which shut down earlier this year.
The agencies say the ransomware has hit two unnamed food and agricultural organizations, likely Iowa’s New Cooperative grain collective and Minnesota agriculture supplier Crystal Valley Cooperative. BlackMatter seeks between $80,000 and $15 million in cryptocurrency, including bitcoin and Monero, to unlock its victims’ systems. This alert follows a September Private Industry Notification from the FBI about ransomware threats to the food and agriculture industry. (Tim Starks / Cyberscoop)
Cybersecurity firm Trustwave released a free utility that victims of the BlackByte ransomware can use to decrypt and restore their files without paying the ransom demand.
The decrypter automates reading a raw cryptographic key discovered by Trustwave researchers from the forest.png file and then computing the decryption key needed to recover and restore the victim’s files. (Catalin Cimpanu / The Record)
Researchers at CrowdStrike say they discovered a hacking group, dubbed LightBasin, with suspected ties to China that burrowed into mobile telephone networks worldwide. The group then used specialized tools to grab calling records and text messages from telecommunication carriers.
The researchers linked the attack to China through cryptography relying on Pinyin phonetic versions of Chinese language characters and techniques that echoed previous attacks by the Chinese government. (Joseph Menn / Reuters)
Chief executive of Google and parent company Alphabet Inc. Sundar Pichai said the U.S. government should take a more active role in policing cyberattacks and encouraging innovation with policies and investments.
Speaking at the Wall Street Journal’s Tech Live conference, Pichai called for a “Geneva convention” that outlines international standards for cyber aggression as cyberattacks intensify. (Tripp Mickle / Wall Street Journal)
Last month a hacker breached the Argentinian government’s IT network and stole ID card details for the country’s entire population, which are now for sale in private circles.
The hackers stole the data from RENAPER, Registro Nacional de las Personas, translated as National Registry of Persons. Government officials say that the RENAPER database did not experience a hack or leak. Authorities are investigating eight government employees who might have had a possible role in the breach. (Catalin Cimpanu / The Record)
Hackers that call themselves RootAyyildiz, allegedly from Turkey, defaced a section of Donald Trump's website known as the "action" subdomain. That section is where the Trump campaign issues calls to action, such as petitions or asking the campaign a question.
The message read in part, "Do not be like those who forget Allah, so Allah made them forget themselves. Here they really went astray.” The hacker told Motherboard they defaced the Trump site using Server Side Template Injection (SSTI), a technique where an attacker can put their arbitrary code into a site's template. They said they had control over that part of the site for three months. (Joseph Cox / Motherboard)
The Justice Department announced that a California man, Hao Kuo Chi, also known as “icloudripper4you,” pleaded guilty to conspiracy and computer fraud after he hacked into hundreds of iCloud accounts and stole nude photos.
Starting around September 2014, Chi shared and traded these images with other persons using the internet or kept those images for his personal collection. But certain members of his “conspiracy” released the pictures to the public. As part of a plea deal, Chi agreed to cooperate with authorities and testify against others involved in the crime. (Joseph Cox / Motherboard)
Security firm ET Labs discovered a new phishing campaign, dubbed MirrorBlast, targeting employees in financial services using links that download 'weaponized' Excel documents.
Another security firm, Morphisec, says that the Excel files could bypass malware-detection systems because it contains "extremely lightweight" embedded macros, making it "particularly dangerous" for organizations that depend on detection-based security and sandboxing. Morphisec says that the attack mirrors the techniques used by financially motivated Russian cybercrime gang TA505. (Liam Tung / ZDNet)
The UK’s Information Commissioner’s Office (ICO) is intervening following a report in the Financial Times that nine schools in North Ayrshire began taking payments for school lunches this week by scanning the faces of their pupils.
The ICO said it would be contacting the North Ayrshire council about the move and urged a “less intrusive” approach where possible. (Sally Weale / The Guardian)
An internal audit of the popular WordPress plugin Fastest Cache by Jetpack Security discovered that vulnerabilities in Fastest Cache could allow an attacker to gain access to credentials and takeover an admin account.
Jetpack reported the vulnerabilities to this plugin’s author, who released version 0.9.5 to address them. (Jessica Haworth / The Daily Swig)
Private data sharing solutions startup Triple Blind, which offers a platform to train models on encrypted data, has raised $24 million in an oversubscribed Series A venture funding round.
General Catalyst led the round with participation from Mayo Clinic, AVG Basecamp Fund, Accenture Ventures, Clocktower Technology Ventures, Dolby Family Ventures, Flyover Capital, KCRise Fund, NextGen Venture Partners, and Wavemaker Three-Sixty Health. (Ingrid Lunden / TechCrunch)
Valence, a cybersecurity startup focused on delivering a security platform to bring zero trust principles to the Business Application Mesh, raised $7 million in a seed funding round.
YL Ventures led the round with participation from Phil Venables, former CISO at Goldman Sachs; Justin Somaini, CSO at Unity Technologies; Karl Mattson, former CISO at PennyMac; Maarten Van Horenbeeck, CISO at Zendesk; Michael Sutton, former CISO at Zscaler; Shay Banon, co-founder and CEO at Elastic, and Benny Schnaider, co-founder and Chairman at Salto. (Frederic Lardinois / TechCrunch)
Related: Business Wire
Automotive and IoT cybersecurity software company Dellfer has raised $8 million in a Series C investment round.
Investors in the round include DENSO, a leading mobility supplier, and Option3, a specialist cybersecurity private equity firm. (Business Wire)