Task Force Proposes 48 Recommendations to Eliminate Ransomware

Ghostwriter campaign sowing discord in NATO nations, Hacker steals $1 million from First Horizon financial customers, new espionage campaign targets SE Asia, Digital Ocean admits data breach, more

Check out my latest CSO column (also linked to the first item below) on a new 60+ organization task force aiming to end ransomware.

A coalition of 60-plus private and government organizations released a 48-recommendation framework for combatting ransomware given the unfettered growth in ransomware actors, particularly in nations such as Russia that offer these attackers government protection.

The Ransomware Task Force, spearheaded by the Institute for Security & Technology, aims to reduce the financial attractiveness of ransomware for malicious actors with a series of steps, including improved international collaboration and enforcement of anti-crime requirements imposed on cryptocurrency exchanges. (Frank Bajak / Associated Press)

Related: StateScoopDecipher, SC Magazine, GovCon WireCointelegraphBleeping ComputerBusiness Wire Technology NewsCSO OnlineInside CybersecurityThe Register, The Record, Associated Press, Reuters, NBC NewsVentureBeatiTnews - Security

Researchers at FireEye have linked a multi-pronged information operations effort to sow political discord in multiple NATO countries to 30 such incidents in Lithuania, Latvia, Germany, and elsewhere in the last five years. The operations are conducted by a previously disclosed, ongoing influence campaign that FireEye calls Ghostwriter. 

The campaign’s attackers plant phony narratives, directly hacking social media accounts rather than compromising websites or spoofing emails. Although the campaign aligns with the interests of Russia, FireEye is not directly attributing Ghostwriter to Russia. (Sean Lyngaas / Cyberscoop)

Related: Latvian Public BroadcastingFireEye Threat Research BlogSecurityWeek, DataBreachToday.com

Researchers at Bitdefender exposed a new cyberespionage campaign targeting military organizations in Southeast Asia. They attribute the campaign to a threat actor with alleged ties to China dubbed Naikon APT and known as Override Panda, Lotus Panda, or Hellsing. 

The group uses ever-changing tactics, techniques, and procedures, including weaving new backdoors named "Nebulae" and "RainyDay" into their data-stealing missions. (Ravie Lakshmanan / The Hacker News)

Related: TechNaduSecurityWeek, Bitdefender Labs

In a filing with the U.S. Securities and Exchange Commission, financial services company First Horizon Corp. says it has suffered a data breach that saw customer accounts accessed and funds stolen.

The company said that an authorized third party obtained login credentials from an unknown source and then supposedly exploited vulnerabilities to gain access to fewer than 200 customer accounts. The third party had access to personal information in those accounts and fraudulently obtained an amount of less than $1 million. (Duncan Riley / Silicon Angle)

Related: American Banker, Infosecurity Magazine

Cloud infrastructure company Digital Ocean told customers it had experienced a breach associated with the billing profiles on their Digital Ocean accounts.

Accessed in the breach were customer billing names, addresses, the last four digits of the payment card, its expiry date, and the card-issuing bank's name. The company said that customers’ DigitalOcean accounts were not accessed, and neither were passwords and account tokens. (Zack Whittaker / TechCrunch)

Related: Infosecurity MagazineSiliconANGLEThe Register - SecurityCyber KendraSecureReadingExploit One, Slashdot

Researchers from Qihoo 360 NETLAB found a previously unknown Linux malware with backdoor capabilities they call RotaJakiro.

The stealthy backdoor, which targets Linux X64 machines, allows the threat actor to harvest and exfiltrate sensitive information from infected systems. (Ravie Lakshmanan / The Hacker News)

Related: ZDNet SecuritySecurity Affairs, Netlab

UK rail network Merseyrail confirmed it had been hit with a cyberattack after the Lockbit ransomware gang used their email system to email employees and journalists about the attack.

The email that the threat actors sent out posed as Andy Heath, Merseyrail's Director, telling employees that a previous weekend's outage was downplayed and that they suffered a ransomware attack where the hackers stole employee and customer data. The UK ICO is investigating the incident. (Lawrence Abrams / Bleeping Computer)

Related: Graham CluleySecurity AffairsInformation Age, ComputerWeekly: IT securitySecurity AffairsDataBreaches.net, The Register - Security

Follow Us on Twitter

Cancer patients across the US. had their treatment disrupted following a cyber attack on Swedish precision cancer radiation treatment software Elekta.

About 42 health care sites across the U.S. saw service disrupted as a result of the breach. Elekta said that as protection, it took all its first-generation systems offline on April 22.  (Ariel Hart / Atlanta Journal-Constitution)

Related: Infosecurity Magazine

Services and consultancy giant Accenture announced it plans to buy French cybersecurity firm Openminded.

Openminded provides cybersecurity services, including management, consultancy, and cloud & infrastructure solutions, focusing on risk analysis, remediation, and regulatory compliance. The terms of the deal were not disclosed. (Charlie Osborne / ZDNet)

Related: MSSP AlertBusiness Wire Technology News

Israeli encryption key and credential management start-up announced that it had raised $14 million in a Series A venture funding round.

The round was led by cybersecurity think tank Team 8, with participation by global VC Jerusalem Venture Partners. (Simona Shemer / No More Camels)

Related: Venture Beat

Photo by Bermix Studio on Unsplash