Friday Five 11/11

MICROSOFT LINKS RUSSIA’S MILITARY TO CYBERATTACKS IN POLAND AND UKRAINE BY DAN GOODIN

This past week, Microsoft identified the Sandworm hacking group—otherwise known as Iridium—as the likely culprit behind attacks targeting Polish and Ukrainian transportation and logistics organizations. According to Microsoft, the attacks involved a never-before-seen strain of ransomware now known as Prestige. Once the ransomware is deployed across victims’ networks, it allows the threat actors to encrypt over 200 different file types. Read the full story to learn more about Sandworm and why these attacks could be cause for concern.

Read more

LOCKBIT RANSOMWARE SUSPECT ARRESTED IN CANADA, FACES CHARGES IN US BY AJ VICENS

Canadian law enforcement arrested a Russian-Canadian dual national, Mikhail Vasiliev, for his suspected involvement in LockBit ransomware attacks and now faces five years in prison and extradition to the U.S. In her statement, Deputy Attorney General Lisa Monaco says, “his arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world,” while Europol classifies Vasiliev as one of its “high-value targets due to his involvement in numerous high-profile ransomware cases.”

Read more

US HEALTH DEPT WARNS OF VENUS RANSOMWARE TARGETING HEALTHCARE ORGS BY SERGIU GATLAN

Based on a report from the Health Sector Cybersecurity Coordination Center (HC3), the U.S. Department of Health and Human Services warned that at least one healthcare entity in the United States has fallen victim to Venus ransomware and that others may be targeted. This follows separate warnings in the recent past of Maui and Zeppelin ransomware targeting similar organizations. Find out more about Venus ransomware’s origins and its capabilities in the full story from BleepingComputer.

Read more

CISA, NSA AND INDUSTRY OUTLINE SECURITY RESPONSIBILITIES OF SOFTWARE SUPPLIERS BY MARIAM BAKSH

The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released joint guidance for software suppliers late last month that aims to examine the events that led up to the SolarWinds attack and outline best practices moving forward. Despite separate guidance being released for software developers just this past September, according to a recent statement from the NSA, "the supplier also holds a critical responsibility in ensuring the security and integrity of our software. After all, the software vendor is responsible for liaising between the customer and software developer. It is through this relationship that additional security features can be applied via contractual agreements, software releases and updates, notifications, and mitigations of vulnerabilities.”

Read more

NEW STRELASTEALER MALWARE STEALS YOUR OUTLOOK, THUNDERBIRD ACCOUNTS BY BILL TOULAS

In a departure from the common behaviors of most info-stealers, a new malware known as StrelaStealer is actively stealing email account credentials from Outlook and Thunderbird and was reportedly discovered in the wild for the first time early this month. Get the full breakdown of the malware’s capabilities and how it’s delivered in the full story from Bill Toulas.

Read more