Cyber_Bytes - Issue 52

Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.

Royal Mail Ransomware Negotiation Analysis

Cyber security consultants, STORM Guidance have produced a detailed report analysing the negotiation transcript released by LockBit in the wake of its ransomware attack on Royal Mail International (Royal Mail). The attack caused a notable outage and delays across the UK. The key findings from the transcript revolve around the lack of formal negotiation techniques used by those negotiating on behalf of Royal Mail as well as the emotiveness of the negotiators.

LockBit's release of the Royal Mail ransom transcript is likely a retaliatory attempt to cause Royal Mail as much damage as possible. This is following what STORM Guidance refer to as the potentially "antagonising" approach taken in the negotiation. Reducing the risk of antagonising can be achieved through short, polite, and specific posts with careful wording and attention to posting cadence.

STORM have issued a warning to companies engaging negotiators when faced with a ransomware attack as many providers of ransomware negotiation services are not formally trained. This could pose a risk. An untrained ransom negotiator might potentially make mistakes that result in unnecessary loss such as the early release of breached data or the victim being exposed to further attacks by an antagonised threat actor.

Click here to read STORM's article. You can then download the full report by following the simple instructions on STORM's website.

Ransomware Driving SOC Modernization Requirements

A new global research study has explored the direct impact of ransomware threats on the investment decisions of organisations regarding their Security Operations Centres (SOCs). The report follows a global survey of 1,203 security professionals from eight countries across a dozen industries.

More than 58% of respondents said that their SOC spends a large proportion of its time responding to ransomware and supply chain attacks. With a rise in ransomware threats increasing the need for automation across the sector, many respondents are now focusing their efforts on leveraging industry-leading detection, prevention, visibility, and automation technologies. The report proposes that modernisation in the realm of SOCs will be focused across specific areas such as deploying new detection capabilities with better efficacy and looking for ways to augment staffing by contracting for managed services.

Managed Detection and Response (MDR) services have been earmarked as a key tool for the future, helping to remove the burden and arduous process of alert triaging and prioritization which in turn gives time back to security teams to conduct remediation and focus on other priorities.

Click here to read the full Cybereason report.

Windows zero-day vulnerability exploited in ransomware attacks

Tech giant Microsoft has issued a software update remedying a zero-day vulnerability in the Windows Common Log File System (CLFS). The vulnerability was being actively exploited by cybercriminals to escalate privileges and deploy ransomware payloads.

Security researchers warned that the Nokoyawa ransomware gang has used other exploits targeting the CLFS driver since June 2022, with similar yet distinct characteristics, linking them all to a single exploit developer. Industries targeted by the threat actors include retail and wholesale, energy, manufacturing, healthcare, and software development. The use of zero-day attacks by cybercrime groups illustrates their growing sophistication. Organisations should remain alert and ensure that their systems are running the most up-to-date software versions.

Click here to read the full Bleeping Computer post.

Study shows how fast AI can crack passwords

Security experts have issued warnings over the security risks being posed by new generative AI services. Password Generative Adversarial Network (PassGAN) uses machine learning algorithms instead of having to run manual password analysis on leaked password databases. These PassGANs generate password guesses after autonomously learning the distribution of passwords by processing previous real-world security breaches.

In a recent study published by Home Security Heroes, PassGAN processed a list of over 150,000 credentials and was able to crack 51% of all common passwords in less than one minute, 65% in less than an hour, 71% in less than a day, and 81% in less than a month. With growing concerns amongst industry experts, Microsoft announced its new Security Co-pilot suite that will help security researchers protect against malicious use of modern technology.

The following key tips on password security remain more relevant than ever:

• Use at least 12 (and ideally 18+) characters or more, with upper and lowercase letters as well as numbers and symbols. All passwords with 18 characters that include both letters and numbers were found to be safe from AI cracking for now.
• Use non-SMS based two-factor authentication / multi-factor authentication.
• Use auto-generated passwords where possible.
• Refrain from re-using passwords across accounts.
• Refrain from using public Wi-Fi, especially for banking and similar accounts.

Finally, do not enter any of your real passwords if using an AI tool to test the strength of your own passwords. This follows wider concerns around inputted "prompts" remaining visible to server hosts.

Click here to read the full 9to5Mac article.