0:00

Cybersecurity Today is brought to you by

0:02

the generous support of our sponsor, Boseron

0:04

Security. You can get their

0:07

2024 State of Cybersecurity Awareness Report

0:09

at boseronsecurity.com and there's a link

0:11

you can follow in the show

0:13

notes. A

0:17

threat actor leverages Windows BitLocker

0:19

in ransomware attacks, beware

0:22

of orb networks, and more.

0:25

Welcome to Cybersecurity Today, it's

0:27

Friday, May 24, 2024.

0:30

I'm Howard Solomon, contributing reporter

0:33

on cybersecurity for technewsday.com.

0:39

A threat actor is using

0:41

Windows BitLocker encryption capabilities as

0:43

a ransomware tool, according

0:46

to researchers at Kaspersky that

0:48

saves crooks the trouble of

0:50

creating or renting a ransomware

0:52

package and finding a

0:54

way to download it onto victims'

0:56

computers. It's another

0:58

version of living off the land

1:00

attack, which is using tools already

1:02

on PCs and servers. Kaspersky

1:05

spotted the BitLocker trick being

1:07

used recently against organizations in

1:10

Mexico, Indonesia, and Jordan. It

1:13

may be coming to other countries as well. Abusing

1:16

BitLocker is not a new tactic,

1:18

but in these cases the threat

1:20

actor took steps to maximize the

1:22

damage and erase evidence of his

1:24

presence. Kaspersky doesn't say

1:27

how the threat actors initially

1:29

got into corporate networks, but

1:31

it does say IT departments

1:33

must use a robust endpoint

1:35

detection solution to spot attacks

1:37

on BitLocker, limit the

1:39

number of employees allowed to

1:41

use BitLocker, ensure that access

1:44

to BitLocker is only through

1:46

strong passwords, and store

1:48

BitLocker recovery keys in a secure

1:50

location. The

1:53

Lockbit ransomware gang yesterday released what

1:55

it says is some of the

1:57

data it stole last month from

1:59

Canadian Retail chain London Drugs.

2:02

According to Brett Callow can

2:04

any base threat researcher Francis

2:06

Off three files were posted.

2:09

One. Is three hundred ninety

2:11

eight gigabytes in size. A

2:13

second is sixty seven and

2:15

megabytes incised. The third is

2:17

twenty four megabytes. Ctv.

2:20

News as the game demanded twenty

2:22

five million dollars or the stolen

2:24

data of employees would be released.

2:28

Chinese. Espionage groups are

2:30

using proxy networks, have rented

2:32

a virtual private servers as

2:35

well as compromise smart devices

2:37

and routers. To. Help conceal

2:39

their attacks. That's. According to

2:41

researchers at Mandy and. Know

2:44

these networks are called operational

2:46

Really box that works or

2:48

or but networks for short.

2:51

And advantage of an orbit mesh network

2:53

is that it's size can easily be

2:55

grown. Mandy. It notes that

2:58

these networks aren't controlled by a single

3:00

thread after. Instead, their

3:02

networks administered by contractors who

3:04

sell access to multiple thread

3:07

groups. In fact, or networks

3:09

are created and torn down after last thing

3:11

as little as thirty one days. So.

3:14

A blocking and orb eighty infrastructure

3:16

isn't as effective as blocking a

3:18

command and control network run by

3:20

a bot network. Or.

3:23

Networks shouldn't be seen as an

3:25

indicator of compromise Mandy and says

3:27

instead an Orb networks to be

3:29

seen as an evolving entity like

3:32

an advanced persistent threat group. A.

3:36

Moroccan based spread actor

3:38

that Microsoft calls Storm

3:40

Zero Five Three Nine.

3:43

Which. Specializes in tricking employees

3:45

and falling for gift card

3:47

scams is increasing it's activity.

3:50

Tactics. Includes sending a fishing

3:52

and smashing messages to employees.

3:55

Sometimes. The gang impersonates help

3:57

desk staff and messages to employ.

4:00

They also create websites that impersonate

4:03

charities and then ask service

4:05

providers for technical services that

4:07

they usually give to non-profits.

4:10

And the gang will create free

4:12

trials or student accounts on cloud

4:14

service platforms, which are then used

4:16

to launch operations. Organizations

4:19

need to include this information in

4:22

their regular employee security awareness training,

4:24

adopt phishing-resistant multi-factor

4:27

authentication, and, if

4:29

they have a gift card program, implement

4:31

fraud protection solutions. Your

4:35

Wi-Fi router may be giving away

4:37

location information. That may not

4:40

be important if your access point is at home or

4:42

in an office, but it may be

4:44

a worry to those who use mobile access

4:46

points. That's the implication

4:48

of a blog by security reporter

4:50

Brian Krebs on work done by

4:53

University of Maryland researchers. Briefly,

4:55

tracking can be done because

4:57

of the way Apple collects

5:00

and publicly shares data about

5:02

the precise location of all

5:04

Wi-Fi access points that iPhones,

5:06

iPads, and other devices of

5:08

Apple see. If

5:10

you want to do something about it, the solution

5:12

is to change the SSID, which is the name

5:15

you give to your router that

5:17

gets publicly broadcast. You

5:19

change it to add the extension

5:22

underscore nomap. Your

5:24

router name changes from, say,

5:27

Howard to Howard underscore nomap.

5:30

That stops Apple from collecting certain

5:32

data. Now, of course, it

5:34

also means changing the name in every

5:37

wireless device that you have that connects

5:39

to the wireless access point. To

5:42

get a more detailed explanation, see

5:44

the link to the article in the

5:46

text version of this podcast at technewsday.com.

5:51

And finally, backup administrators using

5:53

Veeam products should act on

5:55

a patch the manufacturer has

5:57

issued to plug to critical

5:59

vulnerability. The whole in

6:01

Veeam Backup Enterprise Manager's web

6:03

console could allow an unauthenticated

6:05

attacker to log in and

6:08

do nasty things. Veeam

6:10

also released patches for two

6:13

other vulnerabilities rated high and

6:15

one rated low. That's

6:19

it for now but later today my

6:21

Week in Review podcast will be out.

6:24

My guest is Anidya Anand,

6:26

head of Canada's Treasury Board,

6:29

which just announced the first cyber

6:31

strategy for Canadian government IT systems.

6:34

There's also a video version of the show. Links

6:38

to details about news mentioned in

6:40

this podcast episode are in the

6:42

text version at technewsday.com. Follow

6:45

cybersecurity today on Apple podcasts,

6:47

Spotify, or add us to

6:50

your flash briefing on your

6:52

smart speaker. Thanks

6:54

for listening. I'm Howard

6:56

Solomon.