The University of Pisa in Italy is currently being held to ransom for $4.5 million, according to cybersecurity360 (Translation here). The BlackCat ransomware group has claimed responsibility for the cyberattack, issuing a ransom note stating that the University has until June 16th to pay the ransom. Though I will note that the report indicates that some of the data is already online. Which of course is bad.
Chris Olson who is the CEO of The Media Trust, had this comment:
“The University of Pisa attack follows a trend of ransomware actors targeting universities and schools, possibly because they assume these institutions are well-funded and eager to resume operations. Unfortunately, BlackCat is a sophisticated ransomware strain that is capable of targeting organizations through multiple entry points – it also uses a modern programming language (Rust) to evade detection, making it hard for cyber defenders to fight back.”
“Together with the attack on Palermo, this incident is a reminder that cyber actors are shifting to more valuable targets and using advanced methods to infiltrate them. As cyber threats encroach on critical infrastructure and vulnerable institutions, it’s more important than ever for today’s businesses to understand how ransomware actors compromise their systems, from reconnaissance to execution. This includes digital attack surfaces like Web and mobile devices, where many ransomware incidents begin.”
The Palermo attack that Chris is referring to is on the Italian municipality of Palermo where the ransomware group Vice Society has claimed responsibility for that attack. Thus it makes understanding and addressing weak points in your IT security along with having prevention methods in place along with training of staff the best defence in terms of getting pwned.
Google Says Italian Spyware Vendor Worked With ISPs To Infect iOS And Android Users With Spyware…. WTF??
Posted in Commentary with tags Italy, Security on June 25, 2022 by itnerdI truly hope that someone within the European Union is aware of this, because this is just a mind blowing story. Google’s Threat Analysis Group (TAG) revealed that RCS Labs which an Italian spyware vendor similar to notorious Israeli spyware vendor The NSO Group , has received help from some Internet service providers (ISPs) to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools:
All campaigns TAG observed originated with a unique link sent to the target. Once clicked, the page attempted to get the user to download and install a malicious application on either Android or iOS. In some cases, we believe the actors worked with the target’s ISP to disable the target’s mobile data connectivity. Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity. We believe this is the reason why most of the applications masqueraded as mobile carrier applications. When ISP involvement is not possible, applications are masqueraded as messaging applications.
Google has notified Android victims that their devices were hacked and infected with spyware, dubbed Hermit by security researchers at Lookout in a detailed analysis of this implant published last week.
According to Lookout, Hermit is “modular surveillanceware” that “can record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages.”
Google has also disabled the Firebase projects used by the threat actors to set up a command-and-control infrastructure for this campaign.
What’s even more scary is this: While a lot of attention has been placed on the activities of The NSO Group, spyware as a business is clearly thriving. This needs to change and these companies need to face some sort of consequences for their actions as this can’t be seen as acceptable in a civilized world. And the ISPs who helped this company carry this attack out needs to face some sort of punishment as well as that is also not acceptable in a civilized world.
Leave a comment »