Friday Five: The U.S. Operation Against QakBot, Cybercrime Treaty and Water Infrastructure Concerns, & More
The operation against QakBot marks a cybersecurity win for the U.S., but concerns over critical infrastructure, data privacy, and cyber insurance largely overshadow it. Catch up on these stories and more in this week’s Friday Five.
U.S. HACKS QAKBOT, QUIETLY REMOVES BOTNET INFECTIONS BY BRIAN KREBS
The U.S. government has launched a major operation dubbed "Duck Hunt" against QakBot malware, which has been used by various cybercrime groups to facilitate ransomware attacks. This international effort, led by the U.S. Department of Justice and the FBI, involved seizing control of the QakBot botnet's online infrastructure and discreetly removing the malware from tens of thousands of infected Windows computers. QakBot, originally a banking trojan, has evolved into a sophisticated malware strain employed to prepare compromised networks for ransomware infections, often delivered through phishing emails. The operation uncovered that QakBot infected over 700,000 machines in the past year, with 200,000 in the United States. It also seized $9 million in cryptocurrency and shared stolen credentials with relevant authorities.
US WATER INFRASTRUCTURE ‘UNSUSTAINABLE’ AMID RAPIDLY EVOLVING CRISIS, REPORT WARNS BY CHRIS RIOTTA
The National Infrastructure Advisory Council has unanimously approved a report labeling current U.S. water infrastructure as "unsustainable" and warns of an impending water crisis. The report cites cyber threats, climate change, growing demand, and chronic underfunding as key challenges. Recommendations include aquifer recharges and integrated water management systems, along with an emphasis on building resilience and preparing for disruptions. It highlights the need for a specialized workforce and diversity in the water sector, suggesting smart monitoring technologies and information systems. Streamlining permitting processes, aiding vulnerable populations, and funding AI research are also recommended. The EPA's role in overseeing cybersecurity practices for water systems is noted, along with a Republican-led legal challenge to its non-binding cybersecurity guidelines.
INSURANCE COSTS RISE, COVERAGE SHRINKS, BUT POLICIES REMAIN ESSENTIAL BY ROBERT LEMOS
Cyber insurance premiums are surging, with 69% of companies seeing over 50% increases in the past year according to a recent report. Insurers are reportedly demanding higher premiums due to rising breach costs and stricter terms. Despite the rise, however, many companies still opt for policies and allocate more budget to cover the hikes. The same report reveals that 80% of companies have filed at least one cyber insurance claim, with 47% making multiple claims. Insurers now use data to make better-informed decisions, causing premiums to rise while coverage improves. However, coverage gaps exist, particularly for smaller firms. Policies may be voided if security protocols aren't followed or if insider attacks occur. Still, cyber insurance encourages better cybersecurity practices, as 96% of companies adopt new security solutions to gain policy approval.
‘FIVE EYES’ NATIONS RELEASE TECHNICAL DETAILS OF SANDWORM MALWARE ‘INFAMOUS CHISEL’ BY CHRISTIAN VASQUEZ
The U.S. and its allies have released a detailed analysis of malware used by the Russian hacking group Sandworm in military cyber operations against Ukraine. The malware, called "Infamous Chisel," targeted Android devices belonging to Ukrainian service members to collect battlefield intelligence. Sandworm, known for previous cyber attacks on Ukraine, operates from Russia's Main Intelligence Directorate (GRU). Infamous Chisel ensures persistent access over the Tor network, exfiltrates data matching predefined extensions, and searches for specific Ukrainian military applications. While described as "low to medium sophistication," it aimed to access military networks while giving little thought to avoiding detection. The report notes that its lack of obfuscation or stealth techniques doesn't diminish its potential danger, however, as it could provide Russia with a battlefield advantage.
MICROSOFT JOINS A GROWING CHORUS OF ORGANIZATIONS CRITICIZING A UN CYBERCRIME TREATY BY TONYA RILEY
Microsoft has voiced concerns about the United Nations' ongoing negotiations on an international cybercrime treaty, including worries about the treaty's broad definitions of cybercrime, the potential for human rights abuses, and the lack of safeguards for notifying surveillance targets. They also emphasize the need to protect ethical hackers who conduct vulnerability assessments and penetration testing. China and Russia reportedly support the treaty, aiming to curb criminal use of information technologies, but critics and advocacy groups farther west have raised a number of issues, including privacy and surveillance concerns. While the U.S. government remains optimistic about the negotiations, issues like the treaty's scope and impact on dissent are still being debated, with a final vote expected in January 2024.