Friday Five: Cyber Gang Members Sanctioned, a Cybercrime Messaging Platform, & Stricter Security Regulations
This week saw the takedown of a cybercrime messaging platform, sanctions imposed on TrickBot members, the release of a recovery script for ransomware victims, and more. Catch up on the latest news in this week's Friday Five!
US, UK SANCTION MEMBERS OF ‘NOTORIOUS CYBER GANG’ TRICKBOT BY AJ VICENS
The U.S. and British governments imposed sanctions against seven individuals associated with the TrickBot cybercrime gang, with the U.S. Treasury Department ordering all property and interests in property held by the named individuals in the U.S. or controlled by Americans must be blocked and reported to Treasury’s Office of Foreign Assets Control. Both countries’ statements highlight the connections to Russian intelligence services, with the U.S. Treasury's statement claiming "the Trickbot Group’s preparations in 2020 aligned them to Russian state objectives and targeting previously conducted by Russian Intelligence Services."
POLICE HACKED EXCLU 'SECURE' MESSAGE PLATFORM TO SNOOP ON CRIMINALS BY BILL TOULAS
Exclu, an encrypted messaging service that allowed cybercriminals to exchange messages and media, was hacked by Dutch police this past week to monitor criminal activity. Eurojust, Europol, and the police forces in Italy, Sweden, France, and Germany assisted in the law enforcement operations, which reportedly began as early as September 2020. The authorities now reportedly possess all data from the messaging service, which may lead to discovering additional illegal activity and provide evidence to support charges brought against suspects.
CISA RELEASES RECOVERY SCRIPT FOR ESXIARGS RANSOMWARE VICTIMS BY LAWRENCE ABRAMS
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a script to recover VMware ESXi servers encrypted by the recent widespread ESXiArgs ransomware attacks, which reportedly affected 2800 servers since this past Friday. CISA's ESXiArgs-Recover script is available on GitHub to automate the recovery process for anyone affected by the attacks. CISA urges admins to review the script before using it to understand how it works and avoid possible complications, noting that "scripts like this one are safe and effective, this script is delivered without warranty, either implicit or explicit."
TOUGHER CYBERSECURITY RULES MAY BE MORE THAN A YEAR AWAY—BUT DON’T WAIT TO GET READY BY LAUREN C. WILLIAMS
Currently, defense acquisition regulations allow contractors to assess their own efforts to comply with federal cybersecurity standards, but that could change within the next couple of years, according to experts on the matter. The Pentagon's Cybersecurity Maturity Model Certification (CMMC) program may not be fully implemented until the 2025 fiscal year, but what is being labeled as CMMC 2.0 will reportedly keep or strengthen the current requirements to comply with cybersecurity guidance for controlled unclassified information (CUI) and will require contractors to obtain third-party approval of their cybersecurity infrastructure.
CRITICAL INFRASTRUCTURE AT RISK FROM NEW VULNERABILITIES FOUND IN WIRELESS IIoT DEVICES BY RAVIE LAKSHMANAN
According to recent research findings, a set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments. The findings are said to emphasize how making IIoT devices directly accessible on the internet can put OT networks at risk by essentially creating a "single point of failure" that can bypass all security protections. Read more about some of the specific vulnerabilities found in the full story from The Hacker News.