In the spotlight this week:
US Treasury advisory on ransomware payments causes some confusion
British Airways given reduced fine of £20M for 2018 data breach
Phishing attacks pivot from COVID-19 theme to voter registration
Ransomware attackers can now buy network access on the dark web
An advisory issued by the Office of Foreign Assets Control has caused many industries such as cybersecurity and insurance to re-evaluate how they respond to highly disruptive ransomware and extortion security incidents. The advisory warned that paying or helping pay ransoms to anyone on its cyber sanctions list could incur civil penalties.
American companies are prohibited from conducting business with sanctioned entities, while individuals who knowingly facilitate transactions with sanctioned entities may also be penalized. Such penalties are worrying for firms who specialize in facilitating such services, or those victims whose very survival depends on restoring encrypted critical data. Many experts are still interpreting the advisory to better understand the implications and conditions under which these penalties may be enforced.
British Airways has been fined £20M (US$26M) by the Information Commissioner's Office (ICO) for a data breach affecting more than 400,000 customers. The breach took place in 2018 and affected both personal and credit card data. The fine is considerably smaller than the £183M that the ICO originally intended to issue back in 2019, and was reportedly reduced on taking into account the economic impact of COVID-19 on the airline industry. This penalty is still the largest issued by the ICO to-date.
Security researchers at KnowBe4 have noticed the rise in election-themed emails. These emails range in topic, from the recent campaigns on the U.S. President’s health, to the Democratic National Committee, to now impersonating the U.S. Election Assistance Commission (EAC). The latest messages spoof a voter registration page and attempt to collect personally identifiable information (PII).
Network access to already-compromised firms is being offered in underground forums for as little as US$300. Researchers warn that ransomware groups like Maze and NetWalker could be buying in, allowing them to kickstart ransomware attacks across various industries. The ability to purchase initial network access gives cybercriminals a quicker handle on infiltrating corporate and government networks so that they can focus on establishing persistence and moving laterally.
Network-access offerings are typically advertised on underground forums with victim industry info (such as banking or retail), the type of access for sale (VPN, Citrix or remote-desktop protocol), the number of the machines on the network, the country the victim operates in, and more (such as the number of employees or revenue of the company).
Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.