Tuesday, December 20, 2022

NIST Retires SHA-1

 

Well, every hashing algorithm has an end. The next one is SHA-1 hashing algorithm. NIST decided to retire SHA-1 algorithm. They are recommending that IT professionals replace SHA-1 with a better one. 


"The SHA-1 algorithm, one of the first widely used methods of protecting electronic information, has reached the end of its useful life, according to security experts at the National Institute of Standards and Technology (NIST). The agency is now recommending that IT professionals replace SHA-1, in the limited situations where it is still used, with newer algorithms that are more secure."

"SHA-1, whose initials stand for “secure hash algorithm,” has been in use since 1995 as part of the Federal Information Processing Standard (FIPS) 180-1..."

"...As today’s increasingly powerful computers are able to attack the algorithm, NIST is announcing that SHA-1 should be phased out by Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms."

“'We recommend that anyone relying on SHA-1 for security migrate to SHA-2 or SHA-3 as soon as possible,' said NIST computer scientist Chris Celi."

“'Modules that still use SHA-1 after 2030 will not be permitted for purchase by the federal government,' Celi said..."



Wednesday, November 30, 2022

FBI Conducts Cyber Offensive Operations

 

FBI director Christopher Wray told senate lawmakers that his agency has been conducting offensive cyber operations against STATE and non-state actors.

Fancy phrases aside, this means that FBI does cyber attacks. Well most of the people would find it quite normal. Which intelligence agency doesn't? Well, we all knew it. Head of FBI only declared it. So be a good guy else...

What was the saying? Umm... "The best defense is a good offense"? Or something like that? And what did legendary Sun Tzu say about it? Here it comes: "Attack is the secret of defense; defense is the planning of an attack." (Maybe Christopher Wray just finished the book "The Art of War". Who knows? =)) )

https://thehill.com/policy/cybersecurity/3740758-wray-tells-lawmakers-that-fbi-conducts-cyber-offensive-operations/

“'Offense is a critical part of our overall effort to push back against cyber adversaries,' Wray said during a Senate Homeland Security Committee hearing in which he was testifying."

"Although Wray did not provide specifics into the type of cyber offensive operations the agency has conducted, he did say that the department engages in other types of activities, including conducting counterintelligence operations, targeting adversaries’ infrastructure, disrupting malicious cryptocurrency schemes, and indicting cyber criminals."

"Other U.S. agencies have also said that they’ve engaged in cyber offensive operations against nation-state threat actors.

In June, Gen. Paul Nakasone, the head of U.S. Cyber Command, publicly confirmed for the first time that the U.S. had helped Ukraine on the offensive side."

"However, he warned that deterring nation-state threat actors from continuing to engage in illegal cyber activity is much more difficult than disrupting their operations.

'We’re not going to deter the Chinese or the Russians from spying, but we can make it hellishly difficult for them to do it,' Wray said. "



Sunday, November 13, 2022

Australia's Medibank Ransomware Attack

 

Australian health insurer Medibank suffered a ransomware attack where the names, dates of birth, addresses, phone numbers and email addresses of 9,7 million customers is -allegedly- leaked. (Quite huge amount of data.)


In this ransomware attack, the victim's files are not encrypted but threatened to be exposed. The ransomware gang began to expose some information in the internet to be more persuasive that they really have the data.


Medibank refused to pay the ransom in order not to encourage such attacks. (Brave but risky decision which I think a correct decision.)


It is believed that the attack is carried on by the ransomware gans REvil or BlogXXX.


And yeah... It is seen one more time that cyber security is not a game or not an abstract concept. On the contrary, cyber threats are real and can have serious effects on our real lives.


https://www.theregister.com/2022/11/07/medibank_breach_n0_ransom_payment/


"Australian health insurer Medibank – which spent October discovering a security incident was worse than it first thought – has announced it will not pay a ransom to attackers that made off with personal info describing nearly ten million customers."


"Medibank also confirmed that primary identity documents, such as drivers licenses, were not accessed for most of its clients – but around 1.8 million international customers weren't so lucky and also had details of the visas that permit them to reside in Australia exposed. The Australian national health scheme (Medicare) ID numbers of 2.8 million customers were also leaked."

Saturday, November 5, 2022

Mondelez International Cybersecurity Lawsuit Against Zurich American Insurance Company

 

Can a cyber attack cause a damage of $10 billion (yeah $10 billion) damage for a company? No way? Can't be? In your dreams?


Well well it did. Yeah it really did.


Have I ever mentioned here that cybersecurity is not a joke or not a game? (Oh yeah, I remember. Many times)


A USA based giant multinational snack company Mondelez International was suffered a cyber attack in year 2017 because of the NotPetya malware. (https://en.wikipedia.org/wiki/Petya_and_NotPetya) This malware caused a huge damage (1,700 servers and 24,000 computers) by the systems of Mondelez International.


Well, what if this company had a cybersecurity insurance against cyber attacks? Do you think that they could afford their $10 billion loss from their insurance company? Or any part of it? Well... The answer is both: yes and/or no. Things became a LITTLE complicated here for the victim company and for the insurance company.


