A roundup of the top news stories in information security this week, including Senators attempting to reform a government surveillance act, Kaspersky Lab conceding to obtaining hacking tool source code, and a new attack group setting its sights on cybersecurity pros.
Recent DHS Alert Warns of Russian APT Campaign
A Technical Alert issued last weekend by the FBI and the Department of Homeland Security highlights the activities of a Russian APT campaign that may contain signatures and rules likely to trigger false positives in security systems. The Dragonfly APT, also known as Energetic Bear and Crouching Yeti, targets the energy sector and other critical utilities, in addition to government agencies.
CYBER THREAT
New Attack Group Sets Its Sights on Cybersecurity Pros
Group 74, a new threat actor, has launched an attack campaign aimed at cybersecurity professionals or those interested in similar issues. The group is leveraging malicious Visual Basic for Applications (VBA) macro embedded in documents that advertise the upcoming Cyber Conflict U.S. Conference. Once the VBA is injected and executed, a variant of the Seuploader malware activates.
RANSOMWARE
Bad Rabbit Ransomware Wreaks Havoc in Russian and Ukraine
A new strain of ransomware dubbed “Bad Rabbit” is spreading in Russia and Ukraine. Thus far, the ransomware has affected systems at three Russian websites, and officials in Ukraine confirmed to Reuters that the ransomware in question, affecting an airport in the country as well as an underground railway in Kiev, is Bad Rabbit. “Work has been completely paralyzed” at some of the affected companies, according to one Russian official.
DATA BREACH
SEC Ignored Watchdog Warnings Prior to Data Breach
Before its 2016 breach, the Securities and Exchange Commission ignored warnings made by federal watchdogs regarding the importance of encrypting sensitive financial data stored on the agency’s networks. The Government Accountability Office contacted the agency as recently as July, one month before the agency learned of the 2016 incident. However, the GAO’s advice tied to the issue dates as far back as 2008.
Experts Link Bad Rabbit Ransomware to NotPetya
As the security community tracked the outbreak of the Bad Rabbit ransomware this week, many are beginning to draw ties between these recent attacks and the NotPetya ransomware that wreaked havoc on Ukraine and Russia. Kaspersky Lab found strong evidence tying the two attacks together, specifically when following the NotPetya attacks, websites were hacked to distribute the malware. Now, those same websites were found to be distributing Bad Rabbit.
Hackers Compromise Photos from Plastic Surgery Clinic
A hacker group known as The Dark Overlord has comprised photos belonging to a plastic surgery clinic. The group is now threatening to release the graphic photos tied to its recent hack of the high-profile London-based plastic surgery clinic whose clientele includes celebrating, in addition to some royals, according to the group. The group contacted The Daily Beast and indicated that the victim is the London Bridge Plastic Surgery & Aesthetic Clinic (LBPS).
Kaspersky Lab Concedes to Obtaining NSA Hacking Tool Source Code
In a report issued on Wednesday, Kaspersky Lab conceded that its software collected a file containing source code for a classified NSA hacking tool. The information was obtained from a home computer of an NSA contractor who was running the Kaspersky AV tool. According to the report, CEO Eugene Kaspersky ordered the company to delete the file..
PRIVACY
Senators Introduce New Bill That Limits U.S. Agency Surveillance on Citizens
This week two U.S. senators have introduced a new bill in aimed at reforming a law that allows U.S. agencies to conduct surveillance on citizens. Senators Ron Wyden (D-Ore.), Rand Paul (R-Ky.), and 11 others are aiming to provide significant reforms to Section 702 of the Foreign Intelligence Surveillance Act that’s set to expire on December 31.
MALWARE
Signature-Based AV Falls Short of Protecting Endpoints, Report Says
A new study by security firm Malwarebytes indicates that close to 40% of users who double up on antivirus solutions on their organization’s endpoints experienced a malware attack during the first half of the year. After scanning nearly 10 million endpoints, the Mapping AV Detection Failures report discovered that even though some endpoints had multiple AV solutions loaded on, malware attacks still occurred.