Blog
Cybersecurity Industry News Review: March 7, 2023
Cybercrime may have less of a gender issue than cybersecurity, LastPass gives attack update, CISA warns on Royal ransomware gang while WHSmith and DISH Network count the cost after both suffer cyber attacks.
Study: Gender No Barrier To Participating In “Meritocratic” Cybercriminal Community
If the cybersecurity industry is struggling to achieve gender parity, it could learn some lessons from its criminal flipside. A study from Trend Micro suggests that the cyber underground “provides an open environment for individuals of any gender to find employment or a side business”. Its analysis suggested gender was not a barrier to finding work as a cybercriminal, while a text analysis suggested at least 30 percent of underground forum participants may be women. The work has implications for how authorities investigate cybercriminals, with researchers suggesting investigators “avoid assumptions of male personas” to avoid inherent bias.
LastPass Reveals Follow-up Cyber Attack
LastPass has not seen any threat actor activity since October 26, it has revealed in an update that also detailed a second attack on a DevOps engineer. The password management firm had declared the original incident closed. However, it said last week that information stolen in that incident was used to identify further targets. This led to an attack on a “senior DevOps engineer” by exploiting vulnerable third-party software. The attackers gained access to cloud backups, which included system configuration data, API secrets, third-party integration secrets, and encrypted and unencrypted LastPass customer data. The firm was alerted to this “anomalous behavior” by AWS GuardDuty.
CISA Warns on Ransomware Royal Gang
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory about the Royal ransomware group, which it says has been increasing activity since last September, and demanding ransoms of up to $11m. The group uses tried and trusted methods – phishing, public facing apps, brokers – to gain access to systems and exfiltrate large amounts of data, before deploying its own “custom-made file encryption program”. Victims are then directed to make contact with the group via a .onion URL. The advisory goes into depth on the group’s methods and lists indicators of compromise, associated IP addresses, and mitigation techniques.
Microsoft Intune With Endpoint Security
Microsoft has launched its Intune Suite, which unifies “mission critical advanced endpoint management and security solutions” into a single bundle. The vendor said the suite would be more tightly integrated with Microsoft Security and Microsoft 365, reducing potential vulnerable points. As well as emphasizing advanced analytics and data science capabilities, the vendor also pushed potential cost-savings, both in terms of the ticket price, and increased efficiency and lower help desk costs.
Google Extends Client-Side Encryption for Workspace Apps
Google has extended the use of client-side encryption in its Workspace apps, adding the feature to Gmail and Calendar. It was already available for its Drive, Docs, Slides, Sheets, and Meet apps. The addition is just for Enterprise Plus, Education Standard, and Education Plus customers. It will be down to administrators to turn the feature on. It has been reported that the service is underpinned by a cloud-based key management service, leaving control of the keys with customers. As Google doesn’t control the decryption keys, governments, and other entities, cannot target it for data access.
DISH, WHSmith Both Serve Up Cyberattack News
US satellite TV operator DISH Network is counting the cost of last week’s multi-day ransomware. The firm’s shares hit a 14 year low after the attack. In the UK, High St retailer WHSmith confirmed that attackers had accessed data, including information on current and former employees. Its website, customer accounts, underlying customer databases and shop floor maintenance systems are on separate platforms, the firm said.
Vice Society Publish Hacked “Vesuvius” Data – With Confidentiality Warning
The Vice Society ransomware gang has purportedly posted data it stole from UK-based metals firm Vesuvius last month. Vesuvius revealed it was dealing with a cyber incident in early February and said it had shut down affected systems and was working with experts to assess the impact on its operations. Cybersecurity watcher Graham Cluley speculated that Vice Society’s publication of the data meant it had been frustrated in its efforts to extract a ransom from Vesuvius. He also noted that the gang had included a “confidentiality” notice on the information, saying “unauthorized review, disclosure, copying, distribution or use” was “strictly prohibited”.