Friday Five 4/1
Hacked satellites, how technology enables data protection, and the fastest ransomware - catch up on the infosec news of the week with the Friday Five!
1. Researchers Used a Decommissioned Satellite to Broadcast Hacker TV by Lily Hay Newman
A lot of the time decommissioned satellites break up in Earth's orbit or are powered down and moved into graveyard orbit but here's a good story about what could possibly happen in between. WIRED breaks down a ShmooCon talk by an embedded device security researcher who got permission to hack a Canadian satellite before it was fully taken offline. Using special access to an uplink license and transponder slot lease, Karl Koscher was able to use the satellite to broadcast video from another security conference, ToorCon in San Diego. While Koscher had special access to do this, the article hints that if someone had the technical know how, they could hijack other satellites, even newer ones. “One could take over even newish satellites,” Ang Cui, an embedded device security researcher WIRED spoke to said, “There definitely are things that are just hanging out up there.”
2. Zero-Day Vulnerability Discovered in Java Spring Framework by Rob Lemos
Another week, another zero day. Last week's saw news circulate about Chrome (and Chromium's) CVE-2022-1096, this week the spotlight is on the Java Web application development framework Spring and a vulnerability that could put some web apps at risk of remote attack. VMware, which owns and manages Spring, released a patch for the vulnerability, which of course has a name, Spring4Shell, on Wednesday. The fix can be found in Spring Framework to 5.3.18 or 5.2.20. While the vulnerability sounds much less severe than Log4Shell (CVE-2021-44228) a vulnerability uncovered last year in Log4j, experts are recommending defenders test whether they're affected and upgrade if possible.
3. Closing the data risk gap: How technology enables data protection by Aly McDevitt
Some fresh numbers here around how legal and compliance teams handle - or rather, aren't prepared to handle - data privacy and cybersecurity threats. As part of a recent survey, carried out between November and January last year by Compliance Week, only 20 percent of respondents said they were confident they had the right tools to effectively manage a data breach. Nearly half (42%) of respondents said that data privacy/cybersecurity threats were the source of their organization's biggest risk going into 2022. Nearly the same amount (48%) stressed that their organization needs better educate employees in order to manage data protection risk.
4. FBI efforts to disrupt business email compromise scams leads to 65 arrests by Danny Palmer
From time to time we try to highlight some positive news here - ransomware groups closing up shop, botnet disruptions, and so on - and here's a fine candidate for this week's Friday Five: News from ZDnet that a massive business email compromise (BEC) scheme has been thwarted thanks to coordinated actions made in the United States, Nigeria, South Africa, Canada, and Cambodia. As part of a series of arrests, started back in September 2021, 65 people were arrested after bilking over 500 victims out of $51 million.
5. Fastest ransomware found to encrypt 53GB of data in just over four minutes by Humza Aamir
How fast does ransomware encrypt your data, really? Techspot recaps a ransomware encryption speed test conducted by Splunk, in which it carried out 400 test runs on data from ten different ransomware families. While it’s odd to say there are any winners outside of cybercriminals when it comes to ransomware, in this case, the LockBit family of ransomware emerged as the fastest ransomware. It wound up encrypting 53 GB of data in four minutes and nine seconds. Babuk, Avaddon, and Ryuk followed in LockBit’s footsteps. For those curious, the test data consisted of 98,561 files, including PDF files and Excel and Word documents.