January 24, 2022
David Redekop

This Week In Nerd News – January 24, 2022

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

Today our focus is on the Advanced Persistent Threats, shortened to APTs. Such labels are applied due to the sticky nature of them that can lurk inside networks undetected for a period of time, waiting for commands from the attacker. APTs are not generally found on smaller networks or individual devices because they often take the resources of a nation state to maintain and manage. However, that’s not to say the techniques used by APTs don’t translate to smaller attacks as well. This week, WhisperGate was analyzed as an APT that was targeting Ukraine government websites.

YouTube video

Researchers break down WhisperGate

wiper malware used in Ukraine website defacement. And, it turns out Hackers Were in Ukraine Systems Months Before Deploying Wiper.

The malware used to strike Ukrainian government websites has similarities to the NotPetya wiper but has more capabilities “designed to inflict additional damage,” researchers say.

Dubbed WhisperGate, the malware is a wiper that was used in cyberattacks against website domains owned by the country’s government. The spate of attacks led to the defacement of at least 70 websites and a further 10 subject to “unauthorized interference,” according to the Security Service of Ukraine, State Special Service and Cyber Police.

 

Read More: Researchers break down WhisperGate wiper malware used in Ukraine website defacement 

 

Red Cross Falls Victim to Massive Cyberattack.

In spite of wholehearted attempts to minimize the fallout.

The International Committee of the Red Cross was the victim of a massive cyberattack in which hackers seized the data of more than 515,000 extremely vulnerable people, some of whom had fled conflicts, it said on Wednesday.

 

Read More: Red Cross Falls Victim to Massive Cyberattack

 

Hackers disrupt payroll for thousands of employers — including hospitals.

Here we see once again how a supply chain attack, in this case the payroll company Kronos, can have a wide-ranging effect in our world today.

A month-old ransomware attack is still causing administrative chaos for millions of people, including 20,000 public transit workers in the New York City metro area, public service workers in Cleveland, employees of FedEx and Whole Foods, and medical workers across the country who were already dealing with an omicron surge that has filled hospitals and exacerbated worker shortages.

 

Read More: Hackers disrupt payroll for thousands of employers — including hospitals

 

International effort takes down VPN service, VPNLab, used for criminal activity.

VPN technology plays an important role in security and privacy. Whenever we a story like this, it’s a reminder that running your own VPN is ultimately the best approach you can take.

A virtual private network service used for malware distribution, ransomware operations and other cybercrime activities was taken offline Monday as law enforcement officials from nearly a dozen countries jointly seized its website and customer data.

 

Read More: International effort takes down VPN service, VPNLab, used for criminal activity

 

Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure.

Command and Control infrastructure is finding a way to hide in plain sight. For this reason, Zero Trust once again wins the day. There simply is no reason to have Google Drive and Dropbox accessible by systems that don’t require it.

An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East.

The cyber offensive is believed to have been underway since at least July 2021, according to cloud-based information security company Zscaler, continuing previous efforts by the hacking group to conduct reconnaissance on the target hosts and plunder sensitive information.

 

Read More: Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure

 

Did you know?

CalPoly is launching a Journal of Threat Intelligence and Incident Response that “seeks to bridge the gap between industry and academia by providing a forum to share peer reviewed, relevant, and academically rigorous research that will provide a much needed scholarly source to support future research into the areas of cyber threat intelligence and incident response.“

Need an IT professional? Request service today.