The Good
Not a day goes by when we don’t hear of yet another school district, or small-medium government entity being attacked with ransomware. This week it was reported that another Ryuk attack hit Louisiana’s Office of Technology, which houses the Department of Motor Vehicles, the Department of Children and Family Services and the Department of Transportation to name a few. As a result of its ongoing battle against cyberattacks, the state had previously created its own cybersecurity task force, ESF (Emergency Support Function), which this time kicked-in and acted aggressively to contain the threat and minimize the impact. There is a great lesson here. When faced with such an attack, the ability to quickly maneuver and take all necessary actions is paramount. The State of Louisiana is still dealing with some minor fallout from the campaign, but they saved themselves countless hours and headaches by moving the way they did. Given that this is an official ESF now, the process is repeatable and predictable as well. Louisiana VS. Ransomware? Louisiana Wins!
Cyber is so hot at the moment that it now has its own electric truck! Tesla’s announcement this week of a supposedly bulletproof, sledgehammer-resistant electric pickup, the Tesla Cybertruck (CybrTrk), may have little to do with endpoint security on the face of it, but it’s a cool vehicle with a great name. And besides, in the absence of a post-apocalyptic cyberpunk world to use it in, it might be just the thing for safely transporting a small server farm from one location to another! We just want to know, does it come in black?
The Bad
Supply chain attacks are always a bitter pill to swallow. Just when you think you’ve covered all your bases, someone else’s opsec lets the side down. This week, an unknown number of Monero cryptocurrency users found themselves out of pocket after hackers compromised the getmonero.org
website. For a short time, the site was serving up compromised binaries of Monero’s CLI wallet. The attackers created malicious versions of the genuine Linux and Windows CLI binaries by adding a function to steal the wallet’s seed from infected users. After exfiltrating the compromised user’s wallet seed to their C2, the hackers would be able to regenerate the wallet’s private keys and access the funds. At least one user on Reddit claims to be out of pocket by $7000. Although the malicious binaries appear to have only been served from Monday 18th 2:30 AM UTC to 4:30 PM UTC, it’s likely the attackers haul was somewhat larger than that. Concerned Monero users should verify the hashes of their binaries.
The Ugly
Any time our personal data gets breached, there’s an expectation that the party responsible for securing our data adequately owns up to the issue and takes corrective action. Likewise, it’s expected that preventative measures are put in place to ensure the same issue does not recur. Recently, users of the video editing and sharing site Veed.io
were impacted with just such a scenario. Researchers from vpnMentor uncovered an unsecured AWS bucket hosting tens of thousands of videos uploaded by users of the platform. The hosted videos were, reportedly, fully exposed to anyone who went looking, regardless of whether the upload had been marked as public or private. Worse, many of the videos were of a sensitive nature, containing private family moments, proprietary information, and “even home-made pornography”. Any way you slice it, it is fair to assume that none of the platform’s users would want that data exposed.
The real rub here is that the ethical hackers tried to notify VEED of the issue on multiple occasions, but their reports were ignored. This led them to reach out to Amazon directly, who ultimately disabled access to the unsecured data. To date, the researchers have still yet to hear any response from VEED. Not pretty, and no way to build trust guys!