Welcome to Cyber Watch series for today, September 14, 2023. At DigitalXForce, our Cyber Intelligence team curates a list of the latest cybersecurity news to keep you informed on stories that matter every week.
This week’s Cyber Watch top 10 list is a compilation of stories from 50+ relevant news sources across the web – all ranked according to the risk impact. We encourage you to review these stories and take steps to protect your organization.
A new ransomware family called 3AM has been detected in the wild, written in the programming language Rust. The malware was first discovered by the Symantec Threat Hunter Team, part of Broadcom, in a single incident in which an unidentified affiliate deployed the strain following an unsuccessful attempt to deliver LockBit ransomware.
3AM is a fully-fledged ransomware family that attempts to stop multiple services on the infected computer before it begins encrypting files. Once encryption is complete, it attempts to delete Volume Shadow (VSS) copies, making it difficult for victims to recover their data without paying the ransom.
3AM gets its name from the fact that it’s referenced in the ransom note. It also appends encrypted files with the extension .threeamtime. At this time, it’s not known if the malware authors have any connections with known e-crime groups.
Security experts are advising organizations to be vigilant against this new ransomware threat and to take steps to protect their systems, such as keeping their software up to date, implementing strong security controls, and regularly backing up their data.
Affectiva, a subsidiary of Smart Eye, has announced a new attention metric integrated into its cloud-based Emotion AI platform. The new metric promises unparalleled accuracy and insights by analyzing gaze and head position using Smart Eye’s automotive-grade eye-tracking technology.
The new metric is designed to help brands, advertisers, entertainment companies, and market researchers better understand how viewers are engaging with their content. It goes beyond traditional attention metrics by providing insights into not only where viewers are looking, but also why they are looking there. This includes capturing the full spectrum of viewer engagement, including emotional responses and cognitive processing.
Affectiva’s new attention metric is expected to have a significant impact on the way that companies create and deliver content. By better understanding how viewers are engaging with their content, companies can make more informed decisions about how to produce more engaging and effective content.
Butler County, Pennsylvania, has experienced a security breach involving an employee email account at the county jail. The breach was discovered in early August, when the county learned that the account was being used to send unauthorized spam emails.
An investigation by a nationally recognized digital forensics team revealed that an unauthorized actor had gained access to the email account for a limited time and copied the contents. The county is still reviewing the contents of the email to determine what information may have been involved, who may have been affected, and where those people reside.
The county says that it has taken steps to secure the email account and is working with law enforcement to investigate the incident. The county is also notifying anyone who may have been affected and offering complimentary credit monitoring services where appropriate.
The county is encouraging residents to monitor their financial accounts and credit reports closely and to report any unusual activity to law enforcement.
North Korean hackers have stolen $53 million in cryptocurrency from the cryptocurrency exchange CoinEx. The attack occurred on September 12, 2023, and involved the theft of Ethereum, Tron, and Polygon cryptocurrency.
CoinEx has stated that user assets have not been impacted by the incident and that the exchange has taken steps to secure its systems and prevent future attacks. The exchange is also working with law enforcement to investigate the incident.
The theft of $53 million in cryptocurrency from CoinEx is the latest in a series of attacks by North Korean hackers on cryptocurrency exchanges. In 2022, North Korean hackers stole nearly $400 million in cryptocurrency from cryptocurrency exchanges and investment firms.
The attacks by North Korean hackers on cryptocurrency exchanges are a reminder of the importance of cybersecurity for cryptocurrency businesses. Cryptocurrency exchanges should take steps to secure their systems and protect their users’ assets from attack.
The United States and the United Kingdom have sanctioned 11 members of the TrickBot and Conti ransomware cybercrime gangs. The sanctions target individuals who are accused of being involved in the development, distribution, and deployment of the TrickBot and Conti malware.
TrickBot is a banking Trojan that has been used to steal millions of dollars from businesses and individuals around the world. Conti is a ransomware gang that has been responsible for some of the most high-profile ransomware attacks in recent years.
