Friday Five: The War Against Cybercrime Platforms, Healthcare Security Improvements, & More

‘OPERATION ENDGAME’ HITS MALWARE DELIVERY PLATFORMS BY BRIAN KREBS

Operation Endgame, launched by U.S. and European law enforcement, is a major crackdown on cybercrime platforms distributing ransomware and malware. Dubbed the largest-ever operation against botnets, it targets "droppers" or "loaders" like IcedID, Smokeloader, and Trickbot, which stealthily install malware. In an attempt to disrupt cybercriminal operations, authorities arrested four suspects between May 27-29, 2024, simultaneously took down over 100 servers, and seized 2,000 domain names across multiple countries. Europol has listed eight fugitives involved in dropper services. This operation, which followed another significant takedown of the 911 S5 botnet but differs from past efforts, pledges ongoing actions, employs psychological tactics to undermine cybercriminals, and highlights increased law enforcement efforts against cybercrime.

Read more

NEWLY DISCOVERED RANSOMWARE USES BITLOCKER TO ENCRYPT VICTIM DATA BY DAN GOODIN

ShrinkLocker, a newly identified ransomware, encrypts data using the BitLocker feature in Windows, a full-volume encryptor that employs robust encryption algorithms originally introduced in 2007. ShrinkLocker reduces each non-boot partition by 100 MB, creating new partitions and encrypting data using BitLocker, disabling its key protections, and avoiding network drives to bypass detection. ShrinkLocker's encryption key is generated through complex randomization, and as a result, decryption without the attacker's key is typically impossible. Researchers discovered ShrinkLocker affecting systems in Mexico, Indonesia, and Jordan, and advise deploying robust endpoint protection, Managed Detection and Response (MDR), secure key storage, minimal user privileges, network traffic monitoring, and regular offline backups to mitigate the risk.

Read more

HOUSE REPUBLICAN SOUNDS THE ALARM ON THREATS TO FOOD AND AGRICULTURE SECTOR BY CHRISTIAN VASQUEZ

Rep. Brad Finstad warned of rising cybersecurity threats to the agriculture sector due to increasing technology use and inadequate USDA oversight, highlighting the sector's vulnerability with the 2021 JBS ransomware attack. Finstad introduced a bipartisan bill requiring the USDA to study these threats and conduct annual cyberattack simulations. Mark Montgomery, senior director at the Center on Cyber and Technology Innovation, criticized the USDA’s underfunding for cybersecurity. The Biden administration’s cybersecurity plan does not address food and agriculture specifically, although the administration's national security memorandum aims to improve sector defenses. Finstad stressed the need for more education and awareness on these issues.

Read more

ONLINE HEALTH SERVICES, APPS TO FACE NEW DATA SECURITY RULE ENFORCEMENT IN JULY BY DAVID DIMOLFETTA

Digital health services must notify users of data breaches under the FTC's updated Health Breach Notification Rule effective July 29, which has expanded its scope to include health apps, fitness trackers, and telehealth services. Breached providers must inform victims within 60 days and notify the FTC if 500 or more records are exposed. Third parties involved in breaches must also be identified. Recent FTC actions against GoodRx and Premom highlighted failures to disclose unauthorized data sharing. The rule aims to enhance cybersecurity amid rising health data breaches, like recent attacks on UnitedHealth's Change Healthcare and Ascension's network, which disrupted hospital operations.

Read more

MALWARE BOTNET BRICKED 600,000 ROUTERS IN MYSTERIOUS 2023 ATTACK BY BILL TOULAS

In 2023, the malware botnet "Pumpkin Eclipse" disrupted internet access by destroying 600,000 office/home routers in the Midwest, affecting a single ISP and three router models: ActionTec T3200s, ActionTec T3260s, and Sagemcom F5380. The incident resulted in a 49% reduction in operating modems for the ISP, which serves vulnerable communities. Although researchers have formally identified the botnet as responsible, the initial access vulnerability remains unknown. The botnet's primary payload, "Chalubo," operates without persistence, meaning a reboot can disrupt it. The attack led to significant hardware replacements, marking a rare instance of botnet-induced large-scale financial damage.

Read more