Cyber Humanity

NPM packages are getting hacked – so naturally we get Kev on the case to explain the whole thing. If you didn’t know, NPM is the official package manager for Node libraries, a JavaScript language. We’ve seen a big uptake in recent weeks, and some of those NPM packages have been compromised by hackers. They’re clearly targeting developers – and with a collective 28 million downloads every week, this is pretty big, wide-spread stuff.

Next up, the raft of ransomware stories from this week: from the UK’s Labour Party to a…“cyber heist”? 

We’ve also noticed a bit of a theme emerging with an increase in government and law enforcement involvement in disrupting ransomware and other cyber criminal enterprises. BlackMatter is our example here. 

***

https://www.dailymail.co.uk/news/article-10148265/Massive-cyber-heist-rocks-high-society-jeweller-Graff.html

https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-claims-to-be-shutting-down-due-to-police-pressure/

https://thehackernews.com/2021/10/popular-npm-package-hijacked-to-publish.html

A plethora of articles have been lighting up our newsfeeds and letting us know that there are new threats on the block: killware, RansomCloud, and extortion. 

Killware: the next thing we need to worry about. Apparently this is defined as anything that has an outcome resulting in death…Seems quite broad really, and ranges from hackers targeting a water treatment plant and poisoning the water flow to a ransomware attack that takes a hospital offline, forcing patients to be rerouted. It’s less about the technique and more about the outcome. 

RansomCloud: Kev gets into a good ranty flow on this one. Kevin Mitnick coined the term “RansomCloud” in a video a few years ago – and honestly, Kev (*our* Kev) does the best job of explaining the “threat”, so we won’t try to explain it here. Just listen to the episode. 

Extortion: the one comes off the back of the Twitch takedown, which highlighted the idea that it is as beneficial to a cyber criminal to access a trove of useful sensitive personal data and look to extort a company for that as it is to go through the effort of ransomware. Double extortion – which you can read about here – is already a thing, so this technique is almost a step back. Or is it? 

So what does the team think? Are these threats, risks, or just a bit of good old-fashioned FUD? Is Ransomware a thing of the past – or is it still the big bad wolf of cyber? 

***

https://securityboulevard.com/2021/10/killware-hype-is-bigger-than-the-threat-for-now/

https://techcrunch.com/2021/10/14/twitch-takedown-is-extortion-the-new-ransomware/

https://research.nccgroup.com/2021/10/11/snapmc-skips-ransomware-steals-data/

https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/

First story is about someone who was “relieved” of their Bitcoin by some kids wielding malware back in 2018, when it was worth an awful lot less than it is now. There are some techie bits to this, as well as a few ethical and legal issues with the way the perps are being sued, so it’s a cracking story to get stuck into. 

What do NFTs – non fungible tokens – and Banksy have in common? It’s pretty confusing as far as stories go, but our resident clearer-upperer, Kev, is on hand to help, leaving us to wonder if this is just Banksy himself having a bit of fun. 

Sticking to the currency theme, we get knee deep in China’s digital Yuan in our next segment, and finally wrap up with a beautiful bit of OSINT from the Twitter Infosec community. 

***

https://www.bbc.co.uk/news/technology-58399338 

https://www.reuters.com/world/china/china-rolls-out-new-rules-minors-online-gaming-xinhua-2021-08-30/

https://twitter.com/brechtcastel/status/1432642649312333829?s=20

It's a tasty ransomware week this week! Conti face their own internal threat in the shape of a disgruntled affiliate and LockBit has its claws in Accenture.

Apple have been fiddling with their privacy settings again which is sending privacy advocates into a frenzy, and Kev tries very hard not to get ranty...

***

https://www.bleepingcomputer.com/news/security/accenture-confirms-hack-after-lockbit-ransomware-data-leak-threats/

https://bgr.com/tech/apple-just-announced-a-major-change-that-has-privacy-advocates-totally-freaked-out/

https://threatpost.com/affiliate-leaks-conti-ransomware-playbook/168442/

As you probably guessed from the title of this episode, this week is all about spyware and the Pegasus project. 

This all kicked off when a consortium of 16 media outlets reported the alleged widespread and continuing abuse of NSO’s hacking spyware called Pegasus. The company insists that it is only used against criminals and terrorists – but is it? There’s a lot of depth to this story, and we cover it all. 

