Hello and welcome to GlobalSign’s weekly cybersecurity update.
There has been a lot of activity in Latin America, where one of the most talked about stories continues to be the Conti ransomware gang’s hold over the government of Costa Rica. Conti essentially terrorized Costa Rica, claiming he has government insiders and threatening to inflict more damage by compromising “other systems.” Conti’s messages also said Costa Rican officials “have no choice” but to pay the ransom and should not try to “find workarounds.” In response, President Rodrigo Chaves said his country was at war with pirates. Conti is now demanding $20 million in ransom. But…
Bleeping Computer published a story last night that the Conti gang is shutting down and splitting into smaller groups. Lawrence Abrams writes: “While it may seem odd that Conti would shut down amid his information war with Costa Rica…Conti carried out this very public attack to create a live operation facade while members de Conti were slowly migrating to other smaller ransomware operations.” File as: As the world of cybersecurity turns.
Then there’s the story that probably wasn’t on anyone’s bingo card – “FBI accuses Venezuelan doctor of using and selling ‘Thanos’ ransomware”. Yet on Monday, the FBI announced charges against a Venezuelan cardiologist who allegedly moonlighted as a cybercriminal mastermind. Moises Luis Zagala Gonzalez, also known as “Nosophoros”, “Aesculapius” and “Nebuchadnezzar”, is charged with attempted computer intrusion and conspiracy to commit computer intrusions.
Also, late last week, Brazilian e-commerce giant Americanas.com reported a multi-million dollar loss in sales to its financial results after a major cyberattack earlier this year. The company lost 923 million Brazilian reais ($183 million) in sales following two attacks between February 19 and 20 that left it unable to operate its e-commerce business. The Lapsus$Group ransomware gang is believed to be responsible. Lapsus$ is the gang whose leader may be a teenager. Several members of the group were arrested in late March by British police, although some of them were later released.
In Spain, police this week busted a phishing gang operating across the country and arrested 13 people with more expected. Police say there are nearly 150 victims of the phishing scam. To date, the gang has stolen at least 443,600 euros from online bank accounts. Unsuspecting recipients of the phishing email, which appeared to be from legitimate banks, clicked on a malicious link and were then tricked into handing over their login credentials. The criminals were able to access the bank accounts as well as modify the mobile phone settings of the victims’ accounts in order to receive the authentication codes sent by SMS.
In the United States, the Cybersecurity and Infrastructure Agency (CISA) issued an emergency directive to federal civilian executive agencies this week after learning that unpatched VMWare products pose “an unacceptable risk to network security. federal”. CISA is asking agencies to update their VMware products affected by a pair of new vulnerabilities or remove them from their networks. VMware bugs – CVE-2022-22972 and CVE-2022-22973 – expose several VMware products to remote code execution (RCE) attacks.
It’s a wrap. Thank you for passing by our blog. Protect yourself cyber and have a great weekend!
Top Global Security News
Vice (May 19, 2022) DOJ Announces It Won’t Prosecute White Hat Security Researchers
On Thursday, the Justice Department announced a policy change in that it will no longer pursue security research in good faith that violates federal computer hacking law, the Computer Fraud and Abuse Act (CFAA). .
The move is significant because CFAA has often posed a threat to security researchers who can probe or hack into systems in an effort to identify vulnerabilities so they can be patched. The revised policy means that such searches should not be subject to fees.
“Computer security research is a key driver for improving cybersecurity,” Assistant Attorney General Lisa O. Monaco said in a statement released with the announcement. “The department has never been interested in prosecuting good faith computer security research as a crime, and today’s announcement promotes cybersecurity by providing clarity to bona fide security researchers who eliminate vulnerabilities. for the common good.”
dark reading (May 18, 2022) CISA to Federal Agencies: Fix VMware Products Now or Take Them Offline
The Cybersecurity and Infrastructure Agency (CISA) has issued an emergency directive requiring civilian federal executive branch agencies to update their VMware products affected by a pair of new vulnerabilities or remove them from their networks.
VMware bugs – CVE-2022-22972 and CVE-2022-22973 – expose several VMware products to remote code execution (RCE) attacks.
CISA said that last month, in just 48 hours after VMware patched its VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation and vRealize Suite Lifecycle Manager, Advanced Persistent Threat (APT) actors were able to reverse engineer updates to launch attacks.
beeping computer (May 18, 2022) Spanish police bust phishing gang that emptied bank accounts
Spanish police have announced the arrest of 13 people and the opening of investigations into seven others for their participation in a phishing ring that stole online banking credentials.
Threat actors used phishing lures to trick their victims into thinking they had received an alert from their bank and stole their account credentials.
Having access to bank accounts, the adversaries used their victims’ money to make online purchases, direct transfers to “money mule” accounts or apply for personal loans.
DataBreachToday (May 17, 2022) Conti claims to have “insiders” in the Costa Rican government
The Conti ransomware group, which has held a ransom against crypto-locked Costa Rican government systems since April, claimed on its leak site Conti News that it has “insiders” in the country’s government, and that they are working to the compromise of “other systems.”
“We have our insiders in your government. I recommend that you contact UNC1756 responsibly. We are also working on access to your other systems. You have no choice but to pay us. We know you have hired a data recovery specialist. Do not try to find workarounds. Another attempt to get in touch through other services will be punished by deletion of the key,” the latest message from the threat group reads. UNC1756 is another name for the Conti group.
ZDNet (May 16, 2022) Brazilian e-commerce company Americanas reports multi-million dollar loss following cyber attack
Brazilian e-commerce conglomerate Americanas.com announced a multimillion-dollar sales loss in its financial results on Friday after a major cyberattack earlier this year.
The company lost 923 million Brazilian reais ($183 million) in sales after two attacks that took place between February 19 and 20 rendered its e-commerce operation unavailable. According to the company, physical stores continued to operate and the company’s logistics arm continued to deliver orders placed after the event.
According to Americanas, operations began to be gradually restored on February 23, and full operations resumed the following day. “There is no evidence of other harm, beyond the fact that our e-commerce operations have been suspended,” the firm noted.
Cyberscoop (May 16, 2022) FBI accuses Venezuelan doctor of using and selling ‘Thanos’ ransomware
The FBI on Monday announced charges against a Venezuelan cardiologist who the bureau says was moonlighting as a cybercriminal mastermind, both designing and using ransomware he boasted was deployed by hackers computers sponsored by the Iranian state.
Moises Luis Zagala Gonzalez, who also went by the usernames “Nosophoros”, “Aesculapius” and “Nebuchadnezzar”, is charged with attempted computer intrusion and conspiracy to commit computer intrusions.
According to the unsealed complaint Monday, Zagala sold and rented its ransomware, providing cybercriminals with extensive training on how to use its product and even start their own ransomware gangs.
Other sobering stories
Ransomware gangs rely more on weaponization vulnerabilities – Bleeping Computer
Ukrainian hacker jailed for selling dark web account credentials – Portswigger
Angry IT Administrator Wipes Employer Databases, Gets 7 Years in Jail – Bleeping Computer
Smart Farm Machines Are A Weakness In Food Supply Chains
Water companies are becoming less insurable due to ransomware, industry executives say – Cyberscoop
Mystic Privacy: New Connecticut Law Makes It Clearer – Lexology
The vulnerable maritime supply chain – a threat to the global economy – Security Week
How to Turn a Coke Can Into an Eavesdropping Device – Dark Reading
Hackers can make Siemens building automation controllers ‘unavailable for days’ – Security Week