London transit insists 30,000 employees come in person to change their passwords: Cyber Security Today for Wednesday, September 18, 2024

Share post:

New Ransomware Group Repellent Scorpius Emerges, London Transport Authority (TfL)  Mandates In-Person Password Resets After Cyberattac,  Chinese National Charged in Major Multi-Year Spear-Phishing Campaign,  C++ Community Hits Back Against Critics and Cyber Crooks Aren’t Only Stealing Data, Some Are a Real Threat to the Safety and Well Being of our kids. 


Palo Alto has issues a report on a new ransomware-as-a-service group called Repellent Scorpius has emerged, distributing the Cicada3301 ransomware. First detected in May 2024, the group is rapidly expanding its operations through an affiliate program.

Repellent Scorpius employs a double extortion scheme, encrypting systems and threatening to publish stolen data.

Initial access is often gained through stolen credentials, likely purchased from initial access brokers.

The group uses legitimate tools like PsExec and Rclone for lateral movement and data exfiltration making them more difficult to detect. 

And he Cicada3301 ransomware is a 64-bit binary written in Rust, using the ChaCha20 stream cipher for encryption indicating a high level of technical sophistication.

The group targets a wide range of sectors but avoids Commonwealth of Independent States countries – Russia and its allies. 

Outside of the standard warnings to improve credential management having a strong backup strategy,  IT teams might want to look for unauthorized use of legitimate tools like PsExec and Rclon

This group is relatively new and still growing. As Repellent Scorpius expands its affiliate program, Unit 42 is warning of an increase in Cicada3301 ransomware activity and victims.

Sources include: Unit 42 Incident Response team, Palo Alto Networks  Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware (paloaltonetworks.com)

***

Transport for London (TfL) is requiring all 30,000 employees to reset their passwords in person following a recent cybersecurity incident. This unprecedented move highlights the severity of the breach and the importance of identity verification in its aftermath

TfL disclosed the breach on September 2. Later updates revealed that customer and employee directory data, including email addresses and job titles, were accessed. The attack disrupted internal systems and online services, affecting customer refunds and responses.

A 17-year-old suspect has been arrested by the UK’s National Crime Agency in connection with the attack.

While the onsite validation of 30,000 employees may seem extreme, it mirrors similar actions taken by other organizations, such as DICK’S Sporting Goods, following cyberattacks, potentially signaling a new best practice in breach response.

Sources include: BleepingComputer, Transport for London

https://www.bleepingcomputer.com/news/security/tfl-requires-in-person-password-resets-for-30-000-employees-after-hack/

***

The U.S. Department of Justice has charged a Chinese national, Song Wu, for conducting a multi-year spear-phishing campaign targeting NASA, U.S. military branches, and the Federal Aviation Administration (FAA).

Wu, a 39-year-old engineer at Aviation Industry Corporation of China (AVIC), allegedly impersonated U.S.-based researchers to obtain sensitive aerospace software.

Wu’s Targets included NASA, the U.S. Air Force, Navy, Army, FAA, major research universities, and aerospace companies.

The campaign aimed to acquire specialized software and even source code used in aerospace engineering and computational fluid dynamics, potentially applicable to advanced tactical missiles and weapons design.

After finally being caught, Wu faces 14 counts of wire fraud and 14 counts of aggravated identity theft, with potential sentences of up to 20 years per wire fraud charge.

What’s amazing about this is the way these nation states are playing the long game, taking years to build trust and gain access to systems that should be highly protected. 

Organizations should not only review and strengthen their defenses, but reinforce this long term approach in their training and controls against highly sophisticated spear-phishing attacks, especially those handling sensitive or classified information.

Sources include: U.S. Department of Justice, Security Affairs

https://securityaffairs.com/168514/cyber-crime/chinese-man-spear-phishing-nasa-us-government.html

The C++ community is hitting back at critics with a new Safe C++ Extensions proposal, which they claim is a significant step towards addressing memory safety issues that have long plagued the language. This move comes in response to growing pressure from the NSA, CISA, and the White House as well as many in the private sector for increased memory safety in software.

That has led a movement towards more memory-safe languages like Rust and some vigorous debates, not all of which are technical. These conflicts resulted in the resignation of the head of the group attempting to implement Rust in the Linux kernel.

Proponents of C++ say their new proposal will add memory safety features to C++, addressing vulnerabilities like buffer overflows and use-after-free errors.

They argue this approach allows for incremental adoption of safety features in existing C++ codebases, potentially reducing the need for complete rewrites in other languages.

While promising, the effectiveness of these extensions in real-world scenarios remains to be seen.

It will be interesting to see if this new movement can reverse the move towards Rust which Google has claimed is not only safer, but also makes developers more productive. 

Sources include: The Register

https://www.theregister.com/2024/09/16/safe_c_plusplus/?td=rt-3a

We normally focus on the impact of cyber crime on corporations, but there is an alarming trend as as

Parents as well as cybersecurity professionals, there are urgent warnings about severe online dangers targeting children and teens. 

Krebs on Security reported on recent investigations, echoed by Canada’s RCMP which have uncovered organized groups using highly manipulative and harmful tactics on popular platforms

Predatory groups are recruiting on mainstream platforms like Discord, Minecraft, Roblox, Steam, Telegram, and Twitch.

These groups, such as “764”, use extortion, doxing, swatting, and harassment to victimize children.

Some are coercing minors into self-harm, even to the point of  including carving abusers’ aliases into their skin.  Victims have been manipulated into harming themselves, family members, and pets. In extreme cases, this has led to suicide attempts.

These victims are used in cyber-attacks but also used to produce content both political and sexual for their exploiters. 

– Implement strict monitoring and controls on children’s online activities

– Educate children about these specific dangers and manipulation tactics

– Report suspicious activities to platform moderators and law enforcement immediately

– Advocate for stronger safety measures and age verification on all youth-oriented platforms

Sources include: Wired, Der Spiegel, Recorder, The Washington Post, Royal Canadian Mounted Police, KrebsOnSecurity

That’s our show for today. 

Show notes are at technewsday.ca or .com 

I’m your host Jim Love. Thanks for listening.

SUBSCRIBE NOW

Related articles

WordPress Co-Founder Warns Lawsuits Could End WordPress.org: Hashtag Trending for Wednesday, January 15, 2025

WordPress Co-Founder Warns Lawsuits Could Mean The End Of  WordPress.org. Tech Leaders Launch $30M Campaign to Protect Bluesky...

YouTubers Targeted With Malware Links: Cyber Security Today for Wednesday, January 15, 2025

YouTubers targeted with malware links, fitness apps leaking military secrets, a UK ransomware payment ban proposal, AWS encryption...

90 Percent Of Free VPNs Have Security Issues: Cyber Security Today for Friday, January 10, 2025

90 Percent Of Free VPNs Have Security Issues,  Packers Fans are Victims of a Digital Interception That Captures...

TikTok Ban Goes Down to the Wire: Hashtag Trending for Friday, January 10, 2024

TikTok Ban Goes Down to the Wire, Is Jensen Huang wrong about Quantum Computing? and Linux Foundation Pushes...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways