Some of the biggest cybersecurity hacks from the past several months have clearly left their mark on the industry.
This week’s top stories include a healthy mix of both new headlines and updates to some of 2021’s biggest and most eventful breaches. Read about an update to the infamous SolarWinds hack, a Kansas man being tried for the water utility hack, the UK officially launching the Cyber Security Council, and much more.
If only there was an awesome blog post you could read every week that walks through five of the biggest stories in the industry in a condensed format … Oh wait, there is, and you’ve found it.
Let’s get to the news.
According to Cyberscoop, U.S. military and security officials are preparing to publish one of their more detailed analyses yet of the hacking tools used by suspected Russian spies in a campaign that the Biden administration labeled as “a national threat.”
This “malware analysis report” will come from the U.S. Cyber Command and the Department of Homeland Security and will highlight 18 pieces of malicious code allegedly used by said Russian adversaries. This code was used to exploit software from federal contractor SolarWinds and other vendors on their way to infiltrating nine U.S. government agencies and 100 total companies.
The report will shine the light on one of the most historic espionage campaigns that the United States has ever seen and that U.S. officials have (at times) been hesitant to detail publicly. It’s an analysis from U.S. government cybersecurity specialists of how alleged Russian operatives moved from network to network, and it builds on private sector reporting.
Cyber Command and DHS’s Cybersecurity and Infrastructure Security Agency said the goal of the release was “reduced exposure to malicious activity” for U.S. organizations.
While the report was scheduled to be released at 3 p.m. on Wednesday afternoon, CISA informed organizations that its public release would be delayed and no explanation was given.
For their latest scheme, a money-laundering fraud ring is targeting donation sites One scheme is aimed at taking advantage of the outpouring of charity caused by the COVID-19 pandemic. Threatpost brings us more.
The gang, dubbed as “Cart Crasher” by the security firm Sift, the fraud ring leverages guest checkout options on donation sites to steal money and launder stolen payment cards.
The scheme is very straightforward in nature. First, fraudsters set up recipient accounts on various donation sites. Then, they create and post fake causes for which to receive donations. From there, crooks use stolen credit cards, usernames, and emails to “donate” thousands of dollars to their own fabricated causes (via automated scripts). The donations are made in denominations of $5 or less. The cherry on top is using the option to check out as a guest to skip the need to create an account, a move that makes activity significantly harder to trace.
“Using stolen credit cards, fake accounts, and automated scripts to do the dirty work, this fraud ring repeatedly funneled small amounts of money to themselves by setting up fake causes on various giving sites in order to request donations,” according to Sift’s annual report on evolving fraud tactics, released Wednesday.
This story is just a drop in the bucket for what is an evolving way to commit fraud in today’s modern age. Sift claims that cyber criminals have matured their strategies using a deadly combination of advanced tech and new tactics. This combination is “causing the most concern” to experts in the field.
The UK Cyber Security Council — which is a self-regulatory organization responsible for boosting professional standards and career prospects for those in cybersecurity — has officially started work as an independent body, according to InfoSecurity Magazine.
The Formation Project to create the council has now been completed, meaning it has fully transitioned from the Cyber Security Alliance-led formation project. The council will now undertake its role in representing the cybersecurity profession, which involves driving both awareness and excellence across the industry. The ultimate goal of the project is to grow the UK’s cyber skills base.
This idea will be delivered across a wide range of mediums, including:
The UK Cyber Security Council was commissioned by the UK government in 2018 and announced last month that it would be ready to launch as an independent entity by the end of March 2021. Earlier this month, the council’s first four trustees were announced.
The first priorities are to appoint a permanent leadership team to work alongside the Board of Trustees as well as recruit personnel to build off of the work of the Formation Project in key areas like professional ethics and recognition for cybersecurity practitioners.
According to Cyberscoop, the administrator of a website that served as a gateway to dark web marketplaces for purchasing heroin, firearms, and hacking tools plead guilty to money laundering charges on Wednesday.
The Justice Department said that Tal Prihar administered DeepDotWeb, where he received $8.4 million in kickbacks from dark web marketplaces for providing prospective customers with direct links to nefarious sites. Said sites sold illegal goods but weren’t easily found via search engines. When law enforcement originally indicted Prihar and an alleged co-conspirator back in 2019, it was deemed “the single most significant law enforcement disruption of the darknet to date.”
It was French law enforcement who captured Prihar, an Israeli native who had lived in Brazil. Israeli law enforcement arrested the alleged co-owner of the site, Michael Phan, who handled day-to-day operations. U.S. authorities were the ones who seized the DeepDotWeb domain.
“For six years, DeepDotWeb was a gateway to facilitate the illegal purchase of items to include dangerous drugs, weapons, and malicious software,” said acting Special Agent in Charge Carlton Peeples of FBI’s Pittsburgh field office. “Prihar profited as a byproduct from other people’s dangerous transactions and today’s guilty plea sends a message to other cyber actors across the globe who think the dark web is a safe haven.”
In our last headline from the week, DARK Reading details the Kansas man responsible for hacking and tampering with the water utility system “with intention of harming” the rural water district.
A 22-year-old man has been indicted for breaking into a Kansas water utility’s computer systems and disabling the cleaning and disinfecting operations for the locality’s drinking water supply. Wyatt A. Travnichek allegedly hacked into the Ellsworth County Rural Water District No. 1’s computer system on March 27, 2019, according to the U.S. Department of Justice.
Travnichek was charged with one count of tampering with a public water system and one count of reckless damage in his unauthorized access to a protected computer. According to the DoJ, his attack was waged “with the intention of harming the Ellsworth Rural Water District No. 1, also known as Post Rock Rural Water District.”
By illegally tampering with a public drinking water system, the defendant threatened the safety and health of an entire community,” said Lance Ehrig, Special Agent in Charge of EPA’s Criminal Investigation Division in Kansas. “EPA and its law enforcement partners are committed to upholding the laws designed to protect our drinking water systems from harm or threat of harm. Today’s indictment sends a clear message that individuals who intentionally violate these laws will be vigorously prosecuted.”
The two charges combined carry a max sentence of 25 years in federal prison and up to $500,000 in fines.