Cybersecurity News Roundup: Week of May 16, 2022

Hello and welcome to GlobalSign’s weekly cybersecurity update.

There has been a lot of activity in Latin America, where one of the most talked about stories continues to be the Conti ransomware gang’s hold over the government of Costa Rica. Conti essentially terrorized Costa Rica, claiming he has government insiders and threatening to inflict more damage by compromising “other systems.” Conti’s messages also said Costa Rican officials “have no choice” but to pay the ransom and should not try to “find workarounds.” In response, President Rodrigo Chaves said his country was at war with pirates. Conti is now demanding $20 million in ransom. But…

Bleeping Computer published a story last night that the Conti gang is shutting down and splitting into smaller groups. Lawrence Abrams writes: “While it may seem odd that Conti would shut down amid his information war with Costa Rica…Conti carried out this very public attack to create a live operation facade while members de Conti were slowly migrating to other smaller ransomware operations.” File as: As the world of cybersecurity turns.

Then there’s the story that probably wasn’t on anyone’s bingo card – “FBI accuses Venezuelan doctor of using and selling ‘Thanos’ ransomware”. Yet on Monday, the FBI announced charges against a Venezuelan cardiologist who allegedly moonlighted as a cybercriminal mastermind. Moises Luis Zagala Gonzalez, also known as “Nosophoros”, “Aesculapius” and “Nebuchadnezzar”, is charged with attempted computer intrusion and conspiracy to commit computer intrusions.

Also, late last week, Brazilian e-commerce giant Americanas.com reported a multi-million dollar loss in sales to its financial results after a major cyberattack earlier this year. The company lost 923 million Brazilian reais ($183 million) in sales following two attacks between February 19 and 20 that left it unable to operate its e-commerce business. The Lapsus$Group ransomware gang is believed to be responsible. Lapsus$ is the gang whose leader may be a teenager. Several members of the group were arrested in late March by British police, although some of them were later released.

In Spain, police this week busted a phishing gang operating across the country and arrested 13 people with more expected. Police say there are nearly 150 victims of the phishing scam. To date, the gang has stolen at least 443,600 euros from online bank accounts. Unsuspecting recipients of the phishing email, which appeared to be from legitimate banks, clicked on a malicious link and were then tricked into handing over their login credentials. The criminals were able to access the bank accounts as well as modify the mobile phone settings of the victims’ accounts in order to receive the authentication codes sent by SMS.

In the United States, the Cybersecurity and Infrastructure Agency (CISA) issued an emergency directive to federal civilian executive agencies this week after learning that unpatched VMWare products pose “an unacceptable risk to network security. federal”. CISA is asking agencies to update their VMware products affected by a pair of new vulnerabilities or remove them from their networks. VMware bugs – CVE-2022-22972 and CVE-2022-22973 – expose several VMware products to remote code execution (RCE) attacks.

Also this week, the US Department of Justice (DoJ) announced a major policy change regarding the controversial Computer Fraud and Abuse Act (CFAA). The result is that the DoJ will no longer pursue security research in good faith that violates federal computer hacking law, the Computer Fraud and Abuse Act (CFAA). In addition, prosecutors should also avoid indicting people for simply violating a website’s terms of use – including minor rule violations such as embellishing a dating profile – or use of a work-related computer for personal tasks.

It’s a wrap. Thank you for passing by our blog. Protect yourself cyber and have a great weekend!

Amy

Top Global Security News

Vice (May 19, 2022) DOJ Announces It Won’t Prosecute White Hat Security Researchers

On Thursday, the Justice Department announced a policy change in that it will no longer pursue security research in good faith that violates federal computer hacking law, the Computer Fraud and Abuse Act (CFAA). .

The move is significant because CFAA has often posed a threat to security researchers who can probe or hack into systems in an effort to identify vulnerabilities so they can be patched. The revised policy means that such searches should not be subject to fees.

“Computer security research is a key driver for improving cybersecurity,” Assistant Attorney General Lisa O. Monaco said in a statement released with the announcement. “The department has never been interested in prosecuting good faith computer security research as a crime, and today’s announcement promotes cybersecurity by providing clarity to bona fide security researchers who eliminate vulnerabilities. for the common good.”

