Archive for February 15, 2024

The US Is Offering Up Big Money To Capture ALPHV/Blackcat

Posted in Commentary with tags on February 15, 2024 by itnerd

The United States has clearly had enough of the ALPHV/Blackcat ransomware gang. I say that because the U.S. State Department offering rewards of up to $15 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders:

The U.S. Department of State is offering a reward of up to $10,000,000 for information leading to the identification or location of any individual(s) who hold a key leadership position in the Transnational Organized Crime group behind the ALPHV/Blackcat ransomware variant.  In addition, a reward offer of up to $5,000,000 is offered for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in ALPHV/Blackcat ransomware activities.

On December 19, 2023, the Department of Justice (DOJ) and the FBI announcement of cooperation with an international group of law enforcement agencies from the United Kingdom, Australia, Germany, Spain, and Denmark, to conduct a disruption campaign against the notorious ransomware gang ALPHV/Blackcat.  FBI identified ALPHV/Blackcat actors as having compromised over 1,000 victim entities in the United States and elsewhere, including prominent government entities (e.g., municipal governments, defense contractors, and critical infrastructure organizations). To date, the FBI has worked with dozens of victims in the United States and internationally to disseminate a decryption tool to restore victim systems and prevent ransom demand payments of approximately $99 million.

 Shawn Loveland, COO, Resecurity had this to say:

According to Resecurity reporting, BlackCat (ALPHV) has increased its ransom demands to up to $2.5M per victim from the large enterprise segment. This is why the group is well-funded and has a significant number of access brokers and affiliates working for them. In fact, many of their attacks have not been publicly disclosed, which suggests that this figure could be much higher in practice. By offering a $15M reward, the law enforcement community aims to disrupt their activity by collecting intelligence from actors familiar with them, potentially causing “competition” between bad actors and their associates. This is especially relevant in light of recent conflicts, such as Lockbit experiencing a ban from certain Dark Web communities. It is possible that the group could be “burned” due to internal conflicts and other actors leaking data about them.

This is an interesting tactic to try and take this group down. Let’s see how successful this tactic is, or isn’t.

Leave a comment »

Air Canada Tried To Dodge Responsibility For It’s Chatbot Handing Out Incorrect Information… And Fails

Posted in Commentary with tags on February 15, 2024 by itnerd

This is something that I suspect that we’ll see more of in the coming months and years. CTV News is reporting that a chatbot that Air Canada uses handed out incorrect information to a man in regards to bereavement rates:

Jake Moffatt was booking a flight to Toronto and asked the bot about the airline’s bereavement rates – reduced fares provided in the event someone needs to travel due to the death of an immediate family member.

Moffatt said he was told that these fares could be claimed retroactively by completing a refund application within 90 days of the date the ticket was issued, and submitted a screenshot of his conversation with the bot as evidence supporting this claim.

He submitted his request, accompanied by his grandmother’s death certificate, in November of 2022 – less than a week after he purchased his ticket. But his application was denied and the tribunal decision said emails submitted as evidence showed that Moffatt’s attempts to receive a partial refund continued for another two-and-a-half months.

The airline refused the refund because it said its policy was that bereavement fare could not, in fact, be claimed retroactively.

In February of 2023, Moffatt sent the airline a screenshot of his conversation with the chatbot and received a response in which Air Canada “admitted the chatbot had provided ‘misleading words.'”

But Moffatt was still unable to get a partial refund, prompting him to file the claim with the tribunal.

Air Canada for its’ part said that the company could not be held responsible for what the chatbot said because the chatbot is a separate entity from Air Canada.

Yeah. They really said that. Here’s how that went down:

Air Canada, for its part, argued that it could not be held liable for information provided by the bot.

“In effect, Air Canada suggests the chatbot is a separate legal entity that is responsible for its own actions. This is a remarkable submission. While a chatbot has an interactive component, it is still just a part of Air Canada’s website,” [tribunal member Christopher C. ] Rivers wrote.

“It should be obvious to Air Canada that it is responsible for all the information on its website. It makes no difference whether the information comes from a static page or a chatbot.”

The airline also argued that the chatbot’s response to Moffatt’s inquiry included a link to a section of its website that outlined the company’s policy and said that requests for a discounted fare are not allowed after someone has travelled.

Rivers rejected this argument as well.

Air Canada has been ordered to pay $650.88 in damages. In addition, the airline was ordered to pay $36.14 in pre-judgment interest and $125 in fees.

