Bringing cybersecurity globally to critical and complex key activities
A regional U.S. government agency compromised with LockBit ransomware had the threat actor in its network for at least five months before the payload was deployed, security researchers found. Logs retrieved from the compromised machines showed that two threat groups had compromised them and were engaged in reconnaissance and remote access operations. The attackers tried to remove their tracks by deleting Event Logs but the pieces of the files remained allowed threat analysts to get a glimpse of the actor and their tactics. Read more about it here.
The FBI first became aware of RagnarLocker in April 2020 and subsequently produced a FLASH to disseminate known indicators of compromise (IOCs) at that time. This FLASH provides updated and additional IOCs to supplement that report. As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors. Read more about it here.
The Senate on Tuesday passed major cybersecurity legation, moving one step closer toward forcing critical infrastructure companies to report cyberattacks and ransomware payments. The passage comes as federal officials have repeatedly warned of the potential for Russian cyberattacks against the United States amid the escalating conflict in Ukraine. The legislation, which still has to pass in the House, would require critical infrastructure owners and civilian federal agencies to report to the Cybersecurity and Infrastructure Security Agency within 72 hours if they experience a substantial cyberattack. Read more about it here.
After months of political infighting, a landmark cybersecurity provision requiring critical infrastructure providers to report security incidents and ransom payments has passed both chambers of Congress and now heads to President Joe Biden's desk. The provision, originally authored by leaders of the Senate Homeland Security and Governmental Affairs Committee - Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio - will require critical infrastructure owners and operators to report to the Cybersecurity and Infrastructure Security Agency if they experience a substantial cyberattack (report due within 72 hours of the attack) or if they make a ransomware payment (report dues within 24 hours of the payment). Read more about it here.
This year's Super Bowl was not very exciting. The game was low-scoring, and the halftime show was lackluster. The only interesting thing that happened on Super Bowl Sunday is the San Francisco 49ers, who wasn't even in the game, confirmed it got hacked. Over the weekend, the BlackByte ransomware group's dark web blog touted that it had CYBER THREAT INTELLIGENCE –NEWSLETTER – 2022/02/16 hacked servers belonging to the San Francisco 49ers and encrypted them. It wants $530 million for the key. The post contains a file called "2020 Invoices" to prove it has company data. Ars Technica notes that the cache holds hundreds of billing statements to entities including AT&T, Pepsi, and the city of Santa Clara. Read more about it here.
Sportswear manufacturer Puma was hit by a data breach following the ransomware attack that hit Kronos, one of its North American workforce management service providers, in December 2021. The data breach notification filed with several attorney generals' offices earlier this month says the attackers also stole personal information belonging to Puma employees and their dependents from the Kronos Private Cloud (KPC) cloud environment before encrypting the data. Right after the attack, a Kronos customer impacted in the incident told BleepingComputer that they had to go back to using paper and pencil to cut checks and monitor timekeeping. Read more about it here.