The IT Nerd

BlackBerry’s Threat Research and Intelligence team have details on a ransomware gang called Cuba that is using a number of new and old tools to go after US and Latin American targets:

Cuba ransomware is currently into the fourth year of its operation and shows no sign of slowing down. In the first half of 2023 alone, the operators behind Cuba ransomware were the perpetrators of several high-profile attacks across disparate industries.

The BlackBerry Threat Research and Intelligence team investigated a campaign by this threat group conducted in June that culminated in attacks on an organization within the critical infrastructure sector in the United States, and also on an IT integrator in Latin America. The Cuba threat group, believed to be of Russian origin, deployed a set of malicious tools that overlapped with previous campaigns associated with this attacker, as well as introducing new ones — including the first observed use of an exploit for the Veeam vulnerability CVE-2023-27532.Note that prior to the publication of this report, BlackBerry shared this information privately with the relevant authorities, to support security and resilience across organizations worldwide.

And who are they? BlackBerry can help you with that:

Cuba ransomware, also known as COLDDRAW ransomware, first appeared on the threat landscape in 2019 and has built up a relatively small but carefully selected list of victims in the years since. It is also known as Fidel ransomware, due to a characteristic marker placed at the beginning of all encrypted files. This file marker is used as an indicator to both the ransomware and its decoder that the file has been encrypted.

Despite its name and the Cuban nationalistic styling on its leak site, it unlikely has any connection or affiliation with the Republic of Cuba. It has previously been linked to a Russian-speaking threat actor by researchers at Profero due to some linguistic mistranslation details they uncovered, as well as the discovery of a 404 webpage containing Russian text on the threat actor’s own leak site.Based on the strings analysis of the code used in this campaign, we also found indications that the developer behind Cuba ransomware is Russian-speaking. That theory is further strengthened by the fact the ransomware automatically terminates its own execution on hosts that are set to the Russian language, or on those that have the Russian keyboard layout present.

Lovely. Another group of Russian threat actors to worry about. The BlackBerry report has a lot of detail about this group and how to not become one of their victims. It’s very much worth reading and implementing their recommendations.

Cyber-attacks against government and public sector services rose 40% last quarter, according to BlackBerry Cybersecurity’s 2nd Quarterly Threat Intelligence Report published this week. The report claimed they stopped 1.5 million attacks from March to May of this year, 55,000 of which targeted government and public sectors.

Highlights:

90 days –Blocked over 1.5 million attacks

• Approximately 11.5 attacks /minute.
• Roughly 1.7 novel malware samples /minute
• A 13% increase from the previous reporting period

Most targeted industries – Healthcare, Financial and Government services with information-stealing malware, or infostealers

Remote access increases cyber risk 

• Rise of mobile banking malware targeting digital and mobile banking
• Growing availability of commodity malware
• Increase in Ransomware attacks

Researchers confirmed that the five most frequently used tactics were in the categories of discovery and defense evasion “demonstrating that attackers are diversifying their tooling in an attempt to bypass defensive controls, especially those legacy solutions based on signatures and hashes,” reads the report.Attacks during this period were predominantly focused on North America by groups such as LockBit, BlackByte and of course Clops MOVEit supply chain attacks.

George McGregor, VP, Approov had this to say:  

“This is another report which shows the increasing sophistication and frequency of cyberattacks.   “Although the geographic data in the report may reflect more the deployment of the Blackberry solutions, the conclusions that healthcare, financial services and government services are a primary focus for attackers does resonate with our own research as does the growth of discovery techniques. Specifically, we are increasingly seeing bad actors harvesting useful information from mobile apps for use in subsequent attacks.”

Governments are prime targets for threat actors. Hopefully that sector is doing everything possible to protect themselves from threats that are clearly out there.

Blackberry is the latest company to pull out of Russia. This was posted to their LinkedIn a short time ago:

This is sort of what Apple did yesterday. Plus a bit of what TELUS is doing tossed in for good measure. Though they haven’t put a dollar value to their humanitarian efforts. This sort of thing is only going to snowball over the coming days. And I’ll be watching.

If you follow me on Twitter, you might have seen one of these posts over the last few months:

Well, today is January 4th 2022, which marks the day that classic BlackBerry products die. Or put another way, classic BlackBerry products running versions of BlackBerry OS will no longer work for calls, text messages, data, and emergency functionality. Which means that they are basically bricks at this point.

Now personally, I don’t know anyone who still have these devices. Thus this should be a non-event. Except perhaps for Ontario Premier Doug Ford who apparently keeps a stack of them around because he doesn’t want to switch to a new device. Now he has no choice but to get with the times and use a device that is current and that actually works. Though the Province of Ontario is about to go into another lockdown to stop the massive wave of the Omicron variant of COVID, so he might have other things on his mind rather than considering whether he joins Team Android or Team iOS.

If you need more info about the EOL of classic BlackBerry products by BlackBerry, this link will give you all the info that you need.