Now Air Canada’s argument is at best laughable, and at worst a desperate attempt to cover up the fact that their chatbot wasn’t properly set up to deliver accurate information 100% of the time. And while the story doesn’t say this, I suspect that the reason he went the chatbot route is that it is nearly impossible to get an actual human being on the phone over at Air Canada. At least, that’s been my experience over the last few years when I’ve needed to call them. Perhaps Air Canada should invest not in chatbots, but actual human beings that are properly trained and properly equipped to help customers 100% of the time and quickly? Just a thought.

Leave a comment »

Guest Post: Navigating Microsoft SQL Server and Kubernetes in a Hybrid and Multi-Cloud Era

Posted in Commentary with tags on February 15, 2024 by itnerd

By Don Boxley, CEO and Co-Founder, DH2i

In a business world that’s increasingly leaning on hybrid and multi-cloud environments for agility and competitiveness, DH2i’s recent launch of DxOperator couldn’t be more timely. For those managing SQL Server within Kubernetes — especially when dealing with the intricacies of operating across various cloud platforms — it is a true game changer. 

DxOperator is the result of a close relationship with the Microsoft SQL Server team, which led to the creation of a tool that is ideally suited to automate SQL Server container deployment in Kubernetes. What makes it truly unique and a stand-out in this space is DxOperator’s ability to take complex setups and make them simple — which ensures that HA and operational efficiency are easily achievable, even across multi-cloud environments.

Of course, another reason that DxOperator is in a league of its own is how it turns your specific requirements into optimized actions. DxOperator handles everything from custom pod naming to node selection with such finesse that managing SQL Server containers becomes a breeze. It’s all about making sure that your deployments are not just efficient but also best practice compliant.

Microsoft’s Rob Horrocks praised DxOperator (see announcement) for its ease-of-use and effectiveness, noting its potential to simplify complex deployments for those who might not be Kubernetes experts. DxOperator’s user-friendly nature, together with its robustness is reshaping how businesses approach database management.

“Previously, deploying this type of setup could require up to 30 minutes and numerous pages of code. However, with the DxOperator feature, it’s been streamlined to a mere 3-5 minutes and a handful of code lines. This makes the transition to K8s significantly smoother for those experienced with SQL Server but new to K8s,” Horrocks explained.

OJ Ngo, DH2i’s CTO and Co-Founder, also shared that DxOperator was built with a focus on practical automation and efficient management of SQL Server availability groups. OJ and his team met their goal with flying colors! DxOperator is the industry’s most versatile tool — aligning with Kubernetes’ best practices while meeting the modern demands of IT infrastructures, particularly in hybrid and multi-cloud scenarios.

Tailored for Hybrid and Multi-Cloud Strategies

For organizations embracing hybrid and multi-cloud models, DxOperator is a significant boon. DxOperator streamlines the deployment of SQL Server across various settings, aligning seamlessly with the scalable and adaptable characteristics of hybrid cloud approaches. The result is that businesses have the flexibility to allocate their resources more wisely and keep spending under control. Moreover, digital security is enhanced with our cutting-edge DxEnterprise with secure tunneling technology, ensuring safe and private data exchange across any network. And, at the same time, it ensures everything runs smoothly, no matter where their data and applications are hosted in the cloud.

Highlights:

  • Efficient Deployment: DxOperator facilitates quick and intelligent setup of SQL Server instances, ideally suiting the complex requirements of hybrid and multi-cloud settings.
  • High Availability: The tool ensures that your SQL Server environments are always up and running, smoothly integrating into Always On Availability Groups for continuous operation across any cloud setting.
  • Simplified Management: With DxOperator, the complexity of managing SQL Server environments is significantly reduced, freeing up IT teams to focus on strategic initiatives.

For those interested in exploring DxOperator and how it can streamline your SQL Server deployments, especially within hybrid and multi-cloud frameworks, I encourage you to check out DH2i’s website. (Click here for comprehensive guides and details on how to get started with DxOperator.) 

1 Comment »

Cradlepoint Launches X10 5G Router

Posted in Commentary with tags on February 15, 2024 by itnerd

 Cradlepoint, the global leader in cloud-delivered LTE and 5G wireless network solutions, today announced the release of the X10 5G router, designed to equip service providers with an all-in-one fixed wireless access (FWA) service for small and medium-sized businesses, temporary sites, and remote workers. The X10 5G router delivers enterprise-grade connectivity and ease-of-management through NetCloud Manager while enabling service providers to craft tiered security and Quality of Service (QoS)-based plans. 

