Friday Five 6/3
In this week's Friday Five, read up on how Russian ransomware gangs are wreaking havoc, how software vulnerabilities may put election integrity at risk, and why you should be careful when donating to Ukraine.
1. Costa Rica’s public health system hit by Hive ransomware following Conti attacks by Carly Page
Following a wave of Conti cyberattacks this past month that prompted Costa Rican President Rodrigo Chavez to declare a state of emergency, the Costa Rica Social Security Fund (CCSS) was hit by Russia-linked Hive ransomware group beginning this past Tuesday. The attacks have since forced the CCSS to take their systems offline.
While the Hive ransomware gang has taken responsibility for this particular attack, experts believe these cybercriminals could we working closely with Conti ransomware gang in an effort to help the group “rebrand” and evade sanctions. According to ransomware expert Brett Callow, “The same individual could be an affiliate with both Conti and Hive and potentially other RaaS operations too. It’s also possible that Conti and Hive have established a working relationship, as other researchers have claimed.”
2. Turbulent Cyber Insurance Market Sees Rising Prices and Sinking Coverage by Stephen Lawton
With the sharp rise of ransomware, organizations are turning to cyber insurance more than they ever have before, but unfortunately for those organizations, policies are becoming more expensive and more difficult to find. According to Forrester, premiums grew 18% in Q1 2021 and continued to rise to 34% by Q4 2021. Insurers are increasingly having more trouble finding the balance between customers’ risk profiles and their risk-mitigation efforts, but according to Marc Schein, national co-chair of the Cyber Center of Excellence, “insurers' rating models did not accurately predict some of the loss severity that they've actually been seeing [with] evolving privacy regulation."
3. FBI warns of Ukrainian charities impersonated to steal donations by Sergiu Gatlan
In an effort to take advantage of the ongoing Russian-Ukrainian war,, scammers are posing as legitimate Ukrainian humanitarian aid organizations to steal donation money, according to the FBI. The scammers have gone so far as to impersonate the Ukrainian government, the Ukraine Crisis Relief Fund, the Act for Peace, UNICEF, and others. Read the full article at BleepingComputer to learn more about the warning issued by the FBI, how to avoid these scams, and where one can actually donate to help Ukraine.
4. Conti ransomware targeted Intel firmware for stealthy attacks by Bill Toulas
As the Hive ransomware gang continues to do its damage in Costa Rica, new facts are being learned about Conti ransomware gang even after they’re thought to have shut down operations. Through leaked chats, researchers most recently discovered that Conti developers had created proof-of-concept (PoC) code that leveraged Intel’s Management Engine (ME) firmware to gain system management mode execution. If the end goal is achieved, “Conti could use this attack flow to brick systems permanently, gain ultimate persistence, evade anti-virus and EDR detections, and bypass all security controls at the OS layer.”
5. Cyber agency: Voting software vulnerable in some states by Kate Brumback
Several vulnerabilities have been found in Dominion Voting Systems’ equipment, which is used in at least 16 states, according to the Cybersecurity and Infrastructure Safety Agency (CISA). CISA claims that there is no proof that the vulnerabilities have been exploited, that the vulnerabilities leave digital voting machines open to hacking. “These vulnerabilities, for the most part, are not ones that could be easily exploited by someone who walks in off the street, but they are things that we should worry could be exploited by sophisticated attackers, such as hostile nation states, or by election insiders, and they would carry very serious consequences,” says University of Michigan computer scientist J. Alex Halderman.