June 2023 Newsletter

Posted By: Mark Friday 14th July 2023 Tags: , , , , , , , , , , , , ,

This month: MOVEit vulnerability leads to mass ransomware attack and data thefts; joint advisory issued over Lockbit ransomware gang; USAF backtracks on claims AI drone attacked operator; AI cleaning up UK waterways; France targets social media scams & Android Emergency SOS system causing problems for emergency services.

Newsletter Image: MOVEit Vulnerability Leads To Data Theft

MOVEit Vulnerability Leads To Data Theft

A mass ransomware attack initiated at the beginning of June is causing panic around global companies who hold lots of sensitive customer data. Millions of people’s personal data could have been stolen through one of the victims of the MOVEit zero-day vulnerability exploited by the notorious Clop Ransomware gang.

Vulnerability in MOVEit Transfer Software

On June 1st, Bleeping Computer reported that hackers were actively exploiting a zero-day vulnerability in the MOVEit Transfer file transfer software, tracked as CVE-2023-34362, to steal data.

MOVEit Transfer is software developed by Progress (formerly Ipswitch) that allows them to securely transfer files between business partners and customers. The hackers were able to mass download data from a huge number of organisations.

Clop Ransomware Gang Exploits MOVEit Vulnerability

These hackers were identified by the Microsoft Threat Intelligence Team as the Clop ransomware gang and the attacks were believed to have happened on May 27th, which was the Memorial Day weekend in the US.

Bleeping Computer said the Clop ransomware operation is known to target managed file transfer software and that the attack matched their previous attacks on GoAnywhere MFT in January 2023 and Accellion FTA servers in 2020.

Clop then claimed responsibility for the attacks.

BBC, BA & Boots Amongst Victims Of MOVEit Vulnerability

Over the subsequent weeks, reports have emerged of data having been stolen from the BBC, British Airways, Boots, Aer Lingus, Ofcom, Transport For London, and many others around the world. The list grows as further companies report data thefts via payroll providers such as Zellis.

A patch was released by Progress on June 15th, to address the vulnerabilities in MOVEit Transfer and MOVEit Cloud.

The NSCS offers guidance for both businesses and individuals dealing with the affects of the cyber attack.

Advice for individuals affected

Anyone who believes their information has been compromised as a result of this incident (staff of the affected organisations) can find out how to protect themselves from the impact of the breach.

Advice for organisations affected

For organisations directly affected, Progress (the vendor of the MOVEit software) has issued updated advice on mitigating this vulnerability, which includes a new patch for additional vulnerabilities that could be exploited. MOVEit customers should apply the patch, updated June 9th, as described in the MOVEit Transfer Knowledge Base Article.

What if we have been compromised because of this vulnerability?

If you are a UK organisation compromised by this vulnerability, use the government’s sign-posting service to report the incident.

Businesses of all sizes are always at risk of cyber-attack, and both the software and hardware used needs to be effectively monitored and kept up to date. You also need a robust plan in place for managing your backups and data recovery. If you’re a business in Teesside, Tyne & Wear, North Yorkshire, County Durham, or anywhere around the North East of England, contact LaneSystems for your IT support and cyber security needs.


Newsletter Image: Lockbit Joint Cyber Security Advisory

Lockbit Joint Cyber Security Advisory

This month saw cyber security bodies from USA, UK, Canada, France, Germany, Australia and New Zealand get together to warn about the ongoing cyber threat from Lockbit. The seven nations issued the alert along with protection tips relating to the prolific ransomware-as-a-service gang.

The joint advisory includes details of common tactics, tools, techniques and procedures (TTP) used, by the cybercriminals, along with known exploited vulnerabilities (CVEs). This is followed up with recommendations to avoid ransomware infections or reduce the impact of future ones. They have produced a PDF which effectively provides all the current information needed to identify, prevent and report Lockbit attacks.

Lockbit Targets Critical Infrastructure

LockBit is used by its own core gang, as well as sold to affiliates, who target critical infrastructure organisations such as those in financial services, food & agriculture, education, energy sector, government orgs, emergency services, healthcare sector, manufacturing, and transportation. It was the most deployed ransomware variant, globally, in 2022, and continues to be prolific threat in 2023

The Register says: the gang, now on version 3.0 of its data-encrypting-and-stealing malware, began incorporating source code from the Conti ransomware in January, and using encryptors targeting macOS as seen on VirusTotal.