The X10 5G router is designed to provide fast and reliable 5G connectivity, enabling service providers to offer their business customers day-one connectivity using the cellular network or as a backup cellular connection, helping businesses connect quickly and securely to the internet and avoid network downtime. This enables service providers to offer business internet solutions that are quickly deployed, reliable, resilient, and more secure than other best-effort solutions on the market today.

With 5G expected to account for almost 80 per cent of FWA connections by 2028, businesses of all sizes will increasingly demand tailored solutions from service providers. The enterprise-grade yet cost-efficient X10 5G router represents Cradlepoint’s commitment to the growing FWA Business Internet solutions market and will enable service providers to meet growing demand for these solutions. Opportunities for service providers include:

  • Attract FWA customers across various markets: The cost-efficiency and flexibility of the X10 Router appeals to small and medium-sized businesses across a variety of industries and use cases.
  • Upsell security, Quality of Service, and managed services: The Cradlepoint X10 router will be available with the NetCloud Exchange advanced service architecture, which enables providers to construct and offer tiered service plans and further differentiate their FWA Business Internet offerings.
  • Enhanced operational efficiency and reduced operational costs: Cloud management through NetCloud enables service providers to more effectively and efficiently support their managed services at scale while robust APIs give them the flexibility to integrate X10 management into their existing management systems.

The Cradlepoint X10 router is available immediately. For more information, please visit here. Cradlepoint will debut the X10 at Mobile World Congress, Barcelona, February 26-29, 2024. Please visit Cradlepoint at Hall 2 Stand 2L20 or Ericsson at Hall 2 Stand 2060.

Leave a comment »

HP announces 2024 Digital Equity Accelerator in Canada to drive global digital inclusion

Posted in Commentary with tags on February 15, 2024 by itnerd

In an effort to bridge the global digital divide and foster inclusive opportunities, HP Inc. (NYSE: HPQ) and the HP Foundation invite submissions for the 2024 Digital Equity Accelerator. The program offers 10 selected nonprofit organizations a USD $100,000 grant, HP technology (~USD $100,000 value), and six months of virtual training to scale digital equity solutions focused on educational, healthcare, and economic opportunities. HP will accept applications until March 1, 2024, and organizations in Canada*, Brazil, and Poland are invited to apply.

A $1 trillion-plus digital divide is limiting billions from achieving equal access to educational, healthcare, and economic opportunities. Through the Digital Equity Accelerator, HP is helping to create a more equitable world through access to hardware, connectivity, digital literacy, and quality, relevant content. The Accelerator helps organizations strengthen capacity and scale impact for digital equity solutions, particularly among people who are traditionally excluded.

Since 2022, Accelerator alum have focused on helping to drive progress for women, advancing technology for people with disabilities and aging populations, and increasing digital equity in underrepresented or under-resourced communities including women and girls, people with disabilities and aging populations, historically disconnected groups, and educators and healthcare practitioners. Over the first two years, the Accelerator helped extend the reach of 17 participating organizations by 8.1 million people.

2024 Program Countries: Driving Digital Equity in Canada*, Brazil, and Poland 

HP has strategically selected countries to address specific digital equity gaps. These countries represent diverse challenges in digital equity, aligning with HP’s commitment to fostering inclusive access globally.

  • Canada*, despite high internet usage, has persistent inequalities among Indigenous and rural communities and other marginalized groups, with targeted efforts to bridge connectivity gaps.1
  • Brazil, despite increased home internet access, has a pronounced digital gap affecting vulnerable groups, including Indigenous and Afro-Brazilian populations and aging demographics.2
  • Poland faces lingering divides, especially in rural areas and among refugee populations.3

Global Digital Divide Limits Equal Access to Educational, Healthcare, and Economic Opportunities

The growing digital divide is reshaping the educational landscape, impacting learning experiences of young individuals and influencing the future workforce, as highlighted by Global Business Coalition for Education (2022):

  • Digital Inequity: In 2020, only (34%) of primary, (41%) of secondary, and (68%) of tertiary education students had access to an internet-connected computer at home.
  • Educational Shortfalls: Over half of young individuals are falling behind in acquiring essential skills for employment by 2030.
  • Looming Talent Deficit: Projections indicate a significant ‘human talent shortage’ exceeding 85 million people by the year 2030.

Communities that bridge the digital divide have greater access to healthcare and economic opportunities:

  • Enhanced Healthcare Reach: In 2021, (37%) of adults accessed telemedicine services, with usage correlated to education levels, family income, and urbanization, as reported by the CDC (2022).
  • Bridging Urban-Rural Gaps: Globally, (82%) of urban residents utilized the Internet in 2022, marking a 1.8-fold increase compared to rural areas. This ratio has steadily reduced from 2.3 to 1.8 over the past three years, showcasing a narrowing divide, according to ITU (2022).

HP’s Commitment to Digital Equity and Sustainable Impact

As nearly half of the world’s population remains offline, closing the digital divide through equitable access to technology, skills and content will transform lives and communities and create a more equitable world. Since the beginning of 2021, HP has been on a journey to accelerate digital equity for 150 million people by 2030. HP’s vision is to become the world’s most sustainable and just technology company, which is reflected in its focus areas of climate action, human rights and digital equity.

For more information on the Digital Equity Accelerator, please visit the website.

*Excluding The Province Of Quebec

Leave a comment »

Cyber Ad-versaries Using Analytics to Measure “Victims per Click” Says HP

Posted in Commentary with tags on February 15, 2024 by itnerd

HP Inc. today issued its quarterly HP Wolf Security Threat Insights Report, showing attackers are continuing to find innovative ways to influence users and infect endpoints. The HP Wolf Security threat research team uncovered several notable campaigns including:

  • DarkGate campaign uses Ad tools to sharpen attacks: Malicious PDF attachments, posing as OneDrive error messages, direct users to sponsored content hosted on a popular ad network. This leads to DarkGate malware. 
    • By using ad services, threat actors can analyze which lures generate clicks and infect the most users – helping them refine campaigns for maximum impact. 
    • Threat actors can use CAPTCHA tools to prevent sandboxes from scanning malware and stopping attacks by ensuring only humans click. 
    • DarkGate hands backdoor access to cybercriminals into networks, exposing victims to risks like data theft and ransomware.
  • A shift from macros to Office exploits: In Q4, at least 84% of attempted intrusions involving spreadsheets, and 73% involving Word documents, sought to exploit vulnerabilities in Office applications – continuing the trend away from macro-enabled Office attacks. But macro-enabled attacks still have their place, particularly for attacks leveraging cheap commodity malware like Agent Tesla and XWorm.
  • PDF malware is on the rise: 11% of malware analyzed in Q4 used PDFs to deliver malware, compared to just 4% in Q1 and Q2 2023. A notable example was a WikiLoader campaign using a fake parcel delivery PDF to trick users into installing Ursnif malware.
  • Discord and TextBin being used to host malicious files: Threat actors are using legitimate file and text sharing websites to host malicious files. These sites are often trusted by organizations, helping the sites to avoid anti-malware scanners, increasing attackers’ chances of remaining undetected. 

By isolating threats that have evaded detection tools on PCs – but still allowing malware to detonate safely – HP Wolf Security has specific insight into the latest techniques used by cybercriminals in the fast-changing cybercrime landscape. To date, HP Wolf Security customers have clicked on over 40 billion email attachments, web pages, and downloaded files with no reported breaches. 

The report details how cybercriminals continue to diversify attack methods to bypass security policies and detection tools. Other findings include:

  • Archives were the most popular malware delivery type for the seventh quarter running, used in 30% of malware analyzed by HP.
  • At least 14% of email threats identified by HP Sure Click bypassed one or more email gateway scanners.
  • The top threat vectors in Q3 were email (75%), downloads from browsers (13%) and other means like USB drives (12%).

HP Wolf Security runs risky tasks in isolated, hardware-enforced virtual machines running on the endpoint to protect users, without impacting their productivity. It also captures detailed traces of attempted infections. HP’s application isolation technology mitigates threats that can slip past other security tools and provides unique insights into intrusion techniques and threat actor behavior. 

About the data

This data was gathered from consenting HP Wolf Security customers from October-December 2023

Leave a comment »

Former Twitter Engineer Speaks Out After Being Fired By Elon Musk

Posted in Commentary with tags on February 15, 2024 by itnerd

Business Insider has the story of a Twitter engineer who was, according to him, fired by Elon Musk after being accused of leaking company information to the press:

Randall Lin was reportedly told that he had violated the employee handbook and was let go from Twitter in February 2023, several months into Elon Musk’s takeover.

Speaking to Zoë Schiffer in her newly released book, “Extremely Hardcore,” Lin said that someone lied about him leaking information to the press. Schiffer is a managing editor of the tech newsletter, Platformer.

And:

On 24 February 2023, Lin was called to meet with the corporate security team.

He says they claimed to have proof that he was the source behind two Platformer articles, written by Schiffer and a colleague — a report about the firing of an engineer who had been critical of Musk and a story about Musk’s tweets being boosted after the Super Bowl.

“I’ve never talked to Zoë [Schiffer] in my life,” he told the security team.

