Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
Cybersecurity Today is brought to you by
0:02
the generous support of our sponsor, Boseron
0:04
Security. You can get their
0:07
2024 State of Cybersecurity Awareness Report
0:09
at boseronsecurity.com and there's a link
0:11
you can follow in the show
0:13
notes. A
0:17
threat actor leverages Windows BitLocker
0:19
in ransomware attacks, beware
0:22
of orb networks, and more.
0:25
Welcome to Cybersecurity Today, it's
0:27
Friday, May 24, 2024.
0:30
I'm Howard Solomon, contributing reporter
0:33
on cybersecurity for technewsday.com.
0:39
A threat actor is using
0:41
Windows BitLocker encryption capabilities as
0:43
a ransomware tool, according
0:46
to researchers at Kaspersky that
0:48
saves crooks the trouble of
0:50
creating or renting a ransomware
0:52
package and finding a
0:54
way to download it onto victims'
0:56
computers. It's another
0:58
version of living off the land
1:00
attack, which is using tools already
1:02
on PCs and servers. Kaspersky
1:05
spotted the BitLocker trick being
1:07
used recently against organizations in
1:10
Mexico, Indonesia, and Jordan. It
1:13
may be coming to other countries as well. Abusing
1:16
BitLocker is not a new tactic,
1:18
but in these cases the threat
1:20
actor took steps to maximize the
1:22
damage and erase evidence of his
1:24
presence. Kaspersky doesn't say
1:27
how the threat actors initially
1:29
got into corporate networks, but
1:31
it does say IT departments
1:33
must use a robust endpoint
1:35
detection solution to spot attacks
1:37
on BitLocker, limit the
1:39
number of employees allowed to
1:41
use BitLocker, ensure that access
1:44
to BitLocker is only through
1:46
strong passwords, and store
1:48
BitLocker recovery keys in a secure
1:50
location. The
1:53
Lockbit ransomware gang yesterday released what
1:55
it says is some of the
1:57
data it stole last month from
1:59
Canadian Retail chain London Drugs.
2:02
According to Brett Callow can
2:04
any base threat researcher Francis
2:06
Off three files were posted.
2:09
One. Is three hundred ninety
2:11
eight gigabytes in size. A
2:13
second is sixty seven and
2:15
megabytes incised. The third is
2:17
twenty four megabytes. Ctv.
2:20
News as the game demanded twenty
2:22
five million dollars or the stolen
2:24
data of employees would be released.
2:28
Chinese. Espionage groups are
2:30
using proxy networks, have rented
2:32
a virtual private servers as
2:35
well as compromise smart devices
2:37
and routers. To. Help conceal
2:39
their attacks. That's. According to
2:41
researchers at Mandy and. Know
2:44
these networks are called operational
2:46
Really box that works or
2:48
or but networks for short.
2:51
And advantage of an orbit mesh network
2:53
is that it's size can easily be
2:55
grown. Mandy. It notes that
2:58
these networks aren't controlled by a single
3:00
thread after. Instead, their
3:02
networks administered by contractors who
3:04
sell access to multiple thread
3:07
groups. In fact, or networks
3:09
are created and torn down after last thing
3:11
as little as thirty one days. So.
3:14
A blocking and orb eighty infrastructure
3:16
isn't as effective as blocking a
3:18
command and control network run by
3:20
a bot network. Or.
3:23
Networks shouldn't be seen as an
3:25
indicator of compromise Mandy and says
3:27
instead an Orb networks to be
3:29
seen as an evolving entity like
3:32
an advanced persistent threat group. A.
3:36
Moroccan based spread actor
3:38
that Microsoft calls Storm
3:40
Zero Five Three Nine.
3:43
Which. Specializes in tricking employees
3:45
and falling for gift card
3:47
scams is increasing it's activity.
3:50
Tactics. Includes sending a fishing
3:52
and smashing messages to employees.
3:55
Sometimes. The gang impersonates help
3:57
desk staff and messages to employ.
4:00
They also create websites that impersonate
4:03
charities and then ask service
4:05
providers for technical services that
4:07
they usually give to non-profits.
4:10
And the gang will create free
4:12
trials or student accounts on cloud
4:14
service platforms, which are then used
4:16
to launch operations. Organizations
4:19
need to include this information in
4:22
their regular employee security awareness training,
4:24
adopt phishing-resistant multi-factor
4:27
authentication, and, if
4:29
they have a gift card program, implement
4:31
fraud protection solutions. Your
4:35
Wi-Fi router may be giving away
4:37
location information. That may not
4:40
be important if your access point is at home or
4:42
in an office, but it may be
4:44
a worry to those who use mobile access
4:46
points. That's the implication
4:48
of a blog by security reporter
4:50
Brian Krebs on work done by
4:53
University of Maryland researchers. Briefly,
4:55
tracking can be done because
4:57
of the way Apple collects
5:00
and publicly shares data about
5:02
the precise location of all
5:04
Wi-Fi access points that iPhones,
5:06
iPads, and other devices of
5:08
Apple see. If
5:10
you want to do something about it, the solution
5:12
is to change the SSID, which is the name
5:15
you give to your router that
5:17
gets publicly broadcast. You
5:19
change it to add the extension
5:22
underscore nomap. Your
5:24
router name changes from, say,
5:27
Howard to Howard underscore nomap.
5:30
That stops Apple from collecting certain
5:32
data. Now, of course, it
5:34
also means changing the name in every
5:37
wireless device that you have that connects
5:39
to the wireless access point. To
5:42
get a more detailed explanation, see
5:44
the link to the article in the
5:46
text version of this podcast at technewsday.com.
5:51
And finally, backup administrators using
5:53
Veeam products should act on
5:55
a patch the manufacturer has
5:57
issued to plug to critical
5:59
vulnerability. The whole in
6:01
Veeam Backup Enterprise Manager's web
6:03
console could allow an unauthenticated
6:05
attacker to log in and
6:08
do nasty things. Veeam
6:10
also released patches for two
6:13
other vulnerabilities rated high and
6:15
one rated low. That's
6:19
it for now but later today my
6:21
Week in Review podcast will be out.
6:24
My guest is Anidya Anand,
6:26
head of Canada's Treasury Board,
6:29
which just announced the first cyber
6:31
strategy for Canadian government IT systems.
6:34
There's also a video version of the show. Links
6:38
to details about news mentioned in
6:40
this podcast episode are in the
6:42
text version at technewsday.com. Follow
6:45
cybersecurity today on Apple podcasts,
6:47
Spotify, or add us to
6:50
your flash briefing on your
6:52
smart speaker. Thanks
6:54
for listening. I'm Howard
6:56
Solomon.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More