A flaw in software made by BlackBerry has left two hundred million cars, along with critical hospital and factory equipment, vulnerable to hackers — and the company opted to keep it secret for months. Politico has the details:

A flaw in software made by BlackBerry has left two hundred million cars, along with critical hospital and factory equipment, vulnerable to hackers — and the company opted to keep it secret for months.

On Tuesday, BlackBerry announced that old but still widely used versions of one of its flagship products, an operating system called QNX, contain a vulnerability that could let hackers cripple devices that use it. But other companies affected by the same flaw, dubbed BadAlloc, went public with that news in May.

Two people familiar with discussions between BlackBerry and federal cybersecurity officials, including one government employee, say the company initially denied that BadAlloc impacted its products at all and later resisted making a public announcement, even though it couldn’t identify all of the customers using the software.

This isn’t a good look for Blackberry. A company that makes security software shouldn’t be acting like this. But don’t take my word for it. I got a second opinion from Jennifer Tisdale, Principal, Cyber-Physical Systems Security, www.grimm-co.com:

The pure variety of products and customers in which Blackberry provides QNX, ranges from automotive to industrial control systems to many others. The article outlines that Blackberry opted to personally disclose the vulnerability to customers while admitting they were not able to identify all companies impacted, nor notify them all promptly. Assuming these details are completely factual, Blackberry’s approach to identifying, mitigating and addressing cybersecurity vulnerabilities within QNX is borderline negligent. Providing both a public and private disclosure allows all of their customers the opportunity to self-identify and, hence, address any associated cyber risk in a manner suitable for their risk tolerance. Failure to publicly disclose creates the potential for security issues to linger longer than necessary. 

Blackberry has committed to doing better. But I would say that they are only saying this because this is now public. I would suggest that Blackberry needs to commit and demonstrate much better transparency. Otherwise, it will be very hard for Blackberry to be taken seriously as a security vendor.

BlackBerry has announced this morning that a number of their legacy OSes will be going end of life. You have until January 4, 2022 to switch to Team iOS or Team Android if you’re affected by this. Which is a backhanded way of saying that you should start shopping for a new device now. This was announced via Twitter:

And the Tweet was linked to this FAQ. But if you don’t want to read that, here’s what you need to know. BlackBerry is going decommission the legacy services for:

• BlackBerry 7.1 OS and earlier
• BlackBerry 10 software
• BlackBerry PlayBook OS 2.1 and earlier versions

The only exception to this end of life announcement is that those with a BlackBerry Android device are not affected by this.

Now personally, I don’t know many people who still have these devices so this should be a non-event for most. Except for Ontario Premier Doug Ford who apparently keeps a stack of them around because he doesn’t want to switch to a new device. Now he has no choice but to get with the times and join the cool kids in using a device that is up to date.

RIP BlackBerry OS and BlackBerry 10, it was nice knowing you.

I am old enough to remember that the way to communicate with someone long before Facebook Messenger, WhatsApp, or anything else was using BlackBerry Messenger or BBM for short. It was a fast and secure way to communicate with someone. And long before iMessage was a thing, you could see if someone read your message and you could tell if they were typing a reply. It was cutting edge back in the day.

But we’re in 2019 and there are other ways to communicate. Some of which have copied BBM’s groundbreaking features. But even to this day I still have a BBM client on my iPhone even though the last time I touched it was over a year ago. I guess I could never give it up. But now I will have to because of this announcement from BlackBerry:

https://twitter.com/BBM/status/1118854212362940416

It appears from reading this, that BlackBerry is re positioning BBM as a corporate communication tool. That makes sense given where the company is at right now. But it is a bit of a shame to see BBM go.

RIP BBM.

BlackBerry is suing Facebook, Instagram, and WhatsApp for infringing on their messaging patents. Seriously, this is really happening. Here’s the details from Reuters:

Litigation over patent infringement is part of BlackBerry Chief Executive John Chen’s strategy for making money for the company, which has lost market share in the smartphone market it once dominated.

“Defendants created mobile messaging applications that co-opt BlackBerry’s innovations, using a number of the innovative security, user interface, and functionality enhancing features,” Canada-based BlackBerry said in a filing with a Los Angeles federal court.

“Protecting shareholder assets and intellectual property is the job of every CEO,” BlackBerry spokeswoman Sarah McKinney said in an email. However, she noted that litigation was “not central to BlackBerry’s strategy.”

The lawsuit followed years of negotiation and BlackBerry has an obligation to shareholders to pursue appropriate legal remedies, she added.

Hmmm… The words “patent” and “troll” seem to spring to mind upon reading this as given the fact that over the last few years the company has sued a bunch of companies over patent infringement, that this seems to be a great way to make money for BlackBerry despite what they say. Facebook is going to fight the lawsuit and I expect this to drag on for years with the only winners being the lawyers as I am not sure that anyone else will “win” in this situation.