Cyber Security News — Past 24 hours | 14.05.2021
Biden signed executive order to improve the Nation’s Cybersecurity
President Biden signed an executive order this week to improve the country’s defenses against cyberattacks, it is an important move that comes shortly after the recent wave of attacks, such as the SolarWinds supply chain attack and the Colonial Pipeline attack.
The order assigned to the Secretary of Homeland Security, in consultation with the Attorney General, the responsibility of establishing the Cyber Safety Review Board which will review and assess cybersecurity.
«The Board’s membership shall include Federal officials and representatives from private-sector entities. The Board shall comprise representatives of the Department of Defense, the Department of Justice, CISA, the NSA, and the FBI, as well as representatives from appropriate private-sector cybersecurity or software suppliers as determined by the Secretary of Homeland Security.» continues the order. «The security of software used by the Federal Government is vital to the Federal Government’s ability to perform its critical functions.» states the order. «Accordingly, the Federal Government must take action to rapidly improve the security and integrity of the software supply chain, with a priority on addressing critical software».
US CISA and FBI publish joint alert on DarkSide ransomware
FBI and DHS’s CISA have published a joint alert to warn of ransomware attacks conducted by the DarkSide group. The alert comes after the disruptive attack that hit Colonial Pipeline that caused chaos and disruption.
The alert provides technical details and mitigations related to the activity of Darkside ransomware gang. The group provides Ransomware-as-a-Service to a network of affiliates.
«DarkSide is ransomware-as-a-service — the developers of the ransomware receive a share of the proceeds from the cybercriminal actors who deploy it, known as »affiliates.« According to open-source reporting, since August 2020, DarkSide actors have been targeting multiple large, high-revenue organizations, resulting in the encryption and theft of sensitive data. The DarkSide group has publicly stated that they prefer to target organizations that can afford to pay large ransoms instead of hospitals, schools, non-profits, and governments. , » reads the joint alert.
The alert confirmed that crooks use DarkSide to gain access to a victim’s network to encrypt files on internal systems and exfiltrate data, then threaten to expose data if the victim refuses to pay the ransom.
Thousands of Cryptocurrency Users Targeted by Tor Network Exit Nodes
Cybersecurity researchers have said a threat actor has been adding malicious servers into the Tor network to intercept traffic heading to cryptocurrency websites and carry out SSL stripping attacks on users while accessing mixing websites.
In August 2020, the security researcher and Tor node operator Nusenu first highlighted this malicious behavior and has now shared more details about the ongoing malicious behavior in a follow-up post. “You can see the repeating pattern of new malicious relays getting added to the tor network and gaining significant traction before dropping sharply, when they got removed”.
“ This is the largest malicious tor exit fraction I’ve ever observed by a single actor”. According to the researcher, the threat actor managed to fly under the radar for more than a year because the malicious exit relays were added to the Tor network in small increments until they made up more than 23% of all exit nodes. Despite being outed, the threat actor continues to add new malicious nodes and Nusenu estimates that between 4% and 6% of the Tor exit nodes are still under the control of the threat actor.
Russian researchers developed methodology to predict cyber risks
Scientists from St. Petersburg Polytechnic University have developed a methodology for assessing cyber risks in smart city systems. The developed methodology has been tested on the “smart intersection” test bed .
Experts explained that cybercriminals have new goals: to disrupt the functioning of large enterprises and urban infrastructure, as well as to intercept control over them. Attackers using wireless channels can remotely penetrate a target subnet or device, intercept traffic, launch DoS attacks and take control of IoT devices to create botnets.
“At present, traditional cyber risk analysis strategies cannot be directly applied to the construction and assessment of smart city digital infrastructures, as the new network infrastructure is heterogeneous and dynamic,” said Vasily Krundyshev, a researcher at the Institute of Cybersecurity and Information Protection.
The methodology of cybersecurity risk analysis of the smart city includes the stages of assets type identification, threat identification, risk calculation and analysis of obtained values. The proposed methodology is based on a quantitative approach. At the same time, according to scientists, it is easily and quickly calculable, which is especially important in conditions of modern dynamic infrastructures.
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT