1. Security researchers reveal stealthy techniques to bypass antivirus tools and ransomware defenses
- Security researchers discovered significant vulnerabilities in popular antivirus tools, which could be exploited to deactivate protective mechanisms to launch ransomware attacks and other malicious operations.
- According to said researchers, of the 29 antivirus tools evaluated, 14 were found susceptible to the ‘Ghost Control’ attack technique. In comparison, the researcher found all 29 antivirus tools vulnerable to the ‘Cut-and-Mouse’ attack technique.
- Both attack techniques are stealthy measures employed by threat actors to initiate stealthy ransomware operations. The ‘Cut and Mouse’ attack technique allows an unauthorized code to switch off defensive security controls, generate flaws in protected folders, and wipe off critical files on compromised systems. Meanwhile, the ‘Ghost Control’ attack technique tricks legitimate-users into switching-off antivirus system logic and executing command-and-control (C2) programs via a remote server.
Expert Commentary: Today’s ransomware actors are devising sophisticated attack techniques to evade detective and protective security solutions. Some of the evasive tactics, techniques, and procedures employed against security solutions include logic obfuscation, poisoning attacks, and basic social engineering techniques. Although these emerging attack techniques are often designed to impact a specific part of an infected system, their dynamic impact is often felt in other non-technical facets of a business operation.
2. A targeted cyber-attack shuts down the largest meat production company in North America
- JBS Foods, one of the world’s largest meat producers, halted its business operations due to the impact of a targeted ransomware attack. Although the company’s IT servers in Australia and North America were the primary targets, production plants in other parts of the world felt the effects.
- The JBS Foods supply chain ranges from farmers to product transporters, who collaborate to meet the world’s growing meat demand, especially during the COVID-19 lockdown. Therefore, this ransomware incident resulted in the loss of productivity amongst thousands of workers, distributors, and transporters worldwide.
- According to IT specialists at JBS foods, all affected servers were segmented from the main network to reduce the impact of this sophisticated attack. In addition, JBS hired digital forensic experts to conduct an in-depth forensic analysis of all affected systems.
Expert Commentary: Ransomware attackers have proven to the world that they possess the capabilities to negatively change the social and economic way of life in any country. Moreover, these attackers understand that reputational damage is one reason why most organizations adhere to ransom demands. Therefore, the ransomware security threat is here to stay. In the case of the JBS Foods incident, it is unclear what the attackers’ motivations were; however, their actions successfully halted large-scale supply chain activities, impacting the world’s agricultural sector. With such sophisticated capability, it is no wonder that ransomware attacks are now designated as a National Security concern.
3. Ransomware: a possible hindrance to criminal prosecution
- The number of cyber incidents impacting data systems in courthouses, police stations, and law offices increased in the last two years. A group of attackers, including the Babuk ransomware group, has demonstrated an interest in compromising sensitive data associated with criminal cases.
- Recently, a police department in Azusa, Arizona, reported a malicious compromise impacting its database system, whereby threat actors stole numerous personally identifiable information (PII). The police department linked most of the stolen PII to gruesome crimes. Similarly, ransomware attackers put up 11GB of data from the Clearfield Borough Police department for sale on the darknet. These two security incidents are recent additions to the long list of cyberattacks targeting legal and law enforcement departments across the United States.
- Security analysts believe that these ransomware attacks lead to inaccessible systems and incomplete evidence, which protect the suspects from any allegations. The unauthorized release of sensitive case data hinders successful prosecutions and has resulted in numerous cases being dismissed.
Expert Commentary: It is not unlikely for a drug cartel to build partnerships with ransomware cartels in the criminal underworld. This mutually beneficial partnership is capable of wrecking criminal prosecutions of any caliber. Historically, ransomware-for-hire actors have circumvented the judicial system successfully, using digital transformation tactics. For instance, holding a public defender’s computer for ransom almost invalidates an entire criminal case. Therefore, every police department in the world needs a designated cybersecurity team to assure the confidentiality, integrity, availability of sensitive data of officers, victims, and investigations.
4. The U.S. Supreme Court restricts the scope of the Computer and Fraud Abuse Act (CFAA)
- Following the overturning of the conviction of a Georgia police officer, who was paid to search a police database for information about a particular license plate number, the U.S. Supreme Court moved to restrict the scope of the Computer Fraud and Abuse Act (CFAA). The CFAA prohibits unauthorized access to computer systems and networks or actions that supersede authorized access.
- Based on officer Nathan Van Buren’s actions, he was charged with a felony violation of the CFAA. However, the Supreme Court decided that although officer Buren’s actions were improper, they did not supersede his authorized access to the information system. Thus, there was no violation of the CFAA.
- According to the six Supreme Court Justices who voted in favor of officer Buren, the vagueness of the CFAA allows the federal government to misinterpret and punish harmless actions, such as violation of a website’s terms of service or violation of corporate policies by using work systems to access personal social media accounts.
Expert Commentary: Although the Supreme Court Justices, in this case, were knowledgeable enough to consider the ever-changing factors that exist in today’s digital landscape, which was not accounted for during the development and enactment of the CFAA in the 1980s. This 6-3 ruling is a slam-dunk victory for officer Buren. However, it echoes that whenever a user exceeds authorized access under the CFAA, it does not encompass violations of circumstance-based access restrictions imposed on employers’ computers. Certainly, this Supreme Court decision will set a significant precedent for the interpretation of the CFAA, especially as it relates to the use of authorized access to perform unauthorized activities in the workplace.
5. U.S. nuclear bunker secrets discovered on a flashcard app
- Security investigators revealed that a flashcard app accidentally leaked sensitive information about U.S. nuclear weapons. Investigators found that U.S. military personnel guarding nuclear bunkers used the flashcard app to memorize national security data.
- The leaked information includes the nuclear bunker’s camera positions, exact coordinates of U.S. nuclear warheads, secret codes for nuclear weapon vaults, system passwords, and other critical national security information that could impact U.S. atomic weapons worldwide.
- Interestingly, this data breach was discovered when security investigators searched the internet for keywords such as “WS3,” “vault,” or “PS3” in combination with the names of U.S. Air Force stations in Europe. Furthermore, these online flashcards were hosted by websites such as Quizlet and Chegg.
Expert Commentary: Earlier in the year, a toddler accidentally tweeted gibberish on the official Twitter account of the U.S. Nuclear Commission. Although a security lapse, the commission regarded it as an innocent error. However, this specific occurrence is a classic example of the lack of security awareness and negligence with critical information. Of course, certain operators tend to seek convenience over security; such a lapse in judgment could lead to horrific national security incidents. Therefore, government personnel managing U.S. Nuclear Regulatory Commission assets must undergo consistent data privacy and security training.