New “Yanluowang” ransomware variant discovered
Named for the extension it adds to encrypted files, the new ransomware was discovered by Symantec during its investigation into an attack against an unnamed “large organization.” After deploying the command-line Active Directory query tool AdFind for reconnaissance, it stops all hypervisor machines running on the targeted machine, and drops a ransom note warning victims not to contact the police or any specialized ransomware negotiation firms, or suffer DDoS as well as ‘calls to employees and business partners.’ Yanluowang refers to a Chinese deity linked to the underworld, although Symantec had no confirmation about the origin of the threat group.
Financial regulator addresses hybrid working security risks
The UK’s Financial Conduct Authority (FCA), has released new guidance for organizations in the sector to help them transition securely to hybrid working practices. The regulator warned that financial sector firms must prove that “the lack of a centralized location or remote working” doesn’t increase the risk of financial crime. It also demanded that firms prove there is “satisfactory planning” in several areas including risk, compliance and audit, and the increased use of portable laptop computers.
DocuSign phishing campaign targets low-ranking employees
Phishing actors are following a new trend of targeting non-executive employees but who still have access to valuable areas within an organization. As reported by Avanan researchers, half of all phishing emails they analyzed in recent months impersonated non-executives, and 77% of them targeted employees on the same level. Some of these use a spoofed version of DocuSign to fulfill an employee request to update their direct deposit information for example, and which asks for the login password – something that a real DocuSign document would not do. Analysts say this is a direct result of senior executives becoming more vigilant and better protected.
Australia unveils ransomware action plan to combat cyberattacks
The government is also collaborating with international and business partners to protect Australians against global ransomware threats. The Ransomware Action Plan is built on three objectives – Prepare and Prevent; Respond and Recover; Disrupt and Deter. The program seeks to launch additional operational activity to target criminals seeking to disrupt and profit from Australian businesses and individuals, and establish a multi-agency taskforce Operation Orcus as Australia’s strongest response to the surging ransomware threat, led by the Australian Federal Police.
Thanks to our episode sponsor, Bitsight
Chinese APT group IronHusky exploits zero-day Windows Server privilege escalation
One of the vulnerabilities patched by Microsoft Tuesday has been exploited by a Chinese cyberespionage group since at least August. The attack campaigns targeted IT companies, defense contractors and diplomatic entities. According to researchers from Kaspersky Lab, the malware deployed with the exploit and its command-and-control infrastructure point to a connection with a known Chinese APT group tracked as IronHusky that has been operating since 2017, but also with other China-based APT activity going back to 2012. The hackers used the privilege escalation exploit to deploy a remote shell Trojan (RAT) that Kaspersky dubbed MysterySnail. Attackers can use this malware program to execute Windows shell commands, gather information about the disks and folders, delete, read and upload files, kill processes and more.
Roughly 25% of U.S. critical infrastructure is at risk of flooding
A new report highlighting the flood risk over a 30 year period for every city and county across the conterminous United States has been released by First Street Foundation, a science and technology nonprofit organization. The new study evaluates flood risk to critical infrastructure, such as utilities, airports, ports and emergency services, in addition to residential properties, commercial properties, roadways and social infrastructure like schools and government buildings. The highest concentration of community risk exists in Louisiana, Florida, Kentucky, and West Virginia, with 17 of the top 20 most at risk counties in the U.S. (85%) residing in these 4 states. Louisiana alone accounts for 6 of the top 20 most at risk counties (30%).
Microsoft says Azure fended off what might just be the world’s biggest-ever DDoS attack
The attack, which clocked in at 2.4Tbit/sec, originated from approximately 70,000 sources from multiple countries in the Asia-Pacific region, as well as from the United States.” The attackers used UDP reflection, a technique that sees an attacker send packets to an intermediate server – the “reflector.” Azure’s DDoS-reflection powers saw off the attack, which targeted what Microsoft will only say was an “Azure customer in Europe.”
Azure Emissions Dashboard shows how you and Microsoft are slowly killing the planet
Speaking of Azure, Microsoft has made its Emissions Impact Dashboard – formerly known as the Sustainability Calculator, which is designed to measure the carbon impact of cloud workloads – generally available. The dashboard rates cloud power usage by scopes, Scope 1 being direct emissions such as from fuel for backup power generators, Scope 2 is emissions from energy consumed, primarily electricity, and Scope 3 is indirect emissions including such objects as manufacturing and delivering servers and racks. Although it as some detractors, and some vague calculations, Microsoft expects that it should draw attention to reducing unnecessary consumption of computing resources.