Microsoft issued a new warning this week on a variant of the 'Masslogger' Trojan being used to target Discord, NordVPN Microsoft Outlook, Google Chrome, and messenger service credentials.

With numerous studies out there over the last decade on passwords, it's clear they remain a huge risk with many re-using their passwords over and over and across multiple platforms. We are seeing billions of credentials for sale regularly, including in January, the 3bn 'COMB collection' (Compilation Of Many Breaches) posted on the RaidForums site. These downloads, systematically follow breaches over time.

For those determined to keep passwords or phrases in their Identity and Access Management journey it's helpful to consider how to help users manage this so they don't go insane with the sheer volume of unique and complex passwords they have to manage and change regularly. Do we want them to write these down, if so where? do we want them to use online password managers and are these safe? With over 90% of breaches down to 'something we know', perhaps now is the time to change up our security and use intelligence multi factor authentication? Why not take the user out of the equation. If they don't know their password then it becomes more difficult for the fraudster. One of the more rewarding areas for us is helping organisations step up, make that positive change, and reduce their risk by opting out of this reliance on a memory test.

BREACHES AND ENFORCEMENT

This week in the U.S. District Court in Los Angeles, the United States Justice Department lodged charges against three members of units of the Reconnaissance General Bureau (RGB), a military intelligence agency of the Democratic People’s Republic of Korea (DPRK). Those indicted were Jon Chang Hyok (전창혁), 31; Kim Il (김일), 27; and Park Jin Hyok (박진혁), 36.

The charges extend the earlier 2018 indictments following the cyber attack on Sony and the WannaCry ransomware variants that affected, amongst others the UK's National Health Service and a number of global banks. Ransomware attacks grew by 150% last year, and in Q3 by nearly 50%. Costs are likely to exceed $20 billion this year, with new ransomware attacks every 11 seconds. 

Kia and Hyundai the South Korean car manufacturers denied they were hit this week with a ransomware attack. Kia described the incident as an “extended systems outage”. Sources are claiming that the DoppelPaymer gang have hit Kia with a ransomware demand totalling $20 million for decryption and not to leak stolen data. Doppelpaymer is interesting as it appears to be one of the first ransomware groups that telephone victims to 'encourage' them to make payment.

In Brazil, São Paulo's Consumer rights agency, Procon, this week determined that Experian's cyber attack which saw 220m personal data records breached may have occurred as a result of company weaknesses rather than an external attack. Procon need that Serasa Experian did not explain how its Data Protection Policy had been technically implemented.

Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) disclosed this week that the Sandworm group, who are Russian military hackers, were behind a three year attack extensively breaching a number French organisations running the Centreon IT monitoring software. The ANSSI discovered the first victims had been compromised as early as 2017.

ANSSI said the attackers targeted Centreon systems that remained connected to the internet, and can't say yet whether the attacks exploited a Centreon software vulnerability or if the attacker was through admin passwords.

Previously alleged members of the Sandworm Group otherwise known as Unit 74455, currently wanted by the US FBI, all thought to be active members of the Russian Intelligence GRU Directorate.

Jamaican based Amber Group has spoken out following last years exposure of up to 400k records including travellers personal data processed by the Jamaican COVID app and website they built. They have still to comment on allegations that data was retained longer than needed and therefore, not destroyed. Its thought many of the victims were US nationals registering proof of negative tests before flying. It has been reported that cloud storage may have been unprotected.

Hackers were reportedly close to compromising the supervisory control and data acquisition (SCADA) system of the City of Florida's water treatment plant last week. The FBI is investigating along with regulators across US states following an attempt to exploit desktop sharing software, Team Viewer, and a reliance on shared passwords on Windows 7. The attack was thwarted by an alert employee according to Pinellas County Sheriff Bob Gualtieri and a Massachusetts government alert, though the hackers gained access to the water facility's control systems the attack was quickly discovered.