Mondelez International demanded a $100+ million compensation from Zurich American Insurance Company for their loss after the cyber attack they suffered. (Their loss was around $10 billion though.) But the insurance company -allegedly- declined to pay this little bill.


So a lawsuit has settled between them since 2018. Both companies came to an agreement but the details are unknown which can be a game changer for the cybersecurity insurances that will end up with the bankruptcy of some of the insurance companies all around the world. (Maybe that's why we don't know the details.)


Apparently, it can be seen how enorm the damage of a cyberattack for a company can be. (Depending on the size of a company of course.)


Cybersecurity is not a game. You can lose real money. (Oh yeah, I've told this also many times.)


https://www.theregister.com/2022/11/02/mondelez_zurich_notpetya_settlement/


#cyberinsurance #mondelez #zurichinsurance


"Mondelez, which owns Oreo cookies, Sour Patch Kids candy, Ritz crackers, and dozens of other brands, declined to comment on the settlement. A Zurich American spokesperson, however, told us 'the parties have mutually resolved the matter.' Details of the deal have not been disclosed."

Saturday, October 29, 2022

Daixin Ransomware Team

 

Ransomware does not slow down. Bad guys saw the gain in this attack technique and they are highly motivated to carry on this attack.


A ransomware warning against the Daixin Team for healthcare sector came from CISA (Cybersecurity and Infrastructure Security Agency), FBI and HHS (Health and Human Services) in USA.


Daixin Team attackers have been linked to multiple health sector ransomware incidents since (at least) June 2022.


"U.S. health organizations are advised to take the following measures to defend against Daixin Team's attacks:

- Install updates for operating systems, software, and firmware as soon as they are released.

- Enable phishing-resistant MFA for as many services as possible.

- Train employees to recognize and report phishing attempts."


https://www.bleepingcomputer.com/news/security/us-govt-warns-of-daixin-team-targeting-health-orgs-with-ransomware/


"'The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022,' the advisory revealed.


Since June, Daixin Team attackers have been linked to multiple health sector ransomware incidents where they've encrypted systems used for many healthcare services, including electronic health records storage, diagnostics, imaging services, and intranet services."


"The ransomware gang gains access to targets' networks by exploiting known vulnerabilities in the organizations' VPN servers or with the help of compromised VPN credentials belonging to accounts with multi-factor authentication (MFA) toggled off."



Tuesday, October 18, 2022

INTERPOL's Black Axe Cyber Crime Operation

 

Cyber crime is not a joke. It is a quite serious thing.


INTERPOL led an operation where they took down an organized cyber crime syndicate called "Black Axe".


The amount of seized assets in this operation was not so big (around $2 million) but the important and great thing here is that 14 countries are involved in this operation.


https://thehackernews.com/2022/10/interpol-led-operation-takes-down-black.html


https://www.interpol.int/en/News-and-Events/News/2022/International-crackdown-on-West-African-financial-crime-rings


https://www.theregister.com/2022/10/17/interpol_black_axe_fraud/


"The International Criminal Police Organization, also called the Interpol, has announced the arrests of 75 individuals as part of a coordinated global operation against an organized cyber crime syndicate called Black Axe.


'Black Axe' and other West African organized crime groups have developed transnational networks, defrauding victims of millions while channeling their profits into lavish lifestyles and other criminal activities, from drug trafficking to sexual exploitation,' the agency said.


The law enforcement effort, codenamed Operation Jackal, involved the participation of Argentina, Australia, Côte d'Ivoire, France, Germany, Ireland, Italy, Malaysia, Nigeria, Spain, South Africa, the U.A.E, the U.K., and the U.S.


Black Axe, which originated as a confraternity in Nigeria around 1977 before evolving into a mafia group, has not only been linked to killing and scamming operations, but also has been accused of infiltrating the country's political system.


Two of the alleged online scammers, who were arrested late last month in South Africa, are believed to have orchestrated a variety of fraudulent schemes that netted them $1.8 million from victims.


The probe further led to 49 property searches, resulting in the seizure of 12,000 SIM cards and other luxury assets, including a residential property, three cars, and tens of thousands in cash. It also intercepted €1.2 million in the suspects' bank accounts.


In October 2021, eight members of the cartel were charged by the U.S. Justice Department for engaging in 'widespread internet fraud involving romance scams and advance fee schemes' from at least 2011 through 2021.


'Illicit financial funds are the lifeblood of transnational organized crime, and we have witnessed how groups like Black Axe will channel money gained from online financial scams into other crime areas, such as drugs and human trafficking,' Interpol's Stephen Kavanagh said."

Wednesday, October 12, 2022

Optus Data Breach


Data breaches occur all around the world in all continents.

2.1 million ID numbers were exposed from an Australian telecommunications company.


https://www.securityweek.com/optus-says-id-numbers-21-million-compromised-data-breach


"Australian telecommunications company Optus says that 2.1 million of its customers had numbers associated with their identification documents compromised in a recent data breach.


On September 22, the wireless carrier announced it had fallen victim to a cyberattack that resulted in the potential compromise of the personally identifiable information of some of its customers, without providing specifics on the number of impacted individuals."


"While the wireless carrier has not provided specific details on how the cyberattack occurred, it appears that the company might have inadvertently exposed internal resources to the internet, providing the attackers with an easy way in."