Security News > 2021 > January

The FBI has alerted companies in the private sector to a spate of attacks using the Egregor ransomware. Egregor - the name of which refers to an occult term meant to signify the collective energy or force of a group of individuals-is indeed the work of a "Large number of actors" and is operating as a ransomware-as-a-service model, according to the FBI. "Because of the large number of actors involved in deploying Egregor, the tactics, techniques and procedures used in its deployment can vary widely, creating significant challenges for defense and mitigation," the FBI said.

Dassault Falcon Jet has disclosed a data breach that may have led to the exposure of personal information belonging to current and former employees, as well as their spouses and dependents. Dassault Falcon Jet is the US subsidiary of French aerospace company Dassault Aviation which designs and builds military aircraft, business jets, and space systems.

United States Secretary of State Mike Pompeo this week approved the creation of the Bureau of Cyberspace Security and Emerging Technologies. China, Russia, Iran, and North Korea are considered by the United States threats to its national security, along with "Other cyber and emerging technology competitors and adversaries," the Department of State points out.

Offered under a Ransomware-as-a-Service business model, the Egregor ransomware poses a great threat to businesses due to the use of double extortion, a recent private industry notification from the Federal Bureau of Investigation warns. Initially observed by the FBI in September 2020, Egregor has claimed more than 150 victims to date, all around the world.

Authors Randolph A. Kahn, owner of Kahn Consulting, and James Beckmann, counsel for Boy's Town, consider that question in their American Bar Association article, Creating a Mindful Information Culture. In particular, they examine how a mindful information culture helps to mitigate risk by determining what's essential.

An investigation has been launched into the impact of the SolarWinds breach on the computer systems used by federal courts in the United States, which reportedly represented a target of interest to the hackers. The Administrative Office of the U.S. Courts said an investigation was launched in mid-December after the Cybersecurity and Infrastructure Security Agency issued an emergency directive instructing all federal agencies to immediately analyze their systems for evidence indicating that they may have been targeted through the Orion monitoring tool developed by SolarWinds.

Obscure software packages can have hidden vulnerabilities that affect the security of these networks, and sometimes the entire Internet. Any system for acquiring software needs to evaluate the security of the software and the security practices of the company, in detail, to ensure they are sufficient to meet the security needs of the network they're being installed in.

A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government. Attributing the attack to APT37, Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote access tool.

The vulnerability allows the bad actor to extract the encryption key or the ECDSA private key linked to a victim's account from a FIDO Universal 2nd Factor device like Google Titan Key or YubiKey, thus completely undermining the 2FA protections. An actor will have first to steal the target's login and password of an account secured by the physical key, then stealthily gain access to Titan Security Key in question, not to mention acquire expensive equipment costing north of $12,000, and have enough expertise to build custom software to extract the key linked to the account.

The Administrative Office of the U.S. Courts has revealed on Wednesday that it is investigating whether sealed U.S. court records had been accessed by the SolarWinds attackers. The AO is now working with the Department of Homeland Security "On a security audit relating to vulnerabilities in the Judiciary's Case Management/Electronic Case Files system that greatly risk compromising highly sensitive non-public documents stored on CM/ECF" and has announced new security procedures to protect highly sensitive confidential documents filed with the courts.