Ukrainian Security Researcher Leaked a Treasure Trove of Information on Conti Cybercrime Gang
Major cyberattacks in Ukraine haven't materialized yet, Microsoft says HermeticWiper attacks still ongoing in Ukraine, Phishing campaign targets European officials, Israel-U.S. sign cyber pact, more
Don’t miss my latest CSO column, which looks at a purported leak of 120,000 Russian soldiers’ data, the think tank that released the data, and what harm this leak could cause if proven to be accurate.
Using a Twitter account called Contileaks, a Ukrainian security researcher who decided to stay in Ukraine for the war released an archive of chat messages taken from cybercrime group Conti’s private communications infrastructure, dating from January 29, 2021, to the present day.
The leaks provide a wealth of information on the challenges of running a criminal enterprise with more than 100 salaried employees and insight into how Conti has dealt with its own internal breaches and attacks from private security firms and foreign governments.
Among the insights are that Conti appears to have contracted out much of its spamming operations, or at least there was no mention of “Spammers” as direct employees. Conti’s leaders seem to have set strict budgets for each organizational unit. However, occasionally, the gang borrowed funds allocated for one department to address another department's pressing cash flow needs. (Brian Krebs / Krebs on Security (part one) and Brian Krebs / Krebs on Security (part two))
Brett Callow @BrettCallow
“Vlad is out of his fucking mind, that much is clear.” <— A member of #Conti. Via @Jeremy_Kirk https://t.co/gPcr7WIWU9
Despite the fear of significant cyberattacks among some cybersecurity experts, Russia’s brutal military campaign in Ukraine has not been accompanied so far by the sort of cyberwar many experts expected.
Among the theories about why Russian cyberattacks haven’t been worse are that Russia is holding some significant cyberattacks in reserve for when it needs them or to undermine some particular aspect of the Ukrainian defense, big hacks are happening, and we don’t know about it, Russian hackers weren’t prepared for the invasion, and Russian planners may have believed that significant cyberattacks would be an unnecessary distraction from what they thought would be a quick military campaign. (Joseph Marks and Aaron Schaffer / Washington Post)
Related: Time, MIT Tech Review, Lawfare Blog
Ciaran Martin @ciaranmartinoxf
Cyber & the war. My thoughts in @lawfareblog on: - unexpectedly low cyber activity so far; - high ongoing risk of cyber harassment & disruption against Ukraine & the west; - the limitations of cyber power; - implications for Western cyber posture. https://t.co/4uFyiDbro0In an updated blog post, Microsoft said that the group behind the HermeticWiper cyberattacks, a series of data-wiping malware attacks that struck numerous Ukrainian organizations on February 23, remains an ongoing threat.
The update largely compiles and clarifies details on a series of previously reported wiper attacks that have struck the Ukrainian government and civilian organizations over the past week. But the update also implies that additional wiper attacks have been observed that are not being disclosed for now. (Kyle Alspach / Venture Beat)
Related: iTech Post, Microsoft
Researchers at Proofpoint have uncovered details of a new nation-state-sponsored phishing campaign they call Asylum Ambuscade that targets European governmental entities in what's seen as an attempt to obtain intelligence on refugee and supply movements in the region.
The findings build on an advisory issued by the State Service of Special Communication and Information Protection of Ukraine (DSSZZI), which warned last week of phishing messages targeting its military personnel with ZIP file attachments to steal sensitive personal information. (Ravie Lakshmanan / The Hacker News)
Related: Proofpoint, Security Affairs, Security Week
Researchers at Palo Alto Networks Unit 42 revealed that at least 75% of network-connected infusion pumps used in hospitals and healthcare entities contain security weaknesses that could put them at risk of potential exploitation.
The shortcomings include exposure to one or more of some 40 known cybersecurity vulnerabilities or alerts that they had one or more of some 70 other types of known security shortcomings for IoT devices. Successful exploitation of the vulnerabilities could leak sensitive information about patients and allow an attacker to gain unauthorized access to the devices, necessitating that health systems are proactively protected against threats. (Ravie Lakshmanan / The Hacker News)
Related: Unit 42, Health IT Security
A recent Government Accountability Office (GAO) study found that the Cybersecurity and Infrastructure Security Agency’s (CISA) National Critical Infrastructure Prioritization Program should improve its priority setting, stakeholder involvement, and threat information sharing.
“Nine of 12 CISA officials and all 10 of the infrastructure stakeholders GAO interviewed questioned the relevance and usefulness of the program,” GAO said. “For example, stakeholders identified cyberattacks as among the most prevalent threats they faced but said that the program’s list was not reflective of this threat.” (Jordan Smith / Meritalk)
Related: GAO
Google released Google Chrome 99 Stable and Extended Stable to the public. Both browser versions address 28 different security issues in previous web browser versions.
The official release notes reveal little about the changes in Chrome 99 or the 28 security issues. (Martin Brinkmann / gHacks)
Related: Phandroid, Malwarebytes Labs, Security Week, US-CERT
Israel National Cyber Directorate Director-General Gaby Portnoy and U.S. Department of Homeland Security (DHS) Under Secretary for Strategy, Policy and Plans Robert Silvers signed an agreement to enhance cyber cooperation between the two countries on protecting their respective economies and critical infrastructure, increasing collaborative risk management of cyber threats, countering ransomware attacks, and promoting bilateral cyber R&D and partnerships between the public and private sectors.
The Israel National Cyber Directorate said the agreement's purpose was to promote advanced technologies for cyber protection and strengthen information sharing on the ground and expert exchanges in fields like artificial intelligence, quantum computing, homomorphic encryption, and navigation technology. The Directorate also signed a separate agreement with the U.S. Transportation Security Administration (TSA), housed under DHS, to enhance cybersecurity collaboration in transportation. (Ricky Ben-David and Carrier Keller-Lynn / Times of Israel)
Related: Algemeiner.com, Homeland Security Today, Xinhua
West Virginia Attorney General Patrick Morrisey urges all state residents impacted by the data breach last summer with T-Mobile to protect themselves after an extensive collection of the information taken during that data breach has been found for sale on the dark web.
The data breach impacted more than 53 million individuals, including 68,361 West Virginians. Among other categories of impacted information, millions had their names, dates of birth, Social Security numbers, and driver’s license information compromised. (WSAZ)
Senior Justice Department officials say that the Strengthening American Cybersecurity Act, S. 3600, which the Senate passed on Tuesday, would make the country less safe because it leaves out the FBI.
The bill would require the operators of U.S. power plants, hospitals, ports, and other infrastructure to report cyber incidents to DHS within 72 hours. But it wouldn’t require simultaneously reporting to the FBI, which also investigates digital intrusions. (Eric Geller and Betsy Woodruff Swan / Politico)
Fraud prevention startup nSure.ai has closed an $18 million Series A venture funding round.
MoreTech Ventures led the round and received participation from previous investors DisruptiveAI, Gryffin Ventures, and Moneta Seeds. (Ionut Arghire / Security Week)
Related: Tech in Asia
NeuraLegion, a startup that focuses on dynamic application security testing and identifying business logic issues, today announced that it has changed its name to Bright Security and announced it had raised $20 million in a Series A venture funding round.
Evolution Equity Partners led the round with participation from previous investors DNX Ventures, J-Ventures, Fusion Fund, and Incubate Fund. (Frederic Lardinois / TechCrunch)
Related: Security Week, Dark Reading, PR Newswire
Image by Pete Linforth from Pixabay