Cybersecurity Saturday

The Federal Bureau of Investigation announced that on July 28, 2021, “The Cybersecurity and Infrastructure Security Agency (CISA), Australian Cyber Security Centre (ACSC), United Kingdom’s National Cyber Security Centre (NCSC) and Federal Bureau of Investigation (FBI) released a joint cybersecurity advisory today, highlighting the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by cyber actors in 2020 and those vulnerabilities being widely exploited thus far in 2021. Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations worldwide. It’s recommended that organizations apply the available patches for the 30 vulnerabilities listed in the joint cybersecurity advisory and implement a centralized patch management system.” Check it out because as the FBI explains “One of the most effective best practices to mitigate many vulnerabilities is to update software once patches are available and as soon as is practicable. Focusing cyber defense resources on patching those vulnerabilities that malicious cyber actors most often use should be ingrained in the culture of every organization. This approach offers the potential of not only bolstering network security, but also impeding the disruptive, destructive operations of our adversaries.”

To help reduce such vulnerabilities, the federal government’s Cybersecurity and Infrastructure Security Agency (“CISA”) announced yesterday July 30

the launch of its VDP Platform for the federal civilian enterprise, the latest shared service offered by CISA’s Cyber Quality Services Management Office (QSMO) and provided by BugCrowd and EnDyna. The VDP Platform provides a single, centrally managed online website for agencies to list systems in scope for their vulnerability disclosure policies, enabling security researchers and members of the general public to find vulnerabilities in agency websites and submit reports for analysis. The Department of Homeland Security (DHS), the Department of Labor (DoL), and the Department of Interior (DoI) are among the agencies planning to leverage this platform at the onset. * * *

Through this crowdsourcing platform, Federal Civilian Executive Branch (FCEB) agencies will now be able to coordinate with the security research community in a streamlined fashion and those reporting incidents enjoy a single, usable website to facilitate submission of findings. The platform encourages collaboration and information sharing between the public and private sectors by allowing uniquely skilled researchers to submit vulnerability reports, which agencies will use to understand and address vulnerabilities that were previously unidentified. BugCrowd and EnDyna, the service providers, will conduct an initial assessment of the vulnerability reports submitted. This initial assessment will free up agencies’ time and resources and allow agencies to focus on those reports that have real impact. * * *

For more information about QSMO and CISA’s new VDP platform, visit Cyber QSMO MarketplaceVDP Fact Sheet, or contact us at QSMO@cisa.dhs.gov.

On a related note, per CISA,

The National Security Agency (NSA) has released an information sheet with guidance on securing wireless devices while in public for National Security System, Department of Defense, and Defense Industrial Base teleworkers, as well as the general public. This information sheet provides information on malicious techniques used by cyber actors to target wireless devices and ways to protect against it. CISA encourages organization leaders, administrators, and users to review NSA’s guidance on Securing Wireless Devices in Public Settings and CISA’s Security Tip on Privacy and Mobile Device Apps for information on protecting devices and data.

These preventive measures are timely because according to Security Weekly, “A global study commissioned by IBM Security shows that the average cost of a data breach exceeded $4.2 million during the coronavirus pandemic, which the company pointed out is the highest in the 17-year history of its “Cost of a Data Breach” report.”

Last but not least, here is a link to Bleeping Computer’s The Week in Ransomware.

Ransomware continues to be active this week, with new threat actors releasing new features, No More Ransom turning five, and a veteran group rebrands.

This week marked the fifth anniversary of No More Ransomware, where they announced that they had saved €1 billion in ransom payments through the decryptors on their platform.

We also saw ransomware groups continue to innovate with LockBit 2.0 now using group policiesto automate the deployment of their ransomware over a Windows domain.

I shared what I know about the inner conflict of the Babuk ransomware gang that led to the Admin starting a new RAMP cybercrime forum and the rest of the team launching Babuk version 2.0.

Finally, DoppelPaymber has rebranded as a new ransomware operation known as Grief, which began operating in May.

Also Bleeping Computer informs us that “A new ransomware gang named BlackMatter is purchasing access to corporate networks while claiming to include the best features from the notorious and now-defunct REvil and DarkSide operations.” Oh joy.