READ MORE

dark reading (May 18, 2022) CISA to Federal Agencies: Fix VMware Products Now or Take Them Offline

The Cybersecurity and Infrastructure Agency (CISA) has issued an emergency directive requiring civilian federal executive branch agencies to update their VMware products affected by a pair of new vulnerabilities or remove them from their networks.

VMware bugs – CVE-2022-22972 and CVE-2022-22973 – expose several VMware products to remote code execution (RCE) attacks.

CISA said that last month, in just 48 hours after VMware patched its VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation and vRealize Suite Lifecycle Manager, Advanced Persistent Threat (APT) actors were able to reverse engineer updates to launch attacks.

READ MORE

beeping computer (May 18, 2022) Spanish police bust phishing gang that emptied bank accounts

Spanish police have announced the arrest of 13 people and the opening of investigations into seven others for their participation in a phishing ring that stole online banking credentials.

Threat actors used phishing lures to trick their victims into thinking they had received an alert from their bank and stole their account credentials.

Having access to bank accounts, the adversaries used their victims’ money to make online purchases, direct transfers to “money mule” accounts or apply for personal loans.

READ MORE

DataBreachToday (May 17, 2022) Conti claims to have “insiders” in the Costa Rican government

The Conti ransomware group, which has held a ransom against crypto-locked Costa Rican government systems since April, claimed on its leak site Conti News that it has “insiders” in the country’s government, and that they are working to the compromise of “other systems.”

“We have our insiders in your government. I recommend that you contact UNC1756 responsibly. We are also working on access to your other systems. You have no choice but to pay us. We know you have hired a data recovery specialist. Do not try to find workarounds. Another attempt to get in touch through other services will be punished by deletion of the key,” the latest message from the threat group reads. UNC1756 is another name for the Conti group.

READ MORE

ZDNet (May 16, 2022) Brazilian e-commerce company Americanas reports multi-million dollar loss following cyber attack

Brazilian e-commerce conglomerate Americanas.com announced a multimillion-dollar sales loss in its financial results on Friday after a major cyberattack earlier this year.

The company lost 923 million Brazilian reais ($183 million) in sales after two attacks that took place between February 19 and 20 rendered its e-commerce operation unavailable. According to the company, physical stores continued to operate and the company’s logistics arm continued to deliver orders placed after the event.

According to Americanas, operations began to be gradually restored on February 23, and full operations resumed the following day. “There is no evidence of other harm, beyond the fact that our e-commerce operations have been suspended,” the firm noted.

READ MORE

Cyberscoop (May 16, 2022) FBI accuses Venezuelan doctor of using and selling ‘Thanos’ ransomware

The FBI on Monday announced charges against a Venezuelan cardiologist who the bureau says was moonlighting as a cybercriminal mastermind, both designing and using ransomware he boasted was deployed by hackers computers sponsored by the Iranian state.

Moises Luis Zagala Gonzalez, who also went by the usernames “Nosophoros”, “Aesculapius” and “Nebuchadnezzar”, is charged with attempted computer intrusion and conspiracy to commit computer intrusions.

According to the unsealed complaint Monday, Zagala sold and rented its ransomware, providing cybercriminals with extensive training on how to use its product and even start their own ransomware gangs.

READ MORE

Other sobering stories

Ransomware gangs rely more on weaponization vulnerabilities – Bleeping Computer

Ukrainian hacker jailed for selling dark web account credentials – Portswigger

Angry IT Administrator Wipes Employer Databases, Gets 7 Years in Jail – Bleeping Computer

Smart Farm Machines Are A Weakness In Food Supply Chains

Water companies are becoming less insurable due to ransomware, industry executives say – Cyberscoop

Mystic Privacy: New Connecticut Law Makes It Clearer – Lexology

The vulnerable maritime supply chain – a threat to the global economy – Security Week

How to Turn a Coke Can Into an Eavesdropping Device – Dark Reading

Hackers can make Siemens building automation controllers ‘unavailable for days’ – Security Week

About Matthew Berkey

Check Also

BanColombia SA – Consensus indicates downside potential of -15.9%

BanColombia SA with ticker code (CIB) now have 10 analysts covering the stock. Analyst consensus …