***

https://www.theguardian.com/news/series/pegasus-project

https://theconversation.com/how-does-the-pegasus-spyware-work-and-is-my-phone-at-risk-164781

https://www.vice.com/en/article/n7b4gg/anom-phone-arcaneos-fbi-backdoor

Kaseya, Kaseya, Kaseya... How could we release an episode this week WITHOUT talking about the calamity at Kaseya?

If you hadn't heard, the ransomware gang REvil has leveraged a vulnerability in Kaseya's VSA software against multiple MSPs and their clients. Oh dear. So what is it? Bog standard ransomware? Supply chain compromise? Zero-day exploit? It's all a bit murky, so Kev gets his 'Cyberattacks for Dummies' hat on.

Also featured is the news that audio-editing software Audacity has been accused of being 'possible spyware'.

***

https://www.youtube.com/watch?v=XfAyutRfy2A

https://www.bbc.co.uk/news/technology-57721967

https://www.proofpoint.com/us/blog/threat-insight/bazaflix-bazaloader-fakes-movie-streaming-service

There’s a lot to cover in this week’s episode, so brace yourself because we’ve got newsflashes and stone-cold facts flying your way. 

First up, despite what Chris thinks, people do still use printers. Now, researchers in China have found (and accidentally disclosed) a critical Windows zero-day affecting Print Spooler. Cue much printer hate, as well as some actually useful insights into what has occurred. 

Next on the agenda, we take a look at the HSE Ireland ransomware attack, with a special focus on what the heck has been going on with Virus Total. Also coming up is the somewhat intriguing “fact” that the USA is the most cyber-secure nation in the world. 

And it wouldn’t be an episode of Cyber Humanity without a juicy ‘hackers could’ feature starting with a NEWSFLASH! Homes filled with smart devices could be exposed to hundreds of hacking attempts a WEEK. To which we say: no sh*t, Sherlock.

***

https://www.infosecurity-magazine.com/news/printnightmare-zero-day/

https://www.theregister.com/2021/06/30/america_global_cyber_security_index_2020

https://www.bleepingcomputer.com/news/security/microsoft-finds-netgear-router-bugs-enabling-corporate-breaches/

https://www.bleepingcomputer.com/news/security/virustotal-ordered-to-reveal-private-info-of-stolen-hse-data-downloaders/

EA have been hacked to the tune of 780GB of their source code which has now found itself for sale on various dark web forums. While they confirmed that they’d suffered a data breach, they’d offered no insight into how it happened. Until now…

Moving from EA to AI, research shows that AI can now convincingly mimic cybersecurity and medical experts, which, naturally, sparks some lively debate. 

We also get into a discussion about disclosure, following Kev’s discovery of a number of vulnerabilities in NetGear’s routers. NDAs are flying everywhere and if you stay very still and quiet, you can even hear the sound of someone in legal crying.

And, of course, we have a cracking ‘Hackers Could’ section this week! 

***

https://www.wired.com/story/ea-hack-fifa-frostbite-source-code/

https://www.cbsnews.com/news/peloton-bike-treadmill-security-vulnerability-hackers/

https://www.bbc.co.uk/news/technology-57345632

From fake antivirus to scareware, ransomware has been around and evolving for…a while. But only now has it really hit the mainstream headlines, with attacks on critical infrastructure and "mega breaches" apparently becoming a weekly occurrence. And we’re now in the age of ‘Ransomware as a Service’, with affiliates and gangs becoming more prolific than ever.

So how did we get here? Where is ransomware heading next?

In this episode, our crack team of cyber experts digs deep into the ever-shifting world of ransomware.

The topic of the day is cryptocurrency – and whether banning it could help fight ransomware.

We know that criminal gangs (OCGs for all those Line of Duty fans out there) are big fans of crypto for their nefarious deeds, so the issue goes much further than ransomware. Even so, a ban on crypto wouldn't stop ransomware – it would just be a bump in the road for the operators. After all, ransomware has been around since long before crypto came on the scene. Maybe gift cards would make a comeback!

The team also delves into Nobelium, the group behind the SUNBURST attacks in Solarwind. Kev gets his tech head on to give us the full low down on this sophisticated threat actor.

***

https://newrepublic.com/article/162589/ban-bitcoin-cryptocurrencies-stop-hacker-ransomware

https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/