'We Are At War' Costa Rica's President Says While Ransomware Gang Gains Help From Collaborators

BLE attack on Tesla model successful, Joint cybersecurity advisory warns of misconfigurations, FBI warns of credit card data scraping, Lawmakers warn of abortion data weaponization, more

May 18

Costa Rica’s president Rodrigo Chaves said that collaborators within Costa Rica are helping the notorious Conti ransomware group extort the country’s government, backing up claims the group made on its website.

The ransomware attack has prevented the government from effectively collecting taxes, and some public employees’ salaries are either being overpaid or underpaid. “We are at war and that is not an exaggeration,” Chaves said. “The war is against an international terrorist group.” Chaves declared a national emergency related to the attack on May 8. Over the past weekend, the gang called for the overthrow of Chaves’s government. Chaves blamed the previous government for not entirely investing in cybersecurity. (AJ Vicens / Cyberscoop)

Officials and cybersecurity experts say the pace of Russian ransomware attacks on U.S. organizations appears briefly to have slowed at the outbreak of war in Ukraine.

Some national security officials credit U.S. and European sanctions imposed on Moscow over the invasion of its neighbor for temporarily stemming the ransomware tide. They also speculate that Russia’s top hackers have trained their sites on Ukraine since the invasion or that some of them may have needed to relocate to escape the combat. However, any recent decline is unlikely to signal a long-term reduction in ransomware attacks. (Dustin Volz / Wall Street Journal)

Related: Washington Examiner

Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy (BLE) relay attack that bypasses all existing protections to authenticate on target devices. The researchers tested the method on a Tesla Model 3 from 2020 using an iPhone 13 mini running version 4.6.1-891 of the Tesla app.

The technology is used in a broad spectrum of products, from electronics like laptops, mobile phones, smart locks, and building access control systems to cars like Tesla Model 3 and Model Y. In this type of attack, an adversary intercepts and can manipulate the communication between two parties, such as the key fob that unlocks and operates the car and the vehicle itself. (Bill Toulas / Bleeping Computer)

John Koetsier @johnkoetsier

Well that sucks! "it takes about ten seconds to run the attack and it can be repeated endlessly" >> Hackers can steal your Tesla Model 3, Y using new Bluetooth attack

Hackers can steal your Tesla Model 3, Y using new Bluetooth attackSecurity researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy (BLE) relay attack that bypasses all existing protections to authenticate on target devices.bleepingcomputer.com

CISA, the FBI, National Security Agency (NSA), and cybersecurity authorities from Canada, New Zealand, the Netherlands, and the UK issued a joint advisory warning that attackers target security misconfigurations for initial access.

The advisory features a list of the main weak security controls, poor configurations, and poor security practices that defenders should implement to thwart initial access. It also contains the authorities' collective recommended mitigations. (Liam Tung / ZDNet)

Related: CISA, NSA, Industrial Cyber, HealthITSecurity

Rob Joyce @NSA_CSDirector

No need for fancy 0-days when these weak controls and misconfigurations allow adversaries access. Don’t allow them to use these easy options to target your networks — employ our best practices. @CISAgov @FBI @CyberGovAU @NCSC @cybercentre_ca @gcsb +Partners

NSA Cyber @NSACyber

Malicious actors regularly exploit poor security and misconfigurations to gain access to networks. The latest joint release captures what you can do to keep networks safe from these commonly exploited controls and practices. https://t.co/VrSLdbYnO5 https://t.co/t1TNCpA6Lw

The Federal Bureau of Investigation (FBI) issued a flash alert warning businesses that cybersecurity actors are scraping credit card data from online checkout pages.

The alert the unidentified cyber attacker scraped credit card data from a business by injecting malicious PHP code into the business’ online checkout page. The attacker then sent the scaped data to a service that spoofed a legitimate card processing server. Moreover, the attack also established backdoor access to the victim’s system by modifying two files within the checkout page. (Duncan Riley / Silicon Angle)

Google announced a new initiative called Assured Open Source Software to secure the open-source software supply chain by curating and distributing a security-vetted collection of open-source packages to Google Cloud customers.

The service will extend the benefits of Google’s own extensive software auditing experience to Cloud customers. (Corin Faife / The Verge)

Mastercard unveiled a Biometric Checkout Program that aims to set standards for paying with scans or gestures, hoping to make purchases as simple as smiling for a camera or waving your hand in front of a reader.

Mastercard is teaming with Fujitsu, NEC, Payface, and other companies to establish performance, privacy, and security requirements. This week, a pilot version is launching in Brazil, with Payface providing technology in five St Marche supermarkets across São Paulo. After that, customers will have to smile to pay for their groceries. Mastercard said that data would be converted into a digital template and encrypted and that your face image stays on your device to assuage privacy and security concerns. (Jon Fingas / Engadget)

Lawmakers warn that the tech industry’s rampant data collection on American consumers could be weaponized in surveilling and criminalizing women who seek abortions.

Representative Suzan DelBene (D-WA) has introduced several pieces of privacy-related legislation, including the Information Transparency and Personal Data Control Act, to address this problem. Senator Ron Wyden (D-OR) said “In a world where extremists make abortion illegal, that goes straight to a five-alarm crisis.”

Earlier this year, state legislators introduced a bill that would prohibit health care providers from releasing abortion-related data in response to a request from another state that interferes with California’s abortion protections. (Tonya Jo Riley / Cyberscoop)

Related: NBC News, Vice

Microsoft is warning of an emerging threat that it calls cryware targeting internet-connected cryptocurrency wallets, signaling a departure in the use of digital coins in cyberattacks.

The attacks result in the irreversible theft of virtual currencies using fraudulent transfers to an adversary-controlled wallet. Cryware encompasses several threats, including cryptojackers, ransomware, information stealers, and ClipBankers. ClipBankers steal cryptocurrency during transactions by monitoring the clipboard and replacing the original wallet address with the attacker's address. Microsoft recommends that users and organizations lock hot wallets when not trading, disconnect sites connected to a wallet, avoid storing private keys in plaintext, and verify the value of the wallet address when copying and pasting the information. (Ravie Lakshmanan / The Hacker News)

Related: Microsoft, PC Mag

Government employees with secure smart ID cards are often not issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online, which can be filled with malware.

One government employee submitted his cheap reader’s driver’s file to Virustotal.com, which reported that around 43 different security tools detected the drivers as malicious, including a dangerous trojan horse known as Ramnit. (Brian Krebs / Krebs on Security)

briankrebs @briankrebs

After this thread went somewhat viral, I decided to put together a post with some of the more notable takeaways from this discussion. Thanks to everyone who chimed in! I learned a great deal, and hope you do, too: krebsonsecurity.com/2022/05/when-y…

briankrebs @briankrebs

1/ So you go shopping for a PIV card reader, because the US govt gave you one and you're curious to look at what's on it. You settle for this "DOD military USB common access smart card reader," because it's compatible with Mac OS. Cool! Only $15! What a bargain! https://t.co/MHPPkZVixp

The New York Assembly unanimously passed legislation that would protect the state's energy supply by regulating the energy companies to ensure that they improve their cybersecurity practices.

"New York's energy grid is a prime target for hackers and cyber criminals across the globe," the bill’s sponsor, Assemblyman Mike Cusick ( D-North Shore/Mid-Island), said. "We cannot afford to sit on the sidelines and give folks who want to harm New York's unfettered access to the grid. The passage of this legislation is a crucial step in our fight against cyber crime and our efforts to bolster the resiliency of our grid." The Senate version of the bill has yet to be brought to a vote, and a spokesperson for Gov. Kathy Hochul said she would review the legislation if it passes both chambers. (Paul Liotta / Staten Island Advance)

Related: SC Magazine

At a House Homeland Security Committee hearing, CISA executive director Eric Goldstein said the civilian federal government has made “tremendous progress” in implementing several cybersecurity protections developed in response to the 2020 SolarWinds hack, including the deployment of endpoint detection and response technology.

