As ransomware gangs and state-sponsored threat actors wage war against international law enforcement, private organizations, U.S. courts and agencies, and the manufacturing industry are urged to reinforce their cybersecurity measures. Learn all you need to know about these emerging threats in this week's Friday Five.
SYSTEMS USED BY COURTS AND GOVERNMENTS ACROSS THE US RIDDLED WITH VULNERABILITIES BY DAN GOODIN
Public records systems used by courts and governments have been found to have a significant number of vulnerabilities, enabling attackers to alter voter registration databases and legal filings. Security researcher Jason Parker identified critical flaws in 19 platforms used by government agencies, many of which stem from weak permission controls and poor validation. Theoretically, these vulnerabilities could also allow threat actors to cancel voter registrations and access sealed court documents. Although none of these flaws appear to have been exploited, Parker emphasizes the need for systemic overhauls, advocating for stronger security measures, such as multifactor authentication, penetration testing, and regular audits to prevent future breaches.
MANUFACTURERS RANK AS RANSOMWARE'S BIGGEST TARGET BY KRISTINA BEEK
The manufacturing industry has become the top target for ransomware attacks due to its rapid digital growth and lagging technological advancements. A recent study found that manufacturing accounts for 21% of ransomware incidents, with 80% of examined companies harboring critical vulnerabilities, many of which are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities put global supply chains at risk, leading to potential widespread disruptions. To combat these threats, experts emphasize the importance of patch management, securing credentials, and fortifying web applications, advocating that robust cybersecurity measures can enable growth without compromising safety.
NORTH KOREA'S 'STONEFLY' APT SWARMS US PRIVATE CO'S. FOR PROFIT BY TARA SEALS
The North Korean advanced persistent threat (APT) group, known as Stonefly (also called APT45 or Onyx Sleet), has shifted its focus to targeting U.S. private companies for financial gain, even after facing a U.S. Department of Justice indictment and a $10 million bounty. In August, the group attempted attacks on three U.S. organizations, deploying malware but failing to execute ransomware. Historically focused on espionage and high-value targets, Stonefly now aims to raise funds for the North Korean regime. Researchers warn that more victims likely exist and advise businesses to familiarize themselves with Stonefly’s tools and indicators of compromise.
MULTINATIONAL POLICE EFFORT HITS SECTIONS OF LOCKBIT RANSOMWARE OPERATION BY AJ VICENS
An international law enforcement effort targeted LockBit ransomware, leading to four arrests, server seizures, and sanctions. Authorities arrested a LockBit developer in France, two U.K. affiliates, and a hosting service administrator in Spain. The U.K. sanctioned 16 people linked to Evil Corp, including a key LockBit affiliate, Aleksandr Ryzhenkov. Meanwhile, the U.S. unsealed an indictment against Ryzhenkov and sanctioned additional Evil Corp members. The operation, dubbed "Operation Cronos," is part of a broader campaign to disrupt LockBit's infrastructure, which has extorted over $100 million since 2019. Despite disruptions, LockBit continues to operate with new infrastructure.
MICROSOFT AND DOJ DISRUPT RUSSIAN FSB HACKERS' ATTACK INFRASTRUCTURE BY SERGIU GATLAN
Microsoft and the U.S. Department of Justice seized over 100 domains used by the Russian ColdRiver hacking group in spear-phishing attacks targeting U.S. government employees and nonprofit organizations. Linked to Russia's FSB, ColdRiver has targeted U.S. intelligence, defense, and energy sectors since at least 2017 and has aimed to steal sensitive information from civil society organizations and U.S. government agencies. Microsoft and the DOJ dismantled the attack infrastructure, and the U.S. State Department is offering rewards for identifying ColdRiver members. ColdRiver's attacks escalated after Russia's invasion of Ukraine, targeting NATO and U.S. defense industries.
