Security week 9

This is the first case of seizure of funds paid during a ransomware attack. The US Department of Justice managed to recover 63.7 Bitcoins out of a total of 75, which were paid as ransom in the attack on the Colonial Pipeline facility, which operates a pipeline to the east coast of the US. FBI investigators monitored transfers of funds across multiple Bitcoin addresses until they gained access to one account’s private key, which acts as a password for that account. It is not clear how the FBI managed to obtain the private key, which enabled them to recover a significant part of the funds. The US is serious about fighting cybercrime, and the Department has recently launched a Task Force aimed at ransomware and digital extortion activity.

Full Article

The FBI, Europol and the Australian Federal Police (AFP), in collaboration with law enforcement agencies from several countries, have reached a high amount of criminals using modern technology. An application was built that pretended to have end-to-end encrypted communication and gradually spread among criminal groups. The operation resulted in the arrest of over 800 suspects, search of 700 homes and seize 8 tons of cocaine. You can watch a short video from AFP or a Europol press conference about the whole operation.

The Russian state-sponsored Nobelium Group (ATP 29) has received some customers’ subscription information. The Nobelium group is believed to be responsible for the attack on the SolarWinds supply chain. Thanks to the use of combinations of brute-force attack and so-called “password spray”, they managed to gain access to one of the corporate computers, which contained basic information about a smaller number of customers.

Full Article

The vulnerability of the NFS system in combination with other vulnerabilities in the software allow the hacking of ATMs and point-of-sale terminals. Researcher Josep Rodrigez of IOActive has built an Android application that mimics wireless credit card communication. He successfully managed to collect credit card data, cause the system to crash, change the value of the transaction without being noticed, or even display a ransomware message. Combined with other mistakes, he was able to force the ATM to issue money.

Full Article

A “high-level” member of the FIN7 group, Andrii Kolpakov, has been sentenced to a seven-year term and a $ 2.5 million fine. They used phishing emails in combination with malware (Carbanak malware). The US Department of Justice estimates the damage caused in the US alone at more than $ 1 billion.

Full Article

Wolfe Eye Clinic, which operates diagnostic and surgical centers in 40 Iowa communities, has become the target of a ransomware attack. In collaboration with a company specializing in IT and digital forensic analysis, they found out that data on 500,000 clients could have been compromised. The data includes information on names, email addresses, Social Security numbers, and, possibly, medical records.

Full Article

The nearly half-million city of Tulsa has fallen victim to the Conti ransomware gang. More than 18,000 city files (containing also personal data) – mostly police citations and internal department files – were shared on the dark web. Several online services and websites have been disconnected and are in the process of being restored. Residents were told to prepare for weeks, if not months, of city websites being down. They also said residents need to monitor all financial accounts and credit reports.

Full Article

The National Institute of Standards and Technology (NIST) has published definitions, supporting materials, and examples of critical software.

Full Article