In brief The Black Basta crime gang has claimed it infected the American Dental Association with ransomware.
While the professional association confirmed to The Register it was the victim of a “cybersecurity incident” that occurred on or around April 21, it did not disclose the nature of the attack.
As of Friday last week, the organization “is currently executing an ongoing, active and vigorous investigation into the nature and scope of the technical difficulties in cooperation with federal authorities,” we’re told. “The ADA recognizes unsubstantiated reports are being circulated by organizations with no connection to this investigation.”
In an earlier email sent to a member and shared with The Register, the ADA said the attack disrupted some of its email, phone, and chat systems. We note that the ADA’s website suggests people contact a gmail.com address if they have any queries, indicating the extent of the cyber-assault.
The association also notified federal law enforcement and hired third-party security specialists “to investigate the impact on ADA systems and restore full system functionality,” the email said. “At this time, there is no indication any member information or other data has been compromised, however our investigation is still underway.”
The Malware Hunter Team tweeted that Black Basta, a new ransomware gang, was behind the attack, and showed a screenshot in which the crooks claimed to have leaked 30 percent of the data stolen in the attack.
The same group of miscreants also claimed responsibility for a blow against German wind turbine company Deutsche Windtechnik, which was hit by a cyberattack in April. That biz hasn’t said if that was a ransomware attack.
Because of the crime gang’s emergence, and its preference for double-extortion ransomware techniques, some security researchers have suggested this could be a rebrand of the Conti gang.
“The leak site feels much too similar to Conti’s,” the Malware Hunter Team tweeted. “The payment site is similar, too. How their support people talk is also basically same.”
But whether it is or isn’t the notorious crime gang under a new moniker, it’s a good reminder to remain on guard, said Neil Jones, director of cybersecurity evangelism at security and compliance firm Egnyte.
“The emergence of the Black Basta ransomware gang reminds us that new cyber-attack organizations can be spun up and disbanded quickly, so organizations of all sizes need to remain vigilant for potential attacks,” he told The Register.
US university hit with ransomware
Austin Peay State University canceled exams on Friday after ransomware hit the Tennessee school.
In a series of tweets on Wednesday, the university confirmed the outbreak. “We are under a Ransomeware (sic) attack,” according to one tweet. “If your computer is connected to the APSU network, please disconnect IMMEDIATELY.”
A subsequent warning screamed: “THIS IS NOT A TEST. SHUT DOWN ALL COMPUTERS NOW!”
Emsisoft threat analyst Brett Callow, noted that Austin Peay State University is the 12th US college or university to experience a ransomware attack so far this year. Data was stolen in at least 10 of those, he added.
This follows a banner year for miscreants in 2021 who attacked a total of 26 colleges and universities with ransomware.
CISA! taps! former! Yahoo! exec!
Former Yahoo! and Twitter cybersecurity chief Bob Lord will join CISA as a senior technical advisor in the US agency’s cybersecurity division.
Lord also was the Democratic National Committee’s first chief security officer. He joined the DNC in 2018 where he worked to clean up campaign security after the 2016 mess during which Russian state-sponsored cybercriminals infiltrated the DNC and Hillary Clinton’s presidential campaign.
Previously, he served as Yahoo!‘s chief information security office and CISO-in-Residence at security analytics firm Rapid 7. Before that he led Twitter’s information security program as its first security hire.
“Bob’s decades of experience and unparalleled expertise will be a great asset as we further strengthen our community partnerships, expand the Joint Cyber Defense Collaborative, and continue our work as the nation’s cyber defense agency to make us more resilient,” CISA Director Jen Easterly said in a statement.
Does that email look fishy to you?
Phishing is still working swimmingly for cybercriminals looking to break into an organization, according to IBM Security’s latest research.
The IT giant’s experts, in their 2022 X-Force Threat Intelligence Index, found phishing was the most common entry point for crooks. And then, once they’re in, they usually launch a bigger attack, such as ransomware.
The index study found that phishing was used in 41 percent of attacks that Big Blue’s security team remediated in 2021, which represented a 33 percent increase from the year prior.
IBM’s X-Force team also found that the manufacturing industry was the most targeted sector for cyberattacks in 2021 in its experience. This is the first time in five years that manufacturing outpaced finance and insurance, according to the report.
“Manufacturers have a low tolerance for downtime, and ransomware actors are capitalizing on operational stressors exacerbated by the pandemic,” it said.
For the report, IBM security researchers analyzed “billions” of datapoints including network and endpoint detection devices, incident response engagements, and domain name tracking collected from January to December 2021.
Looking ahead to 2022, the X-Force team expects to see more miscreants turn to voice phishing, or vishing, as these are even more successful than just email alone.
While the click rate, on average, for a targeted phishing campaign was 17.8 percent, according to the report, a phishing campaign that added a voice call was three times more effective. These vishing attacks ended up “netting a click from 53.2 percent of victims.”
CrowdStrike takes a CNAPP
CrowdStrike combined its cloud security posture management and cloud workload protection modules via an activity dashboard, so now it can boast it has a CNAPP.
CNAPP, which stands for cloud native application protection platform, is basically what we used to just call cloud security. But the industry and its analysts love a new buzzword, and CNAPP is the latest favorite.
The new, centralized console will help customers prioritize top security issues, address runtime threats, and make cloud threat hunting easier, the security vendor claims.
It also added net-new capabilities in the update, and these include an automated remediation workflow for Amazon Web Services, an identity access analyzer for Microsoft Azure (in addition to the existing capability for AWS), and custom indicators of misconfigurations for Google Cloud. This tool, which helps security teams identify cloud misconfigs, already supports AWS and Azure.
Container capabilities have also been updated; it can now maintain an up-to-date inventory as containers are deployed and decommissioned. Plus, it scans for rogue images to help identify and stop containers launched as privileged or writable, which can be used as entry points for attacks.
Finally, it can discover new binaries that are created or modified at runtime to better protect the immutability of the container, or so the promises go. ®