Friday Five 1/8
Anti-secrecy activists, insider threats, and exhaustive asset inventories - catch up on all of the week's infosec news with the Friday Five!
1. Anti-Secrecy Activists Publish a Trove of Ransomware Victims' Data by Andy Greenberg
A data activist group has controversially released data stolen by ransomware groups. The group known as Distributed Denial of Secrets, collected the information in question from the dark web where it had been leaked by ransomware hackers. The group who released the data claim that they are acting in the name of transparency, the public needs to know about potential corporate malfeasance or intellectual property that could be used for the benefit of society. Cybersecurity experts worry that ethically the reasoning is dubious. By further spreading stolen information, it might encourage or incentivize more ransomware attacks. Despite concerns about the groups’ behavior, they remain undeterred and their further spreading of information will lead to more ethical debates in the future.
2. US: Hack of federal agencies 'likely Russian in origin' by Eric Tucker and Frank Bajak
On Tuesday, top national security agencies named Russia as most likely responsible for the massive hack of the US Government. The joint statement is the first formal attempt to assign blame for the attack that has roiled the government and the private sector. The statement stressed that the attacks were intended for intelligence gathering rather than a direct attempt to disrupt or destroy government operations. The agencies also underlined that the operation is ongoing. The acknowledgment that the perpetrator is likely Russia, came weeks after a statement was expected. Now that blame has been assigned it will fall to the next administration to decide how to respond.
3. The anatomy of a modern-day ransomware conglomerate by Jeff Stone
The article highlights the ransomware gang, Egregor, which exemplifies the current state of ransomware. Instead of individual hackers, there is increasingly informal cooperation between various parties with malicious or criminal intent. These criminal groups realized that by working together they could be more successful, which has made them interdependent. Also, by specializing in one aspect, such as writing malicious code, and trusting that collaborators can help with other tasks, such as fencing the stolen data, the whole operation is more effective. Specialization is also encouraged by the increased profits of the ransomware operations over the last few years, there's more money to go around. Ransomware gangs are here to stay so it’s important for those fighting them to understand their operations and their increasingly interdependent structure.
4. The Cybersecurity 202: Riot in the Capitol is a nightmare scenario for cybersecurity professionals by Tonya Riley
The article covers the cybersecurity implications of the mob attack on the Capitol Building on Wednesday. The fear is that with so much unauthorized access to congressional offices and staff computers, the information on devices could have been compromised. As well, Senator Jeff Merkley (D-OR) said that his computer was stolen from his office. Even if officials are uncertain that there was a breach, IT staff will have to run an exhaustive asset inventory to make sure no information was compromised. Though IT must do a full review every two years during office turnover, this kind of physical breach is unprecedented, and dealing with it is of the utmost of importance for both cyber and national security.
5. Ticketmaster admits it hacked rival company before it went out of business by Dan Goodin
Ticketmaster has acknowledged that its employees used stolen passwords and attempted to hack a rival ticket sales company. As a punishment, Ticketmaster has agreed to pay a 10 million dollar fine. An employee who previously worked for the rival company emailed login credentials for multiple accounts used to manage presale ticket sales. Then, at a Ticketmaster meeting attended by at least 14 employees, they demonstrated how to login and access these accounts. The employee who provided the stolen information along with confidential financial documents from their previous employer was then promoted for their actions. Along with the fine, Ticketmaster has agreed to a compliance and ethics program.