At a glance.
- DarkSide ransomware picks victims who can pay.
- Freepik breached.
- BlueLeaks compromises civilians' medical information.
DarkSide threatens encryption and doxing.
A cyber gang that says it’s composed of former affiliates who’ve already made a pile through extortion has announced that it’s now working its own strain of ransomware, which it calls “DarkSide.” According to BleepingComputer, the gang’s communiqué says, "We are a new product on the market, but that does not mean that we have no experience and we came from nowhere. We received millions of dollars profit by partnering with other well-known cryptolockers. We created DarkSide because we didn't find the perfect product for us. Now we have it."
They say they select their victims with discrimination, and price their extortion demands accordingly—they want their targets able to pay, not bankrupt or defiant. As is now the norm with ransomware, DarkSide steals data before encrypting them. They promise a fully effective decryptor upon payment, and also destruction of the data they’ve taken. The DarkSide gang says it won’t hit healthcare organizations (specifically hospitals or hospices), schools or universities, not-for-profits, and government organizations. This, they say, is an expression of their principles. Forbes reminds its readers that Maze and Doppelpaymer made similar promises back in the early days of the pandemic, but those didn’t really stand the test of a little bit of time.
The gang has been active for a couple of weeks, and they appear to have secured at least one million-dollar score.
Popular graphic resource and stock photo marketplace, Freepik, a widely used graphic resource, has sustained a data breach, BleepingComputer says the attackers made off with emails and password hashes for 8.3 million users. It was an SQL injection attack on Flaticon a free icon database Freepik owns. We received emailed comments from some industry sources.
Jayant Shukla, CTO and Co-Founder of K2 Cyber Security, sees the incident as an object lesson in the seriousness of SQL vulnerabilities. "Organizations need to take action to better protect themselves against SQL vulnerabilities: 1) implement better coding practices to prevent SQL Injection; 2)run better tests for SQL Injection vulnerabilities before code makes it to production; and 3)make sure they have protection against SQL Injection attacks during runtime."
James McQuiggan, Security Awareness Advocate with KnowBe4, also sees SQL injection as a known serious issue. "The reason is that it's the most common attack and usually one of the first things that cybercriminals will try when attempting to breach a website," he wrote. "SQL injection works when data entered by a user or cybercriminal is not validated, filtered, or sanitized by the website application. This action gets passed onto the web application and causes an error or results in all data being readily available to view and steal without hacking a firewall to gain access to a server."
Ilia Kolochenko, Founder & CEO of web security company ImmuniWeb, sees the attack as troubling because of its potential for exploitation in credential-stuffing and phishing attacks.
BlueLeaks exposes medical records.
The activists of BlueLeaks, who have sought to hobble police forces by doxing individual police officers in a progressive action aligned with the Antifa and Black Lives Matter organizations, have apparently compromised the personal information of uninvolved civilians, collateral damage in their fight for an overthrow of what they regard as a repressive order. KELO reports that the South Dakota Department of Public Safety’s Fusion Center has warned that personal information, including some medical records of people testing positive for COVID-19, were compromised in an attack on a Texas web design and hosting firm, Netsential, which counts among its customers some state law enforcement data sharing portals. South Dakota officials fault Netsential for inadequate security that they say contributed to the data exposure. Netsential says it's working with law enforcement to investigate the breach.
Saryu Nayyar, CEO of Gurucul, commented, "It should come as no surprise that there have been ongoing repercussions from the BlueLeaks breach in June. The revelation of some people's COVID-19 status in the database has only come to light now, but shows the depth of data revealed and the potential consequences that may not have been realized at the start."
Chloé Messdaghi, Vice President of Strategy at Point3 Security notes that "it appears that resources and information that were easy to find online and that could've been tagged by anti virus software as malicious were used, so at least some of the websites were possibly out of date." The incident is another example of third-party risk and the importance of keeping systems patched and up-to-date. There's a clear human cost to the breach as well. "Patient status data is particularly sensitive. Some of those afflicted with COVID-19 have reported that when they tell others of their status, friends, neighbors and family don’t know how to react. There are good reasons why public health records are sealed shut and even family members can’t access them without permission. In these times of heightened tensions due to the pandemic, the last thing we want is for anyone to shun vulnerable members of the community."
Dan Piazza, Technical Product Manager at Stealthbits Technologies, wrote, “As we continue to see, overprovisioned access to sensitive information can have devastating results. When access to data in a network is properly provisioned with a least privilege model, then the risk of data being stolen is drastically reduced even in the event of a breach. Users should only have access to the minimum amount of data required to perform their functions as an employee, otherwise even a single compromised user can give an attacker the keys to your data kingdom.”
For our part, we'll add that the incident shows the heedless bias to action and reflexive imitation that can characterize political engagement. So some people are discomfited. So what? There's a callous failure of imagination in such doxing. Randall Jarrell had the Second World War in mind when he wrote "A War":
There set out slowly, for a Different World,
At four, on winter mornings, different legs ...
You can't break eggs without making an omelette
--That's what they tell the eggs.
But the poem has applicability to other conflicts, too.