Resources

GroupSense analysts became aware of a wide-spread attack leveraging Kaseya’s Vector Signal Analysis (VSA) platform, commonly in use by Managed Service Providers.

Join this month's episode of The (Security) Balancing Act as Diana Kelley and guests discuss why ransomware is surging again, which sectors are most at risk, the threat to enterprises and how it is being used for more than just ransom (ex: distractionware, destructionware, etc).
- The rise in ransomware under the cloak of the pandemic
- Why email continues to be the channel of choice
- The difference between fully automated and human-operated campaigns
- How to decide whether or not to pay or not to pay the ransom
- Why your backups may not be immune to ransomware
- Addressing the threat with best practices

Speakers
- Nicole Hoffman, Intelligence Analyst, GroupSense
- Courtney Radke, CISO for National Retail, Fortinet
- Patrick Lee, Senior Incident Response Consultant, Rapid7

Background

Recently, a hacker known as PeteRepete leaked over 533 million Facebook users’ personal information online. There were no passwords in the database, but it did contain full names, phone numbers, email addresses, employer information, and a few other pieces of information from Facebook users’ profiles. GroupSense confirmed only a small portion of the records contained email addresses, but almost all of the records contained a phone number. 

Security ratings services have become a popular way for companies to assess their own cybersecurity posture, as well as that of their partners. And, while they are useful for establishing a data baseline of competence, they are often relied on as something more than that. For example, they’re used in boardrooms as “eye candy” to portray the state of company cyber-risk, with supply chain partners to manage third-party risk and, even more frightening, by insurance companies to create risk profiles for cyber-insurance policies.

As ransomware attacks continue to surge across the globe, the demand for negotiation services has also increased -- and been hard to fill.

Overview

Users quickly adopted the cloud storage tool Dropbox at the start of the COVID-19 pandemic to alleviate file sharing issues and facilitate group work. Updates to Dropbox Spaces, a project management tool, reflect this shift, easing communications for remote work.¹ The file-sharing company seeks to enhance collaboration and information-sharing within a distributed workforce, both now and in the future.

With the emergency approval of COVID-19 vaccines, many are (rightfully) starting to see the proverbial light at the end of the tunnel. Although GroupSense is hopeful 2021 will bring health, prosperity, and recovery from the global public health crisis, we are also cognizant of numerous cyber security threats that may derail the mass-vaccination process. Below are five of the many threats GroupSense expects to see as the world moves forward with COVID-19 vaccination efforts.

You were hit with ransomware. You panic. You search “ransomware response” or “ransomware repair” and among the top results is a link that reads “Recover Encrypted Files - Guaranteed.” Sounds like you found the solution! None of us wants to pay the ransomware operators. If there is a legitimate solution that avoids sending tens of thousands (if not millions) of dollars via cryptocurrency to threat actors overseas, it’s worth paying for.

Background

The cyber security industry is reeling from another large scale, targeted attack. What was initially reported as a breach of FireEye red team tools on December 8th has now been exposed as a much wider, potentially catastrophic breach affecting the SolarWinds Orion software. SolarWinds stated a threat actor inserted malware,  SUNBURST or Solorigate, into a service providing trojanized software updates for its Orion platform, used by public and private companies to track IT resources. To date (December 16th, 2020), as many as 18,000 organizations have been affected by SUNBURST, announced SolarWinds. On December 14, Reuters and the Washington Post reported the U.S. Department of Homeland Security (DHS), the State Department, and the National Institutes of Health (NIH) were also compromised as a result of the infected Orion distribution.

The world’s most popular messaging and social media apps are rolling out new privacy features allowing users to send content that will self-delete after a short time. On November 5, WhatsApp announced “disappearing messages” that are automatically erased after a week; on November 12, WhatsApp’s parent company Facebook introduced “vanish mode” for Messenger and Instagram, seamlessly deleting messages after users leave their chat. And on November 17, Twitter launched “Fleets,” messages with 24-hour lifespans.