Archive for July 20, 2023

Flashpoint Releases A Blog About The LockBit Ransomware Group

Posted in Commentary with tags on July 20, 2023 by itnerd

The analyst team at Flashpoint just released a blog post outlining the Lockbit Ransomware group.

LockBit was responsible for nearly 28 percent of known ransomware activity in the past year, and remains a major threat to organizations in the ransomware landscape.

According to the research, Lockbit has accounted for 28% percent of all known ransomware attacks from July 2022 to June 2023. Flashpoint uses OSINT and other collections to hone its research.

You can read the blog post here:  https://flashpoint.io/blog/lockbit/.

Leave a comment »

Partial-patch on Google’s Cloud Build bug leaves supply chain risk 

Posted in Commentary with tags on July 20, 2023 by itnerd

A critical design flaw in the Google Cloud Build service discovered by Orca Security can let attackers escalate privileges, providing them with practically full, unauthorized access to Google Artifact Registry code repositories.

Dubbed Bad.Build, the flaw could permit attackers to infiltrate a Google Cloud Build account to run API calls against the artifact registry and take control over application images allowing them to inject malicious code, resulting in vulnerable applications and supply chain attacks.

  • “The first and immediate impact is disrupting the applications relying on these images. This can lead to DOS, data theft and spreading malware to users.
  • “As we have seen with the SolarWinds and recent 3CX and MOVEit supply chain attacks, this can have far reaching consequences,” said Orca security researcher Roi Nisimi.

The Google Security Team implemented a partial fix after Orca reported the issue by revoking the logging.privateLogEntries.list permission from the default Cloud Build Service Account, which is unrelated to Artifact Registry.

  • “[…] Google’s fix doesn’t revoke the discovered Privilege Escalation vector. It only limits it – turning it into a design flaw that still leaves organizations vulnerable to the larger supply chain risk,” Nisimi said. 

Dave Ratner, CEO, HYAS had this comment:  

“Bad.Build is another example of what seems like a growing number of supply chain attacks.  These can be incredibly difficult to detect, and equally valuable for attackers to quickly spread across multiple organizations.    

“A Protective DNS strategy, deployed across both the corporate and production environments, or wherever the cloud is utilized, can be the early warning signal that anomalous activity is occurring, and can provide the visibility and observability required to implement a business resiliency strategy not just against Bad.Build but against the inevitable supply chain attacks that will follow.”

Hopefully Google does a full fix of this because this a pretty bad vulnerability.

Leave a comment »

Kevin Mitnick Dead At 59…. #RIP

Posted in Commentary with tags on July 20, 2023 by itnerd

Infamous hacker Kevin Mitnick is Dead At 59. He was infamous because in the 1990s he was responsible for a string of computer break-in, absconding with data files and credit card numbers. He was caught and spent five years in prison, which he described as a “vacation” by the time he was freed. From there, he changed the course of his career and chose to become a White Hat hacker and cybersecurity consultant. You can read more on his background here.

Rest In Peace.

Leave a comment »

Ransomware found impersonating Cybersecurity firm Sophos

Posted in Commentary with tags on July 20, 2023 by itnerd

Yesterday, it was discovered by MalwareHunterTeam that Cybersecurity vendor Sophos is being impersonated by a new RaaS dubbed SophosEncrypt, with the threat actors using the company name for their operations:

The ransomware was initially thought to be part of a Sophos red team exercise, but the Sophos X-Ops team tweeted this in response:

We found this on VT earlier and have been investigating. Our preliminary findings show Sophos InterceptX protects against these ransomware samples,” tweeted Sophos.

Little is known about the RaaS operation and how it is being promoted, but a sample of the encryptor was found by MalwareHunterTeam, and researchers are still analyzing it to see if any weaknesses could allow the recovery of files for free.

Carol Volk, EVP, BullWall had this comment: 

“Threat actors continually obfuscate their attacks and will always be one step ahead of the good guys. All we can do is man the walls with the best defenses available, including containment measures for when the walls are breached, as they surely will be.”

This situation illustrates the lengths that threat actors will go to launch attacks. Therefore we all have to be hyper vigilant to ensure that these attacks don’t succeed.

Leave a comment »

Salesforce State of IT Report Released

Posted in Commentary with tags on July 20, 2023 by itnerd

Salesforce today released the third edition of its State of IT Report, based on insights from 4,325 global IT leaders (including 200 from Canada).  The report finds that demand for services is continuing to increase, with 66% of Canadian IT leaders struggling to keep up with demand, and 75% projecting increased demand over the next 18 months alongside increased security threats and ongoing developments in AI, leading IT leaders to rethink their strategies and tactics for the business. Global highlights of the report include:

  • The role of artificial intelligence in IT is rapidly evolving, 87% of IT leaders expect more investment in automation at their organizations over the next 18 months, and 86% of IT leaders now expect generative AI to play a prominent role at their organizations in the near future, with the vast majority saying they, their staff, and their business stakeholders have a firm grasp on how it can be effectively leveraged. 
  • Security threats continue to cast a shadow on trust as AI matures, 67% of IT leaders report having trouble balancing business and security objectives. 
  • As a result of increased sustainability reporting requirements, carbon accounting is increasingly coming under IT’s purview. 79% of IT organizations have set greenhouse gas emission reductions, and 87% of those organizations’ leaders feel they can effectively track and report on those emissions.