“At this point, were are in the process of deploying these EDR tools across 26 federal civilian agencies and expect to be underway at 53 agencies at the end of this fiscal year, only a few short months away,” Goldstein said. “Which means not even a year-and-a-half after execution of the executive order, we will have EDR deployments in place underway at over half of the federal government, with more rolling out in the months to come.” (Derek Johnson / SC Magazine)

Eric Geller @ericgeller

The House Homeland Security Committee is starting a hearing on federal network cybersecurity, with CISA's Eric Goldstein, Federal CISO and top @ONCD official Chris DeRusha, NIST's Chuck Romine, and @GSA_CIO:

Securing the DotGov: Examining Efforts to Strengthen Federal Network Cybersecurity | House Committee on Homeland SecurityThe Official Website of the House Committee on Homeland Securityhomeland.house.gov

Researchers at PRODAFT exposed the inner workings of Wizard Spider, a likely Russian hacking group that pours its illicit proceeds back into the criminal enterprise and is believed to either be or be associated with the Grim Spider and Lunar Spider hacking groups.

"The group's extraordinary profitability allows its leaders to invest in illicit research and development initiatives," the researchers say. "Wizard Spider is fully capable of hiring specialist talent, building new digital infrastructure, and purchasing access to advanced exploits." (Charlie Osborne / ZDNet)

Related: PRODAFT

Microsoft warned that it recently spotted a malicious campaign targeting SQL Servers that leverages a built-in PowerShell binary to achieve persistence on compromised systems in a series of tweets.

The intrusions, which leverage brute-force attacks as an initial compromise vector, stand out for using the utility "sqlps.exe." One advantage of such attacks is that they tend to be fileless because they do not leave any artifacts behind, and the activities are less likely to be flagged by antivirus software because they use trusted software. (Ravie Lakshmanan / The Hacker News)

Microsoft Security Intelligence @MsftSecIntel

Microsoft recently observed a campaign targeting SQL servers that, like many attacks, uses brute force methods for initial compromise. What makes this campaign stand out is its use of the in-box utility sqlps.exe.

According to information submitted to the National Association of Insurance Commissioners, insurers significantly increased premiums for cyber coverage throughout 2021, with direct-written premiums collected by the most significant U.S. insurance carriers in 2021 jumping by 92% year-over-year.

Analysts say that the increase primarily reflects higher rates rather than insurers significantly expanding the amount of money they are willing to cover. (James Rundle and David Uberti / Wall Street Journal)

Related: Reinsurance News

Certora, an Israel-based company that provides security analysis tools for smart contracts, announced it had raised $36 million in a Series B venture funding round.

Jump Crypto led the round with participation from Tiger Global, Galaxy Digital, and existing Series A investors, including Electric Capital, ACapital, Framework Ventures, Coinfund, Lemniscap, Coinbase, and VMware. (Mike Millard / The Block)

Related: Coindesk

Embedded security services provider Pangea Cyber Corp. launched from stealth mode today armed with $25 million in a Series A venture financing round.

Ballistic Ventures led the round with participation from SYN Ventures, Godfrey Sullivan (Former Chairman & CEO, Splunk), George Kurtz (Founder & CEO, CrowdStrike), and Dan Plastina (Former VP AWS Security Products). (Mike Wheatley / Silicon Angle)

Related: Business Wire, FinSMEs, Help Net Security

Fabless semiconductor company Cornami, which provides enterprises with a foundation to accelerate Fully Homomorphic Encryption (FHE), raised $68 million in a Series C venture funding round.

SoftBank Vision Fund 2 led the round with participation from Impact Venture Capital and Octave Ventures and support from existing investors and insiders, and the previously announced strategic investment from Applied Ventures, LLC.

Related: Silicon Angle, Business Wire

Image by Paul Brennan from Pixabay

Metacurity