1. ‘Ghostwriter’ Looks Like a Purely Russian Op—Except It's Not by Lily Hay Newman

CyberWarCon, a one-day conference primarily geared towards offensive security and uncovering malicious influence, was this week and with it, a slew of good research. One story that made headlines was research that linked Ghostwriter, a disinformation/spearphishing campaign that's previously undermined NATO, with Belarus. The group was previously thought to have been linked to Russia; the EU Council even released a press release attributing the campaign to Russia in September. Turns out that's not the case. Researchers with Mandiant connected the group to Belarus, citing "sensitively sourced technical evidence," The group has carried out attacks involving fake websites imitating tech companies, Eastern European governments and email services asking for users' logins.

Read more

2. Former CISA head warns of rivals’ ‘destructive’ cyber capabilities by Brad D. Williams

More news from CyberWarCon: Breaking Defense recaps the conference’s keynote by former CISA head Chris Krebs who gave a sobering warning that it could only be a matter of time before a country mounts a destructive cyberattack, something that could ramp up foreign relations. “It’s a really scary environment when every single country has the ability to develop cyberespionage and domestic surveillance and destructive [cyber] capabilities,” Krebs said. Specifically, Krebs noted the ability of other countries to carry out cyberespionage, domestic surveillance, and attacks that could hamper critical infrastructure here in the US. One interesting tangent that Krebs went off on was the direction the US government should move if it wants to be better equipped to tackle ransomware and disinformation: “If you continue to tap government leaders with a background in cyber, you’re going to get the expected results. We need experts in disinformation and a more strategic approach to countering disinformation,” he said, Brad D. Williams reports.

Read more

3. Are Ransom Bans the Answer to Cutting Down on Cyber Attacks? by Noelle Knell

Ransomware's vicious cycle has been well documented at this point. Would outright banning ransomware payments help curb some of this malicious activity? This Government Technology editorial, by the publication's editor, asks that question and cites two opposing stances, one by U.S. Energy Secretary Jennifer Granholm, who acknowledges that paying them only intensifies the problem. The second, from John Davis, a retired U.S. Army major general who served as the co-chair of the Ransomware Task Force for the Institute for Security and Technology, says it isn't so black and white and that completely banning them is “impractical and potentially counterproductive.”

Read more

4. Ransomware fueled record year for UK cyber response by Tim Starks

Some insight on how the U.K. with regards to cybersecurity has fared courtesy of the U.K. National Cyber Security Centre, which released its annual report this week. In it, the center pointed out that it responded to 777 incidents from September 2020 to September 2021, a 7% uptick over from the previous 12-month period. While that figure may not say much, these stats about ransomware may: According to Lindy Cameron, the NCSC's CEO, the center saw the same number of incidents in the first four months of 2021 as it did in all of 2020, a number that was triple the number of those it handled in 2019.

Read more

5. FBI warns of APT group exploiting FatPipe VPN zero-day since May by Serghei Gatlan

It's not an everyday, household name but if your organization uses FatPipe, a company that specializes in router clustering and load balancer products, you should prioritize patching a vulnerability in some of the organization's software ASAP. The vulnerability, which is a zero day , impacts FatPipe WARP, MPVPN, and IPVPN device software. The FBI issued a flash alert around the news this week, stressing tha it appears the bug has existed since May 2021. Using it, attackers have been able to access a file upload function that in turn can afford them the opportunity to drop a webshell for exploitation activity with root access. According to Bleeping Computer, FatPipe products are used by organizations across a handful of major industry sectors including government and military entities, municipalities, utilities, educational facilities, and financial and medical institutions.

Read more