 Trends for Canada:

  • 69% of IT leaders in Canada say the role of AI in their organizations is well-defined, a figure poised to grow as 84% believe generative AI, specifically, will soon have a prominent role in their organizations. 
  • However, leaders are proceeding with caution, with 74% concerned about generative AI’s ethics. 
  • 88% of Canadian IT leaders say they’re increasingly focused on operational efficiencies, and only 27% of Canadian IT organizations can support all app development requests they receive. 
  • To scale their capacity, 79% have adopted low or no-code tools and 46% use composability.

You can find the full report here.

Leave a comment »

LinkedIn can help turn your summer internship into a full-time position

Posted in Commentary with tags on July 20, 2023 by itnerd

As summer flies by, it’s crucial for interns to lay the foundation for their future career path. Navigating the evolving job market and effectively transforming an internship into a long-term job can be a challenging task, especially for new graduates who may still be finding their footing when it comes to showcasing their skills.  

That’s where the expertise of LinkedIn comes in. As a leading professional networking platform, LinkedIn offers a wealth of resources and insights to help young professionals:  

  • Understand the company culture and values: Take the time to familiarize yourself with the company’s culture, values, and mission. Being aware of top jobs, industries, and skills for entry-level professionals in the industry of your interest can help to showcase your dedication and passion for the company’s success. 
  • Showcase your skills and achievements: Throughout your internship, consistently deliver high-quality work that exceeds expectations. Collect your accomplishments, completed projects, and positive feedback to create an impressive portfolio that highlights your value to the organization. 
  • Stay connected: Even if there isn’t an immediate full-time position available, maintaining contact with your colleagues and supervisors is vital. This way, you can stay informed about any future opportunities that may arise. Utilizing professional networking platforms like LinkedIn to demonstrate your ongoing professional development and engagement.  
  • Elevate Your Career with LinkedIn Learning Courses: Internships are the perfect opportunity for personal and professional growth. LinkedIn Learning offers an extensive library of courses to help young professionals successfully transition from internships to jobs.  Whether it’s mastering project management or developing leadership skills, these courses provide practical, actionable content. 

Here’s some resources:

Leave a comment »

Canadian businesses, non-profits and community representatives join forces in support of the World Economic Forum’s Trillion Trees Platform

Posted in Commentary with tags on July 20, 2023 by itnerd

Today, three British Columbia-founded companies — TELUS, tentree and veritree, and Teck Resources — are joining 1t.org in the fight against climate change and wildfire deforestation. 1t.org — co-founded by the World Economic Forum and Salesforce in 2020 – has announced the launch of its Canadian chapter and a commitment to protecting or restoring 1 billion trees in the country by 2030 in support of the federal government’s stated goal of conserving, restoring, and growing 2-billion trees. 

This news is especially timely as just last week Canada’s Environment Minister Steven Guilbeault called on businesses to fight climate change with their wallets. The unprecedented number of wildfires across Canada this summer — including some devastating scenes in B.C. — proves that we need leadership and solutions for climate change in both the public and private sectors. Other Canadian companies including Manulife have also committed to participating in the new chapter. 

The 1t.org Canada Chapter will support the goals of Canada’s forest conservation efforts, as well as the restoration goals of the Canadian Government’s 2 Billion Trees Program, set up to collaborate with governments and organisations to plant two billion trees over the course of 10 years. The chapter also aims to support the monumental Kunming-Montréal Global Biodiversity Framework which sets out an ambitious pathway to reach the global vision of a world living in harmony with nature by 2050.

Leave a comment »

Scammers Have Targeted 68% of Venmo and Zelle Users, Up from 42%

Posted in Commentary with tags on July 20, 2023 by itnerd

Use peer-to-peer (P2P) payment services, like Venmo or Zelle? Seventy-six percent of Americans do. And new research finds someone has scammed or attempted to scam 68 percent of users this year, up from 42 percent two years ago.

Conducted by Security.org (https://www.security.org), the research also identifies more than a dozen other internet scams consumers need to be aware, including in-and-around cryptocurrency, online gaming, social media and student loan forgiveness, just to name a few.

In addition, the research includes tips on how to spot and stop fraudulent activity online and protect personal data.  Here are the latest statistics from Security.org’s research on new online scams:

  • One-in-four cryptocurrency owners have been targeted by scams; most often, victims lost money when they thought they were sending cryptocurrency to a well-known figure in the crypto space
  • 37 percent of gamers have been the target of a scam at least once; most frequently, clicking on a fraudulent link for free in-game accessories or upgrades
  • Malicious links in text messages are on the rise as 66 percent of Americans have received a suspicious text from someone they didn’t know, with about one-in-five clicking on links from senders they did not know
  • 22 percent of people bought something on social media that they have yet to receive 

Full details at:https://www.security.org/digital-safety/new-online-scam-prevention/

Leave a comment »

New Report: Ransomware Negotiator Finds MOVEit/Cl0p and Lockbit Dominate Ransomware 1H 2023

Posted in Commentary on July 20, 2023 by itnerd

Drew Schmitt, ransomware negotiator and Principal Threat Analyst at cybersecurity firm GuidePoint Security, has published the quarterly GuidePoint Research and Intelligence Team’s (GRIT) Ransomware Report for 1H 2023, which found Lockbit and Cl0p dominated the 1H 2023 and Q2 2023 increase in victims.

Key findings include:

  • Q2 of 2023 brought a 38% increase in victim volume over Q1
  • Manufacturing and Technology remain at the top spots for most-impacted industries during Q2 of 2023
  • Observed an increase in the activity of RaaS groups throughout the quarter, attributed to the 14 new groups that began operations in Q2 2023  
  • Increase from 587 to 1,177 observed affected organizations
  • The MOVEit campaign accounted for 6% of the month’s attacks and 94% of Clop’s total for Q2

You can view the report here.

Leave a comment »