Check out my latest CSO column (also linked to the first item below) on a new 60+ organization task force aiming to end ransomware.

A coalition of 60-plus private and government organizations released a 48-recommendation framework for combatting ransomware given the unfettered growth in ransomware actors, particularly in nations such as Russia that offer these attackers government protection.

The Ransomware Task Force, spearheaded by the Institute for Security & Technology, aims to reduce the financial attractiveness of ransomware for malicious actors with a series of steps, including improved international collaboration and enforcement of anti-crime requirements imposed on cryptocurrency exchanges. (Frank Bajak / Associated Press)

Related: StateScoop, Decipher, SC Magazine, GovCon Wire, Cointelegraph, Bleeping Computer, Business Wire Technology News, CSO Online, Inside Cybersecurity, The Register, The Record, Associated Press, Reuters, NBC News, VentureBeat, iTnews - Security

Jan Lemnitzer @JanLemnitzer

Are we ready for this? The US is moving closer to formally accusing Russia of providing a safe haven for cyber criminals and imposing sanctions but what might they be? Exclusion from SWIFT? Banning oil and gas exports? This will not be easy...

Metacurity - The Cybersecurity News Curator @Metacurity

Here's my take on the new task force that aims to crack the tough nut of ransomware. Thanks @C_Painter for your thoughts. Task force proposes framework for combatting ransomware https://t.co/GUTlOc1tAS via @csoonline

April 29th 2021

1 Like

Researchers at FireEye have linked a multi-pronged information operations effort to sow political discord in multiple NATO countries to 30 such incidents in Lithuania, Latvia, Germany, and elsewhere in the last five years. The operations are conducted by a previously disclosed, ongoing influence campaign that FireEye calls Ghostwriter. 

The campaign’s attackers plant phony narratives, directly hacking social media accounts rather than compromising websites or spoofing emails. Although the campaign aligns with the interests of Russia, FireEye is not directly attributing Ghostwriter to Russia. (Sean Lyngaas / Cyberscoop)

Related: Latvian Public Broadcasting, FireEye Threat Research Blog, SecurityWeek, DataBreachToday.com

John Hultquist @JohnHultquist

Our latest on Ghostwriter, the IO threat undermining the NATO alliance. They are impersonating Polish officials and we are seeing targeting of German politicians now. Also more detail on the intrusion group supporting this effort, UNC1151. Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence ActivityNew evidence allows us to assess that UNC1151, a suspected state-sponsored cyber espionage actor, conducts at least some components of Ghostwriter influence activity.fireeye.com

April 28th 2021

45 Retweets103 Likes

Thomas Rid @RidT

Very impressed by FireEye's new Ghostwriter report, out today. This report, if I may use this opportunity for a provocation, implicitly articulates a powerful critique of the state of the art of current threat intelligence reporting. Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence ActivityNew evidence allows us to assess that UNC1151, a suspected state-sponsored cyber espionage actor, conducts at least some components of Ghostwriter influence activity.fireeye.com

April 28th 2021

69 Retweets198 Likes

Researchers at Bitdefender exposed a new cyberespionage campaign targeting military organizations in Southeast Asia. They attribute the campaign to a threat actor with alleged ties to China dubbed Naikon APT and known as Override Panda, Lotus Panda, or Hellsing. 

The group uses ever-changing tactics, techniques, and procedures, including weaving new backdoors named "Nebulae" and "RainyDay" into their data-stealing missions. (Ravie Lakshmanan / The Hacker News)

Related: TechNadu, SecurityWeek, Bitdefender Labs

In a filing with the U.S. Securities and Exchange Commission, financial services company First Horizon Corp. says it has suffered a data breach that saw customer accounts accessed and funds stolen.

The company said that an authorized third party obtained login credentials from an unknown source and then supposedly exploited vulnerabilities to gain access to fewer than 200 customer accounts. The third party had access to personal information in those accounts and fraudulently obtained an amount of less than $1 million. (Duncan Riley / Silicon Angle)

Related: American Banker, Infosecurity Magazine

Cloud infrastructure company Digital Ocean told customers it had experienced a breach associated with the billing profiles on their Digital Ocean accounts.

Accessed in the breach were customer billing names, addresses, the last four digits of the payment card, its expiry date, and the card-issuing bank's name. The company said that customers’ DigitalOcean accounts were not accessed, and neither were passwords and account tokens. (Zack Whittaker / TechCrunch)

Related: Infosecurity Magazine, SiliconANGLE, The Register - Security, Cyber Kendra, SecureReading, Exploit One, Slashdot

Researchers from Qihoo 360 NETLAB found a previously unknown Linux malware with backdoor capabilities they call RotaJakiro.

The stealthy backdoor, which targets Linux X64 machines, allows the threat actor to harvest and exfiltrate sensitive information from infected systems. (Ravie Lakshmanan / The Hacker News)

Related: ZDNet Security, Security Affairs, Netlab

UK rail network Merseyrail confirmed it had been hit with a cyberattack after the Lockbit ransomware gang used their email system to email employees and journalists about the attack.

The email that the threat actors sent out posed as Andy Heath, Merseyrail's Director, telling employees that a previous weekend's outage was downplayed and that they suffered a ransomware attack where the hackers stole employee and customer data. The UK ICO is investigating the incident. (Lawrence Abrams / Bleeping Computer)

Related: Graham Cluley, Security Affairs, Information Age, ComputerWeekly: IT security, Security Affairs, DataBreaches.net, The Register - Security

Follow Us on Twitter

Cancer patients across the US. had their treatment disrupted following a cyber attack on Swedish precision cancer radiation treatment software Elekta.

About 42 health care sites across the U.S. saw service disrupted as a result of the breach. Elekta said that as protection, it took all its first-generation systems offline on April 22.  (Ariel Hart / Atlanta Journal-Constitution)

Related: Infosecurity Magazine

Services and consultancy giant Accenture announced it plans to buy French cybersecurity firm Openminded.

Openminded provides cybersecurity services, including management, consultancy, and cloud & infrastructure solutions, focusing on risk analysis, remediation, and regulatory compliance. The terms of the deal were not disclosed. (Charlie Osborne / ZDNet)

Related: MSSP Alert, Business Wire Technology News

Israeli encryption key and credential management start-up announced that it had raised $14 million in a Series A venture funding round.

The round was led by cybersecurity think tank Team 8, with participation by global VC Jerusalem Venture Partners. (Simona Shemer / No More Camels)

Related: Venture Beat

Photo by Bermix Studio on Unsplash