Tag: Lead | Page 2

Tag Archive for: Lead

Domino Backdoor is Lead by FIN7 and Conti Actors – Blogs

April 15, 2023/in Computer Security

A new Domino Backdoor popped out at the beginning of 2023. Since February, a new malware family coined Domino is used for attack on corporations, having Project Nemesis stealer as a final payload. Analysts say that the new backdoor is controlled and developed by ex-TrickBot/Conti actors and hackers related to the FIN7 group.

Who are Conti and FIN7?

First of all, let’s explain why the presence of actors from FIN7 and the ceased Conti gang is so noteworthy. FIN7 is a cybercrime gang that likely operates from Russia and Ukraine. It is also known under the names of Carbanak (after the backdoor they use), ITG14 and ALPHV/BlackCat. They are most notorious for collaborations with widely-known threat actors, like Ruyk and REvil ransomware, and the release of their own ransomware, called ALPHV. It is still running, and had a couple of noteworthy attacks the past year.

ALPHV onionsite. Gang uses it to publish data leaked from victims that refused to pay the ransom

Conti is a similar and different story simultaneously. They have built their image around an eponymous ransomware sample. Same as FIN7, this group of cybercriminals consists of actors from ex-USSR countries. However, the start of the war in February 2022 led to a quarrel among the group’s top-management and further publication of its source code. That, eventually, led to the group’s dissolution. Previous to these events, Conti was a prolific ransomware gang with a major share on the market.

Their collaboration is an expected thing. Nature abhors a vacuum, so after the gang breakup its members promptly joined other groups, or started new ones. However, the collaboration with other gangs on the creation of brand-new malware is a pretty outstanding case. That may be a great start of a new character on the scene, a new threat actor, or just a powerful boost to the FIN7 gang.

Domino Backdoor Description

Domino is a classic example of a modern backdoor that is capable of malware delivery. It is noticed for spreading a separate malware dropper, coined Domino Loader. The former provides only remote access to the targeted system, while the latter serves for malware deployment. This duo is spotted for being used in a pretty unique…

Source…

(LEAD) Chinese hackers attack 12 S. Korean academic institutions: KISA

January 25, 2023/in Internet Security

(ATTN: ADDS photo, more details in last 7 paras)

SEOUL, Jan. 25 (Yonhap) — South Korea’s internet safety watchdog said Wednesday a Chinese hacking group has launched a cyberattack against 12 South Korean academic institutions.

The Korea Internet & Security Agency (KISA) said the attackers hacked into the websites of 12 institutions Sunday, which included some departments of Jeju University and the Korea National University of Education.

Most of the 12 websites, including that of the Korea Research Institute for Construction Policy, were still unavailable for access as of 10 a.m. Wednesday.

KISA said the Chinese hacking group had warned of a cyberattack against multiple S. Korean agencies, including KISA.

But the internet watchdog’s site was not affected, it said.

The Chinese hacking group, identifying itself as the Cyber Security Team, claimed it had successfully compromised the computer networks of 70 South Korean educational institutions around the Lunar New Year holiday that ran from Saturday to Tuesday.

The group also warned that it will disclose 54 gigabytes of data it claimed to have stolen from South Korea’s government and public institutions.

The Ministry of Science and ICT asked government agencies and individuals to stay vigilant against rising hacking threats.

Science Minister Lee Jong-ho visited the Korea Internet Security Center on Tuesday to check on the security posture against possible cyberattacks.

(LEAD) Chinese hackers attack 12 S. Korean academic institutions: KISA - 1

(END)

Source…

https://spinsafe.com/wp-content/uploads/2023/01/LEAD-Chinese-hackers-attack-12-S-Korean-academic-institutions-KISA.jpg 211 375 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2023-01-25 00:00:072023-01-25 00:00:07(LEAD) Chinese hackers attack 12 S. Korean academic institutions: KISA

CFOs learn how to respond and lead during a cyberattack

December 19, 2022/in Internet Security

Imagine this situation: your CEO just resigned and as CFO, you’re the acting chief. After returning to the office from an exhausting overseas trip, your CIO informs you that malware was deployed within your customer databases.

