At a glance.
- Silent Librarian returns to campus.
- Ryuk is back, in more dangerous form.
- Blackbaud update.
- Colorado state employees' data breached.
- Review of privacy issues in the context of the Crypto Wars.
Silent Librarian breaks its silence.
With the start of the 2020-21 academic year, an APT group called Silent Librarian/TA407/COBALT DICKENS have launched a wave of spearphishing attacks targeting university students and staff in the hopes of acquiring valuable academic research and proprietary information, reports Malwarebytes Labs. Though the US Department of Justice indicted nine Iranian cybercriminals in 2018 for a similar campaign, the operation appears to be up and running again, this time hitting schools in other countries including Canada, Australia, and the UK. As HackRead explains, the operators begin by creating phishing sites spoofing legitimate university login portals. They then use social engineering tools to send emails to victims luring them to the websites, where the targets unwittingly hand over their login credentials.
Ryuk is back and better than ever. (And that's bad.)
Ryuk once again rears its ugly head, reports Sophos News. Though seemingly inactive for the early part of this year, the operators of Ryuk ransomware, who have secured over $61 million from the US alone since their first campaigns in 2018, have reemerged with a new wave of phishing attacks that boast upgraded mechanisms. An in-depth investigation into one attack revealed that the threat actors have moved on from using Emotet and Trickbot malware, instead opting for exploitation tools like Buer Loader, Cobalt Strike, Bloodhound, and GMER. The new and improved method works swiftly, allowing the ransomware to be launched less than a day after the victim opens a malicious email attachment. And despite their first efforts being thwarted by security protocols, the operators persisted, making multiple attempts to install the malware over the following week.
Another Blackbaud casualty.
Lawrence + Memorial Hospital in the US state of Connecticut is one of the latest victims of the Blackbaud ransomware attack that occurred earlier this year, reports The Day. According to the hospital’s statement on Wednesday, the company the hospital employs for donor communications was breached, compromising donor demographic data; however, no medical records were impacted. Yale New Haven Health System is investigating the extent of the breach, and those affected will be notified.
Colorado state employee data breach.
A data breach at the Department of Personnel and Administration in the US state of Colorado has compromised the data of up to 30 thousand state employees, reports CBS 4 Denver. A statement from the agency on Tuesday explained that sensitive employee information was leaked to thirty-eight college benefits administrators via email. The state has assured those affected that the emails have been deleted and that there is no reason to believe the data was misused.
Backdoors, law enforcement, and privacy.
Recent international calls for requiring software companies to embed backdoors (not under that name) in their products have prompted ripostes from privacy hawks on the other side of the Crypto Wars. We heard from Paul Bischoff, privacy advocate with Comparitech and author of the new study US state and district courts authorize 99% of interception orders – less than 4% convicted, who called the efficacy of backdoors in actual investigations into question: “It's impossible to create an encryption backdoor that only law enforcement can take advantage of. If backdoors are in place, criminals will move on to other end-to-end encrypted messaging apps, while legitimate users suffer security and privacy violations. If our analysis of US wiretapping orders is any indication, only a fraction of law enforcement requests to decrypt data will actually be incriminating or lead to convictions. There's little consideration for innocent parties whose communications are intercepted by law enforcement, and 99 percent of interception requests are granted by courts.”