The sanctions will freeze the assets of the targeted individuals and prevent them from doing business with US and UK companies. The sanctions are also intended to send a message to other cybercriminals that they will be held accountable for their actions.
In addition to the sanctions, the US Department of Justice has also unsealed indictments against nine members of the TrickBot and Conti gangs. The indictments charge the individuals with crimes such as computer fraud, wire fraud, and money laundering.
The sanctions and indictments are a significant step in the fight against cybercrime. They demonstrate that the US and UK governments are willing to take action against cybercriminals, even if they are located in other countries.
Casino and lodging operator MGM Resorts is facing an ongoing cybersecurity incident that has taken down its reservation and booking systems, as well as its email systems. The company said that its casino floors are back online, but that it is still working to restore its other systems. The FBI is investigating the incident.
The outage has caused significant disruptions for MGM Resorts customers, who have been unable to make reservations or book rooms. The company has said that it is working to get its systems back up and running as soon as possible.
This is the latest in a series of high-profile cybersecurity incidents that have targeted major companies in recent months. In July, a ransomware attack forced JBS, the world’s largest meatpacker, to shut down its operations. And in June, a cyberattack on Kaseya, a software company, disrupted businesses around the world.
The frequency and severity of these attacks highlight the need for businesses to take cybersecurity seriously. Companies should implement strong security measures to protect their data and systems from attack.
The Sri Lankan government has been hit by a ransomware attack that has wiped out data from several government offices. The attack is believed to have been carried out by the BlackCat ransomware group.
The attack affected government offices that use the “gov.lk” email domain, including the Cabinet Office. The Information and Communication Technology Agency (ICTA), the lead agency for implementing information and communications technology initiatives by the Government of Sri Lanka, has confirmed the attack.
The ICTA said that the attack took place between May 17th and August 26th. Approximately 5,000 email addresses fell victim to the attack. The ICTA said that there was neither an offline nor an online backup system in place for a critical period of two months.
The attack has caused significant disruption to government operations. The ICTA said that it is working to restore the affected systems.
This is the latest in a series of ransomware attacks that have targeted government agencies in recent months. In July, a ransomware attack on Costa Rica’s government caused widespread disruption. And in June, a ransomware attack on the Colonial Pipeline in the United States caused gasoline shortages in several states.
The frequency and severity of these attacks highlight the need for governments to take cybersecurity seriously. Governments should implement strong security measures to protect their data and systems from attack.
Elon Musk is in hot water with the Federal Trade Commission (FTC) over his handling of privacy and security issues at Twitter.
In a new court filing, the FTC alleges that Musk may have violated an administrative order that was put in place after Twitter was fined $150 million in 2022 for privacy lapses. The order required Twitter to implement stricter privacy and security measures.
The FTC alleges that Musk’s actions, such as his mass layoffs and his “chaotic environment” at Twitter, have made it difficult for the company to comply with the order. The FTC is seeking a court order to prevent Musk from violating the order.
The Cybersecurity and Infrastructure Security Agency (CISA) has released a roadmap to support the open source software ecosystem. The roadmap outlines a number of tasks and goals that CISA hopes to achieve in order to make open source software more secure.
Some of the key goals of the roadmap include:
- Improving the security of open source software by increasing the number of security reviews and disclosures.
- Developing tools and resources to help organizations manage the security of open source software.
- Building a more diverse and inclusive open source community.
CISA is working with a number of partners, including the open source community, to implement the roadmap. The agency hopes that the roadmap will help to make open source software more secure and accessible to organizations of all sizes.
Microsoft is warning of a new phishing campaign that is targeting corporations via Teams messages. The campaign, which is being carried out by an initial access broker known as Storm-0324, involves sending malicious links to victims in Teams chat messages.
The links lead to a malicious ZIP file that, when opened, installs malware on the victim’s computer. The malware can then be used to steal sensitive data or to gain control of the victim’s computer.
Microsoft is urging organizations to be vigilant and to train their employees to spot phishing emails and messages. Employees should not click on links in emails or messages from unknown senders, and they should be wary of any emails or messages that seem suspicious.
That’s all for today. Stay tuned for our next episode. See you next week!