That’s worrisome enough, but the next morning your CIO delivers this bombshell: Hackers are demanding $4.5 million in ransomware or all that sensitive customer data winds up on the dark web.

And you have just 72 hours to figure out what to do.

Finance executives experienced this exact simulated ransomware attack at CNBC’s recent CFO Council Summit in Washington, D.C. They were joined by a half dozen of CNBC’s Technology Executive Council (TEC) members from leading cybersecurity companies to help guide them through the steps they and their hypothetical companies should take in responding to the attack.

The simulation was led by retired U.S. Army Colonel Sean Hannah of the Thayer Leadership, a leadership development organization located at West Point. CFOs from the Council were broken up into teams, each representing a fictitious company in a specific industry such as financial services, healthcare, energy, and pharma/biotech. The TEC members were brought in to play the role of CIO at each of these companies and to offer technical advice on what to do in the event of a ransomware attack.

The goal of the exercise was not to school CFOs in the technical intricacies of a breach, Hannah said at the beginning of the exercise, but rather to formulate a plan for how to manage, lead, and communicate during a crisis.

Hannah informed each table of participants that each minute of the exercise would represent about 41 minutes of “real” time, giving them about 1 hour and 45 minutes to figure out what they would do during a cyberattack.

As the scenario moved along, CFOs were given the next development or demand in the attack. Once they knew a ransomware demand was made, the most pressing question was whether they should pay the money. Many wondered if making the payment would put a bullseye on their back for future ransomware attacks. Others turned immediately to the participants playing company lawyers to determine how much cyber insurance they had on hand to pay the…

Source…

https://spinsafe.com/wp-content/uploads/2022/12/107168516-1671479491325-NUP_199969_00238-1024x681_1.jpg 1080 1920 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2022-12-19 16:00:072022-12-19 16:00:07CFOs learn how to respond and lead during a cyberattack

Boise State strives to lead cybersecurity preparedness for Idaho and the nation – The Arbiter

December 10, 2022/in Internet Security

<br />

Boise State University’s leaders in cybersecurity shared their work to improve cyber awareness and develop a ready-to-work cybersecurity workforce to fight cyber threats at the Annual Preparedness and Cybersecurity Conference, which occurred Oct. 11-13 in Boise. Ransomware attacks, malicious hacking and government-sponsored cyber attacks dominated discussion topics.

Ed Vasko, director of the Institute for Pervasive Cybersecurity (IPC) and member of the Division of Research and Economic Development at Boise State University, envisions Idaho as the future national hub for cybersecurity.

“So why Boise? All the elements — the business support, the support from Idaho Tech Council, the support from local government, from state government, the growing tech community that’s here, everything’s right,” Vasko said. “And then you sprinkle into that an innovative university like Boise State that is recognizing there’s a better way to do this and to engage with industry … help craft and adjust curricula, build platforms and create pathways for our students so that our industry partners know that they can come to us and accelerate their growth.”

Dependence upon computer networks and internet connectivity combined with the weakest link, human operation, enables criminals to access networks and cause catastrophic damage. Cybersecurity experts at the conference agreed that top priorities for disaster preparedness are cybercrime and cyber warfare, citing the ransomware attack which resulted in a six-day shutdown of gas and the jet fuel supply from the Colonial Pipeline to the southeastern U.S. in 2021.

Speakers from the Department of Homeland Security, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned cyberattacks represent the future face of warfare, citing Russia’s cyberattacks accompanying their conventional military invasion of Ukraine in February.

Vasko raised the shortage of cybersecurity-trained workers to fill hundreds of thousands of unfilled job openings as a big challenge to achieving adequate nationwide cybersecurity. There are more than 760,000 cybersecurity jobs nationwide, over 6,700 in Idaho,…

Source…

https://spinsafe.com/wp-content/uploads/2022/12/Online-ClearWaterBuilding-Ledesma-min.png 1306 1959 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2022-12-10 12:30:072022-12-10 12:30:07Boise State strives to lead cybersecurity preparedness for Idaho and the nation – The Arbiter