Friday Five 11/11
LockBit may have taken a hit this past week, but that hasn’t stopped ransomware from making the headlines. Catch up on this and more in this week’s Friday Five!
MICROSOFT LINKS RUSSIA’S MILITARY TO CYBERATTACKS IN POLAND AND UKRAINE BY DAN GOODIN
This past week, Microsoft identified the Sandworm hacking group—otherwise known as Iridium—as the likely culprit behind attacks targeting Polish and Ukrainian transportation and logistics organizations. According to Microsoft, the attacks involved a never-before-seen strain of ransomware now known as Prestige. Once the ransomware is deployed across victims’ networks, it allows the threat actors to encrypt over 200 different file types. Read the full story to learn more about Sandworm and why these attacks could be cause for concern.
LOCKBIT RANSOMWARE SUSPECT ARRESTED IN CANADA, FACES CHARGES IN US BY AJ VICENS
Canadian law enforcement arrested a Russian-Canadian dual national, Mikhail Vasiliev, for his suspected involvement in LockBit ransomware attacks and now faces five years in prison and extradition to the U.S. In her statement, Deputy Attorney General Lisa Monaco says, “his arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world,” while Europol classifies Vasiliev as one of its “high-value targets due to his involvement in numerous high-profile ransomware cases.”
US HEALTH DEPT WARNS OF VENUS RANSOMWARE TARGETING HEALTHCARE ORGS BY SERGIU GATLAN
Based on a report from the Health Sector Cybersecurity Coordination Center (HC3), the U.S. Department of Health and Human Services warned that at least one healthcare entity in the United States has fallen victim to Venus ransomware and that others may be targeted. This follows separate warnings in the recent past of Maui and Zeppelin ransomware targeting similar organizations. Find out more about Venus ransomware’s origins and its capabilities in the full story from BleepingComputer.
CISA, NSA AND INDUSTRY OUTLINE SECURITY RESPONSIBILITIES OF SOFTWARE SUPPLIERS BY MARIAM BAKSH
The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released joint guidance for software suppliers late last month that aims to examine the events that led up to the SolarWinds attack and outline best practices moving forward. Despite separate guidance being released for software developers just this past September, according to a recent statement from the NSA, "the supplier also holds a critical responsibility in ensuring the security and integrity of our software. After all, the software vendor is responsible for liaising between the customer and software developer. It is through this relationship that additional security features can be applied via contractual agreements, software releases and updates, notifications, and mitigations of vulnerabilities.”
NEW STRELASTEALER MALWARE STEALS YOUR OUTLOOK, THUNDERBIRD ACCOUNTS BY BILL TOULAS
In a departure from the common behaviors of most info-stealers, a new malware known as StrelaStealer is actively stealing email account credentials from Outlook and Thunderbird and was reportedly discovered in the wild for the first time early this month. Get the full breakdown of the malware’s capabilities and how it’s delivered in the full story from Bill Toulas.