LockBit has been successful through its innovation and continual development of the group’s administrative panel (i.e., a simplified, point-and-click interface making ransomware deployment accessible to those with lower degrees of technical skill), affiliate supporting functions, and constant revision of TTPs.

LockBit Statistics (from the report)

Percentage of ransomware incidents attributed to LockBit:

  • Australia: From April 1, 2022, to March 31, 2023, LockBit made up 18% of total reported Australian ransomware incidents. This figure includes all variants of LockBit ransomware, not solely LockBit 3.0.
  • Canada: In 2022, LockBit was responsible for 22% of attributed ransomware incidents in Canada.[10]
  • New Zealand: In 2022, CERT NZ received 15 reports of LockBit ransomware, representing 23% of 2022 ransomware reports.
  • United States: In 2022, 16% of the State, Local, Tribal, and Tribunal (SLTT) government ransomware incidents reported to the MS-ISAC were identified as LockBit attacks. This included ransomware incidents impacting municipal governments, county governments, public higher education and K-12 schools, and emergency services (e.g., law enforcement).

As always, security organisations recommends not paying any ransom. It doesn’t guarantee recovery of files and might even lead to escalating problems, not to mention the funding of criminal enterprise. Promptly report ransomware incidents to your country’s respective authorities (NCSC in the UK).

The best way to fight ransomware and other cyber nasties is to implement robust cyber security protocols and good cyber practices within your organisation. If you’re a business in Teesside, Tyne & Wear, North Yorkshire, County Durham, or anywhere around the North East of England, contact LaneSystems for your IT support and cyber security needs.


Newsletter Image: US Air Force Denies AI Drone Operator Attack

US Air Force Denies AI Drone Operator Attack

In the first of a busy month for AI stories, and with a story right out of the sci-fi world of The Terminator, the US military was forced to offer a retraction over comments made by an air force Colonel at a Royal Aeronautical Society conference.

When giving a talk, Colonel Tucker Hamilton, chief of AI test and operations in the US Air Force, described a simulation where an AI-enabled drone had been trained to search out and destroy surface to air missile (SAM) sites. The final decision to strike was to be made by the Human operator, until, he claims, the system felt the operator was interfering with its mission.

Hamilton said: “We were training it in simulation to identify and target a SAM threat. And then the operator would say yes, kill that threat. The system started realising that while they did identify the threat at times the human operator would tell it not to kill that threat, but it got its points by killing that threat. So what did it do? It killed the operator. It killed the operator because that person was keeping it from accomplishing its objective.”

He went on: “We trained the system – ‘Hey don’t kill the operator – that’s bad. You’re gonna lose points if you do that’. So what does it start doing? It starts destroying the communication tower that the operator uses to communicate with the drone to stop it from killing the target.”

A retraction was later issued and added to the RAS site.

In communication with AEROSPACE – Col Hamilton admits he “mis-spoke” in his presentation at the Royal Aeronautical Society FCAS Summit and the ‘rogue AI drone simulation’ was a hypothetical “thought experiment” from outside the military, based on plausible scenarios and likely outcomes rather than an actual USAF real-world simulation saying: “We’ve never run that experiment, nor would we need to in order to realise that this is a plausible outcome”. He clarifies that the USAF has not tested any weaponised AI in this way (real or simulated) and says “Despite this being a hypothetical example, this illustrates the real-world challenges posed by AI-powered capability and is why the Air Force is committed to the ethical development of AI”.

Several experts in the field of AI have been warning about the threat the technology might pose to humanity, but other experts have played down how serious that risk actually is. We’re certainly going to hear a lot more about AI in the coming months.


Newsletter Image: AI Aids Environmental Protection

AI Aids Environmental Protection

The BBC has a more positive AI story, regarding the use of technology to monitor water pollution and can use data to predict and identify potential pollution events.

Tech company, CGI, in conjunction with mapping experts, Ordinance Survey, have developed a artificial intelligence satellite system showing an accuracy rate of 91.5% (based upon historical data models). Using a range of sensors placed around rivers and fields, the AI technology builds a picture of the condition of the rivers, the state of rainfall, soil condition, etc. This can identify and predict potential pollutant and contaminant causes.

This AI tracking is expected to help combat the amount of raw sewage being dumped into public waters, help warn when farmers can avoid agricultural runoff by not using fertilisers on dry fields when heavy rain is forecast, and other interventions that can keep rivers in a healthier shape.

