Cyber Weekly Digest - Week #5
The news has been filled with cyber security stories this week including the take down of Emotet, one of the most significant botnets of the decade, and the disruption of the Netwalker ransomware operation. Keep reading to get all the information you need from this week.
In the UK The Association of British Insurers has been accused of funding organised crime by including ransomware blackmail payments in cyber insurance policies. It said insurance was "not an alternative" to doing everything possible first to minimise the risk. However, it added that firms could face financial ruin without the cover. Businesses might choose to pay because they do not have their data backed up, cannot afford - or do not have time to rebuild their systems. However, it has been said that insurers are funding organised crime, bringing up the debate 'to pay or not to pay'. Although the advice in the UK is not to pay the demand, it is not illegal to pay.
Find out more on whether you should pay ransom demands in SentinelOne's "To Pay Or Not To Pay" e-book.
This week authorities across Europe seized control over Emotet botnet, one of the most prolific botnets of the past decade. The law enforcement action included the arrest of several suspects in Europe connected to the crimeware gang. The core group of criminals behind Emotet are widely considered to be operating out of Russia. Although the seizure is significant, it is too soon to say the effectiveness of the operation.
This week, US and Bulgarian authorities seized the dark web site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. In connection with the seizure, a Canadian national suspected of extorting more than $27 million through the spreading of NetWalker was charged. This operation does not mean it's the end of the Netwalker operation.
Google's Threat Analysis Group published a report that found a North Korean government-backed hacking group that uses social media to target security researchers and infect their computers with a custom backdoor malware. The threat actors create fake accounts and blogs to build a fake persona as a security researcher. These accounts are then used to contact targeted security researchers via social media. In one case seen by Google, the threat actors were called out for a fake PoC video and began to create Twitter sock puppet accounts to refute the claims that the PoC is fake.
All three of the zero-days were reported by an anonymous researcher. The first zero-day impacts the iOS operating system kernel and the other two were discovered in the WebKit browser engine. Security experts believe the three bugs are part of an exploit chain where users are lured to a malicious site that takes advantage of the WebKit bug to run code that later escalates its privileges to run system-level code and compromise the OS.