This breach could have been avoided & these known cyber criminals are unreachable

In this week's Cyber Weekly:

1. This breach could have been avoided
2. They can't arrest these cyber criminals
3. Former NSA employee arrested
4. Windows' Logo has malware

Thanks to all 6711 subscribers. It really takes a community to fight against cyberattacks. By sharing these articles, we can reach more people and help others from becoming a statistic. Share the article in the top right corner.

‍

Negligence leading to exposing data of 145,000 people

A cyber breach that took place last year on Calgary Parking exposed the personal information of over 145,000 residents. Initially, in 2021, they thought the breach exposed the personal information of only 12 people as the organization stopped the breach almost immediately. It was discovered last week that well over 100,000 people were exposed.

‍

The head of the Northern Alberta Institute of Technology, John Zabiuk said, "Something like this really shouldn't happen in IT departments these days."

‍

It wasn’t confirmed if the data was stolen, but it was confirmed that it was very easily accessible due to human error and exposing the server.

‍

“There are a lot of applications that can be used to scan the internet to look for open ports or IP addresses that are responding to determine which ports are responding back on those IP addresses, which indicate a server or a workstation behind them.

‍

These scans are happening 24/7, all the time, on the internet. Any kid that takes a course and downloads a particular software package … they can scan the entire internet. And it's happening all the time. So to not be aware of something like that happening, and to leave a server exposed like that, it really comes down to negligence." (CBC)

My thoughts: Employing cyber security solutions can be expensive, but getting started with some basic practices is not. Here at Assurance IT, we believe every company can start with cyber security with these 5 solutions. From least expensive to most expensive: Incident Response Planning, Employee Security Awareness Training, Endpoint Detection and Response, Multi-Factor Authentication, and Data Backup and Replication. These are not only the least expensive solutions when getting started in cyber security, but they also give you a good protection when you’re on a budget.

Cyber Criminals Identified…but can’t be arrested?

In the US, the Department of justice revealed that three Iranian nationals are behind an international ransomware conspiracy that has already targeted hundreds of organizations. It was said that the officials are conducting these attacks separately from the government entity.

“The three individuals carried out the alleged cyber attacks for their personal gain, and not under the direction of the Iranian government.”

None of the named defendants have been arrested since the US law enforcements have few options to detain them in person.

“The scheme relied in part upon BitLocker, a popular cybersecurity encryption product from Microsoft which is used by thousands of clients worldwide.”

The DOJ is also rewarding up to $10 million for more information about these individuals. (CNBC)

My thoughts: This story brings up an interesting issue with cyber crime. Does offering millions of dollars help stop the criminals? Without the ability to detain these individuals, how does such a reward help the investigation? Ideally more information will be discovered. However, that doesn’t lead to an arrest. An interesting part of cyber crime that we don’t talk about very much.

Former NSA Employee Arrested after Sting Operation

Jareh Sebastian Dalke was an Information Systems Security Designer for the National Security Agency (NSA) for less than one month earlier this year. The thirty-year-old used an encrypted email account to transmit excerpts of three classified documents he obtained during his employment to an individual he believed worked for a foreign government. That person was actually an undercover FBI agent. Here is how the sting operation unfolded:

1. Dalke to show proof that he had government documents.
2. Undercover agent transferred funds into Dalke’s crypto account.
3. Dalke asks to meet up to transfer more documents in exchange for $85,000.
4. Undercover FBI agent arrests Dalke when they meet up in Denver, Colorado.

“Dalke is charged by criminal complaint alleging three violations of the Espionage Act...The Espionage Act carries a potential sentence of death or any term of years up to life.”

Dalke is currently in court for his actions. (justice.gov)

My thoughts: This story is quite extraordinary. The story leaves us with a lot of questions about why this individual was trying to leak documents and why the FBI was suspicious of Dalke to setup a whole sting operation. That would have been interesting to know. Also, thinking you can outsmart the government that has unlimited resources is quite fascinating.

There’s Malware in the Windows Logo Image

The Witchetty hacking group launched a new malicious campaign where they use steganography to hide a backdoor malware in a Windows logo.

“Steganography is the practice of concealing a message within another message or a physical object. In computing/electronic contexts, a computer file, message, image, or video is concealed within another file, message, image, or video.” Wikipedia

“The file is hosted on a trusted cloud service instead of the threat actor's command and control (C2) server, so the chances of raising security alarms while fetching it are minimized.

"Disguising the payload in this fashion allowed the attackers to host it on a free, trusted service," Symantec explains in its report.

Downloads from trusted hosts such as GitHub are far less likely to raise red flags than downloads from an attacker-controlled command-and-control (C&C) server.

The attack begins with the threat actors gaining initial access to a network by exploiting the Microsoft Exchange ProxyShell (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207) and ProxyLogon (CVE-2021-26855 and CVE-2021-27065) attack chains to drop webshells on vulnerable servers.

Next, the threat actors fetch the backdoor hiding in the image file, which enables them to do the following:

Perform file and directory actions

Start, enumerate, or kill processes

Modify the Windows Registry

Download additional payloads

Exfiltrate files.

Witchetty also introduced a custom proxy utility that causes the infected computer to act as the server and connects to a C&C server acting as a client, instead of the other way around.” (bleepingcomputer)

My thoughts: I learned about a new attack technique this week “steganography.” Another malware we need to be cautious of. My recommendation is to invest in endpoint detection and response so if you accidently download the wrong logo, you will be notified.

‍