Mattie Yeta, CGI’s chief sustainability officer, said:

“Following a successful first phase of the project, which led to the creation of an AI and satellite tool that can predict pollution events with up to 91.5% accuracy, we are excited to launch this second phase, which provides an innovative and proactive approach to environmental management and nature protection.”

“The solution will benefit farmers, governments, water companies and other stakeholders by protecting our water from pollution and contamination, which is vital for both our way of life and the life of our waterways and coastlines.”

The project is testing in North Devon, and if it can sustain the accuracy in real-time environments, it could be the catalyst for a rollout further afield.


Newsletter Image: France Fights Influencers Over Online Scams

France Fights Influencers Over Online Scams

Social Media influencers are in the firing line as the French authorities crack down on online scams covering the likes of miracle cures, medical procedures, gambling, crypto and a multitude of fake products.

In recent times, a number of French celebrities have been caught up in high-profile scandals over their promotion of questionable products.

Time reports that reality television star Nabilla Benattia-Vergara was handed a €20,000 fine for promoting Bitcoin to millions of Snapchat followers without disclosing that she was being paid to do so. Elie Yaffa, who raps under the name Booba, accused the influencer agent Magali Berdah of using her agency as a vessel to promote questionable products. And over 100 alleged victims came forward with a class-action lawsuit earlier this year, accusing French social media influencers of deliberately leading them to lose money on trading and NFT platforms.

While it’s not a problem exclusive to France, they are the nation moving quickest to address the sector with stricter regulation. Under new legislation proposals, a legal definition of ‘influencer’ will be written, with strict rules of conduct about what can and can’t be advertised across their social media platforms. Stiffer penalties will be forthcoming for rule breakers. If the Bill passes in its current form, there will be a complete ban on the promotion of financial products, including cryptocurrency, cosmetic procedures and fake products. Gambling will require clearly displayed info banners that currently have to be carried by advertising in other media sectors.

Although social media users have long been required to make it clear in the description when a post is a paid promotion, many flout those rules. A BBC article notes that in a study of 60 influencers and influencer agencies from January 2023, the French General Directorate of Competition, Consumer Affairs and Fraud Control (DGCCRF) showed that 60% did not respect the regulations on advertising and consumer rights. The new proposals would require a banner to be displayed over any image or video post to clearly indicate the sponsored post.

French MP, Arthur Delaporte, who backs the new Bill said:

“Many of the scams offer false trading advice that has cost victims more than €50,000 (£43,000).

“This bill is dedicated to the victims of scams, to the citizens’ watchdogs who have worked to alert the public authorities”.

With governments in other countries considering their next moves regarding social media regulation, this French bill could see other nations follow suit.

Newsletter Image: Police Warn About Android Emergency SOS

Police Warn About Android Emergency SOS

The Verge reports an ongoing Android update has caused police forces across the UK to issue a warning about a significant increase in the number accidental ‘silent calls’.

The Emergency SOS feature is enabled by default, and activates a call to the emergency services number when the power button on the side of the phone is pressed several times in quick succession. This is an easy thing to do accidentally, however, and police chiefs believe this new feature has been the reason for a major uptick in the amount of false 999 calls.

Devon & Cornwall police said it had received 169 silent 999 calls between 00:00 and 19:00 BST on the Sunday alone, while Police Scotland said BT had reported “a significant increase in accidental calls to 999”.

The National Police Chiefs Council warned of the issue and pointed out how to disable the feature to try ease the situation for emergency responders until an update addresses the situation.

They posted: “Calls to 999 where the operator cannot hear anyone on the line (silent calls) are never just ignored. Call handlers will then need to spend valuable time trying to call you back to check whether you need help,”

“If you do accidentally dial 999, please don’t hang up. If possible, please stay on the line and let the operator know it was an accident and that you don’t need any assistance.”

Although the Emergency SOS feature has taken a while to migrate to all Android phones, it has been a feature of the Google Pixel phone since the release of Android 12 back in 2021, with issues reported by Pixel users back then. It seems that it’s only now that enough Android users have been pushed the feature that significant issues are being caused to the emergency services.

Google said it was the responsibility of the phone manufacturers to manage the feature rollouts on their devices. However, a spokesperson went on to say:

“To help these manufacturers prevent unintentional emergency calls on their devices, Android is providing them with additional guidance and resources,”

“We anticipate device manufacturers will roll out updates to their users that address this issue shortly. Users that continue to experience this issue should switch Emergency SOS off for the next couple of days.”