The Human Factor 👤 & BlackCat Ransomware 🐈
Cybersecurity breaches are nothing new. Every day, we learn about the vulnerabilities, assaults, and exploitation of various organizations, enterprises, and governments. HUB Security’s weekly digest is the place to go for a fresh innovative take on the issue. Come learn how to protect the ventures of today using the tech of the future.
On the Agenda
🎓 join HUB Security’s next online event on IoT for Telcos
👤 DoD employee takes advantage of his position to extort funds
🐈 BlackCat is a new RaaS and it’s taking names
🐯 Chinese new year blessings
🎓 Discover the ins and outs of IoT for Telcos
The Internet of Things (IoT) world is exploding with new opportunities. That’s why we’d like to invite you to our free online event in February. We host a panel of experts from well-known organizations to discuss and analyze the current market. Drop by for a one-of-a-kind look at the security aspect of this emerging field. Free registration is available right here 👈.
👤 A problem of human fallacy
An employee of the United States Department of Defense used his access to information for personal gain. The 41-year-old employee, who recently pleaded guilty, obtained the personal information of 37 people and used it to obtain loans from a variety of financial institutions. The offender paid off his debts with the money he borrowed. He obtained the information from the DCMA 360 SharePoint website and used it to create fictitious Gmail accounts using impersonation to obtain the same loans.
HUB’s perspective: When a hacker tries to achieve this info there are a lot of security controls in place to make it very hard to get access to the desired data, while a legitimate insider has direct access to the data. This is why individuals with broad access should refresh the background checks to verify they didn’t get into situations when they are more vulnerable to extortion or corruption.
Another way control to prevent a rogue insider from getting access to sensitive data is to enforce the 2-man rule principle. Any critical operation would require approval from a separate person. This in turn will reduce the threat of single-person corruption. As part of the comprehensive solution that HUB Security provides, a 2-man rule and governance is an important capability available for customers to deploy.
🐈 BlackCat is the new Ransomware as-a-Service in the neighborhood
It is already a cliche to say that ransomware is a major issue. Nevertheless, this is the case. New criminal initiatives in the field are constantly emerging and never fail to astound, displaying new types of software, various formats, and up-to-date code languages. Such is the case with BlackCat. This RaaS software offers its services to affiliates at ‘competitive prices,’ and it does so in the trendy code language Rust. These advancements allow attackers to switch from a ‘double-extortion’ attack strategy to a multi-extortion attack strategy. These include DDoS attacks, shaming, data theft, encryption, and so on. (Source)
“The ransomware-as-a-service cybercriminal marketplace by offering 80% to 90% of ransoms to “affiliates” and aggressively outing victims on a name-and-shame blog”
HUB’s perspective: We can see that ransomware become more sophisticated and more configurable to the target. We can also see that this business adds more types of attacks, including DDoS. This development makes a stronger argument for defense-in-depth security strategy, including Secure Compute for your critical applications and data. HUB Security provides such a secure compute solution. In addition, we have introduced a new DDoS test SaaS to help customers defend and test against DDoS attacks as we grow our cybersecurity portfolio of products and services.
🐯 Before we part, that’s a great chance to wish all of you a Happy Lunar Year!