Schiffer corroborates this in the book, saying that she had never spoken to Lin at that point in time — and assumed that as he was so close to Musk’s inner circle, he wouldn’t talk to her.

But Lin’s laptop was taken and the following day he was fired.

As he left, Lin claims a colleague told him that James Musk, one of Elon Musk’s cousins, was telling people that Lin had admitted to leaking dozens of articles.

Fearing that he was going to be sued as well, he reached out to Schiffer for more information. She couldn’t tell him anything but passed on the names of two attorneys representing Twitter employees.

Troy Batterberry, CEO and Co-founder, EchoMark had this to say:

“People who leak or steal information harm the organization’s brand, employee morale, ongoing information flow, and customer trust. Collectively, this also damages leadership effectiveness. People who leak information are also typically sabotaging other aspects of the organization. To add insult to injury … organizations are literally paying these saboteurs to remain employed within their organization. Insiders leaking or stealing information is on the rise, too – growing nearly 50% annually.

“It’s important to be able to accurately identify the culprit and take action to stop the damage. At EchoMark, we have found that the use of stenography can help accurately identify the source of such leaks, and even prevent them from happening in the future.”

The problem is in this case that it doesn’t look like Elon Musk didn’t even try to get the facts right if you believe Mr. Lin’s account. Which is what we’ve come to expect from Elon as he’s not that detail oriented. Hopefully Mr. Lin sues the pants off of Elon to teach him some sort of lesson.

Leave a comment »

Prudential Financial Pwned In Cyberattack…. But It Could Have Been Worse

Posted in Commentary with tags on February 15, 2024 by itnerd

Prudential Financial has disclosed that its network was breached last week, with the attackers accessing/stealing employee and contractor data before being blocked from compromised systems one day later.

The company is the second-largest life insurance company in the U.S. and employs 40,000 people worldwide managing roughly $1.4 trillion in assets. Prudential had reported revenues of more than $50 billion in 2023.

In a 8-K form filed with the SEC this week, Prudential said a “threat actor… had accessed Company administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors.”

The breach is said to have occurred on February 4th and was detected one day later, on Feb 5th, whereupon the company immediately shut systems down and began remediation. The company reported the breach to law enforcement agencies and notified all relevant regulatory authorities of the event.

“… we believe that the threat actor, who we suspect to be a cybercrime group, accessed Company administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors,” Prudential said.

“As of the date of this Report, the incident has not had a material impact on the Company’s operations, and the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations,” the company said.

Craig Harber, Security Evangelist: Open Systems had this to say:

    “Prudential Financial disclosed its network was breached last week by cyber criminals. It did not provide any specific details of how the threat actor breached the system, nor did it give details on the extent of the compromised data beyond the fact it was contractor and employee user data, not non-employee customer data.

   “The threat actors accessed the company network from what they described as “information technology systems.” The company did not disclose whether this system was a Prudential-managed system or whether this system was third-party-managed. Prudential notified law enforcement agencies and regulatory authorities of the breach in accordance with the new Cyber Incident Reporting for Critical Infrastructure Act and other regulatory requirements, such as the SEC’s new rules on cybersecurity disclosure.

   “Based on all available reporting, incident response teams blocked the threat actor within the first 24 hours of breach detection. This type of response requires investment in preventing cyber-attacks and preparedness in case of an inevitable cyber event. 

   “Prevention includes everything from investing in backup and recovery systems to patching operating systems and applications to deploying robust, proactive cyber defense technologies to actively threat hunt within the network to fortify business operations from cyber threats and attacks. 

   “Preparation involves developing policies and a playbook for handling incidents and exercising these plans under simulated attack scenarios to ensure teams can assess, contain, and mitigate an active threat while maintaining business operations.

   “The key takeaway from this data breach is cybercrime is a complex and evolving challenge that impacts individuals, organizations, and societies globally. Vigilance, cybersecurity measures, including incident response preparedness, and international cooperation are crucial in combating this digital menace.’

Dave Ratner, CEO, HYAS follows with this comment:

   “While it’s a good thing that the breach and attack is not expected to affect company operations or financials, it still highlights the rampant onslaught of breaches that expose data, putting employees, contractors, and others at risk.  Without appropriate proactive intelligence and cyber resiliency strategies, these events will unfortunately continue.”

The good news is that the threat actors were detected quickly and it looks like Prudential regained control in short order. Swift detection is one of the tools in the toolbox that has to be present to make sure that threat actors cannot set up shop and start to move within a victim’s environment.

1 Comment »