Hill Attackers Might Have Obtained Sensitive Data During Siege and Other Top Infosec News Stories for 1/8/21
The SolarWinds hack compromised federal judiciary filing system, SolarWinds has hired Krebs and Stamos, State Dept. recreates cybersecurity office, Prolific Russian hacker sentenced to twelve months
Contact your organization’s administrative offices to see about getting an extremely cost-effective corporate subscription to Metacurity. Government and military organizations are eligible for steeply discounted subscriptions. Contact us today at firstname.lastname@example.org or check out our half off bulk subscription offers below.
Many cybersecurity experts worry that computers left unlocked and unattended during the siege of Capitol Hill on Wednesday could have allowed the attackers to get their hands on sensitive data, or worse, compromise Congress’s IT system, although not everyone agrees.
Some IT specialists think that the IT shop on Capitol Hill should throw the “kitchen sink” at mitigating any damage, including remote wipes, locating creds, and locating all potentially affected devices, including mobile devices. (Lorenzo Franceschi-Bicchierai / Motherboard)
Eric Geller @ericgellerSo far, hearing that cyber risks of the Capitol attack were low. * Congress isn't one big network * Vulnerable machines held unclassified files * Hill leaks so much already that truly sensitive stuff is walled off * Rioters weren't there long enough for thorough, careful access
The SolarWinds hack likely compromised the electronic filing system used by the federal court system, extending the Russian espionage scope.
The federal judiciary said it is working on adding new security procedures to protect highly sensitive documents in the system. (Dustin Volz and Robert McMillan / Wall Street Journal)
SolarWinds has hired a new company formed by former CISA chief Chris Krebs and Alex Stamos, a former chief security officer at Facebook and an adjunct professor at Stanford University, to assist in coping with the aftermath of Russian operatives’ hack of one of its software updates.
“We have brought in the expertise of Chris Krebs and Alex Stamos to assist in this review and provide best-in-class guidance on our journey to evolve into an industry leading secure software development company,” the company said in a statement. (Joseph Menn / Reuters)
The State Department has approved creating a “new” Bureau of Cyberspace Security and Emerging Technologies (CSET) to help diplomats deal with matters of international cyber conflicts.
The move comes four years after the Trump Administration’s elimination of a cybersecurity coordinator’s office in the State Department. (Maggie Miller / The Hill)
Prolific Russian hacker Andrei Tyurin was sentenced to twelve years in federal court after pleading guilty in September 2019 to computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses for stealing more than 80 million customers from JP Morgan Chase alone.
By targeting financial institutions, brokerage firms, and financial news publishers, including the Wall Street Journal, Tyurin collected over $19 million. He utilized a computer infrastructure across five continents from his apartment in Moscow. (Larry Neumeister / Associated Press)
The FBI warned in a TLP:WHITE Private Industry Notification (PIN) that the Egregor ransomware operation is actively targeting and extorting businesses worldwide.
The Bureau also shared a list of recommended mitigation measures that should help defend against Egregor's attacks. (Sergiu Gatlan / Bleeping Computer)
Related: Health IT Security
A criminal group has posted on the dark web what it claims are documents stolen from the Hackney Council in a ransomware attack.
Many residents say the Council's hack has cost them personally and disrupted some of their house purchases. (BBC News)
Ryuk ransomware operators are believed to have earned more than $150 million worth of Bitcoin from ransom payments following attacks all over the world, according to a joint report by threat intel company Advanced Intelligence and cybersecurity firm HYAS.
In an odd finding, the two firms discovered that Ryuk converted Bitcoin into real fiat currency using accounts on two well-established crypto-portals, such as Binance and Huobi, most likely using stolen identities. (Catalin Cimpanu / ZDNet)
Automated containerized workload defense start-up Lacework raised $525 million in its latest funding round, giving it a $1 billion valuation.
The round was led by Sutter Hill Ventures and Altimeter Capital with a strategic investment from Snowflake Ventures. (Kyle Wiggers / Venture Beat)
Multiple malware authors are using the "Ezuri" crypter and memory loader to make their code undetectable to antivirus products, according to a report by AT&T Alien Labs.
Written in Go, Ezuri acts both as a crypter and loader for ELF (Linux) binaries. (Ax Sharma / Bleeping Computer)
President-elect Joe Biden plans to nominate career intelligence official Anne Neuberger to serve in a newly created cybersecurity role on his National Security Council, the deputy national security adviser.
She joined the NSA more than a decade ago and currently serves as the agency’s cybersecurity director. (Natasha Bertrand / Politico)
Andrey Medov, a lead security researcher at Positive Technologies, discovered serious vulnerabilities discovered in Fortinet’s FortiWeb web application firewall (WAF) that could expose corporate networks to attacks.
The flaws can be exploited for denial-of-service (DoS) attacks and to execute unauthorized code or commands. (Eduard Kovacs / Security Week)
Related: The Daily Swig
Threat intelligence firm Recorded Future said that two penetration testing kits used by security researchers, Cobalt Strike and Metasploit, were used to host more than a quarter of all the malware command and control (C&C) servers that have been deployed in 2020.
Recorded Future tracked more than 10,000 malware C&C servers last year, across more than 80 malware strains. (Catalin Cimpanu / ZDNet)
Related: Recorded Future