NetStandard’s Security Minute Series
The DoJ announced that it recovered “most” of the $4.4 million ransom that Colonial Pipeline paid, by seizing the BitCoin wallet: US recovers most of Colonial Pipeline’s $4.4M ransomware payment (bleepingcomputer.com)
- This news is potentially huge, or potentially a one-time event. Time will tell. Hopefully it sends a message to the ransomware threat actors that the United States is getting serious.
Colonial Pipeline also announced the root cause of its attack – A single legacy account, which was enabled for VPN and did not have MFA. One password allowed hackers to disrupt Colonial Pipeline, CEO tells senators (yahoo.com)
- All it takes is one account, one vulnerable weak point, for an attacker to get in. Make sure you have MFA enabled on ALL remote access, not just most!
If you have VMware vCenter, make sure it’s patched. A recent critical-severity vulnerability is being actively exploited: This is not a drill: VMware vuln with 9.8 severity rating is under attack | Ars Technica
It’s Patch Tuesday! Six zero-days this time. You know what to do: Microsoft patches six Windows zero-days, including a commercial exploit | The Record by Recorded Future
For those of you that have not gone through a ransomware incident (lucky you!), there’s a fascinating live-blog of a company going through it right now: Driftinfo – AK Techotel
- Look at the time stamps on the posts. Even after the company agreed to pay the ransom, look at how long it took to get the decryption started, and how many problems they still had after that. Paying the ransom does not get you back up and running quickly!
On another note…
- For years, the FBI ran an encrypted communications app that was marketed at global organized criminals. The app, called Anom, allowed users to send encrypted messages between each other – and gave the FBI a master decryption key to be able to read every message: Trojan Shield: How the FBI Secretly Ran a Phone Network for Criminals (vice.com) Hundreds of arrests have already taken place: ANOM: Hundreds arrested in massive global crime sting using messaging app – BBC News
- Unknown attackers breached gaming company Electronic Arts and stole 780gb of data, including full source code for FIFA 21, and source code and tools for its Frostbite game engine: Hackers Steal Wealth of Data from Game Giant EA (vice.com)
- The criminals got in by social engineering the IT helpdesk to give them access: How Hackers Used Slack to Break into EA Games (vice.com)