At a glance.
- Cranes as a security threat.
- Ransomware attack becomes a data leak.
- Data breach at Acer exposes intellectual property.
- Proof-of-concept: AI used to generate polymorphic keylogger.
- Threat actor movements on the radar this week.
- Reports and trends.
- Developments in Russia's hybrid war against Ukraine.
- Patch news.
- Crime and punishment.
- Policies, procurements, and agency equities.
- Labor markets: looking into the paradox of layoffs and the cyber workforce shortage.
- Research news.
Cranes as a security threat.
The US government is concerned that Chinese-made ship-to-shore cranes could pose a national security threat, the Wall Street Journal reports. The cranes in question are manufactured by the Chinese company ZPMC, which a US official said makes around 80% of ship-to-shore cranes used at US ports. The Journal explains that these cranes “contain sophisticated sensors that can register and track the provenance and destination of containers,” prompting concerns about China’s potential ability to capture information about US military shipments. The government doesn’t point to any instances of cranes actually being used for these purposes, but the defense policy bill passed by the US Congress at the end of last year requires the Transportation Department’s maritime administrator to conduct a study to determine whether these cranes could pose cybersecurity threats.
Ransomware attack becomes a data leak.
A ransomware attack early last month on the city of Oakland, California may have resulted in a data leak of the stolen information. The Play ransomware group, who have staked their claim to the attack, shared Thursday on their leak site plans to release the stolen data on Saturday, the Record reports. The group now seems to have made good on its threat. Bleeping Computer wrote Saturday that Play was releasing stolen data, and the San Francisco Chronicle says that the gang has in fact dumped some of the data online.
Following the initial ransomware attack, Oakland decided to declare a state of emergency, Infosecurity Magazine wrote. The outlet aptly observes that the city’s disruptions from the attack, as well as its engagement in “workstation restoration” efforts, indicates that the gang probably hasn't received any ransom payments.
Data breach at Acer exposes intellectual property.
Computer manufacturer Acer has confirmed that it sustained a data breach that resulted in the theft of company data. A hacker is offering 160GB of the stolen data for sale on a criminal forum, SecurityWeek reports. According to BleepingComputer, the hacker claims “the stolen data contains technical manuals, software tools, backend infrastructure details, product model documentation for phones, tablets, and laptops, BIOS images, ROM files, ISO files, and replacement digital product keys.” Acer said in a statement to SecurityWeek, “We have recently detected an incident of unauthorized access to one of our document servers for repair technicians. While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server.” For more on the Acer data breach, see CyberWire Pro.
Proof-of-concept: AI used to generate polymorphic keylogger.
Researchers at HYAS have developed a proof-of-concept strain of polymorphic malware that uses OpenAI’s API to evade detection. The malware, which the researchers call “BlackMamba,” is a keylogger delivered as an apparently benign executable. Once executed, however, BlackMamba will reach out to OpenAI and request that the AI generate keylogging code: “It then executes the dynamically generated code within the context of the benign program using Python’s exec() function, with the malicious polymorphic portion remaining totally in-memory. Every time BlackMamba executes, it re-synthesizes its keylogging capability, making the malicious component of this malware truly polymorphic. BlackMamba was tested against an industry leading EDR which will remain nameless, many times, resulting in zero alerts or detections.” The researchers can then exfiltrate the captured data via legitimate communication and collaboration tools (in this case Microsoft Teams). For more on the proof-of-concept, see CyberWire Pro.