Cyber Intelligence Weekly

Cyber Intelligence Weekly (Feb 27, 2022): Our Take on Three Things You Need to Know

Welcome to our weekly post where I will be sharing some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

You can also Subscribe to receive Cyber Intelligence Weekly in your inbox each week.

Before we get started on this week’s CIW, I’d like to highlight our partnership with Horizon3. Cybersecurity is one of the world's toughest challenges and solving tough problems is no easy task. It takes the full focus and innovation of some of our best and brightest to attack these issues head on every single day, and we certainly can't do it alone. That is why our partnership with the great team and technology at Horizon3.ai was such an easy decision to make. We know and respect their people, we love their tech and we share their values as an organization. We look forward to introducing more of our clients to H3 and its capabilities. Combining H3’s NodeZero with our team has already been an unstoppable combination to drastically reduce enterprise cybersecurity risk.

Away we go!

1. Ukrainian Hacktivists Fight Back Against Russian Aggressors in Cyber Space

As Russia decided to wage war against a sovereign and democratic Ukraine last week, the world watched in horror. Images and videos of fathers and sons staying behind to protect their homeland while their families escaped to the western regions of Europe were both surreal and gut wrenching.

Mixed in amongst the coverage have been a few stories of inspiration and hope. One of those such stories is the mobilization of a “IT Army” as Mykhailo Fedorov (Vice Prime Minister and Minister of Digital Transformation of Ukraine) put it. According to Bloomberg, several Ukrainians with IT background and expertise have been rallying to defend the country as well as perform counter offensive cyber-attacks against the Russians.

According to the Bloomberg story, Yegor Aushev, co-founder of Kyiv-based cybersecurity company Cyber Unit Technologies, is helping to organize the effort. In an effort that appears to be more symbolic than substantive thus far, several Russian websites, including the official website of the Kremlin have been taken down by the so-called IT army. This group also aims to bring information about the conflict to the people of Russia, as they are often victims of state run media and their propaganda. The Ukrainians have appeared to received supporters from all over the world as well to continue to fight the good fight in cyber space.

2. F12 Does Not Equal Hacking, Missouri Governor’s Call for Investigation Proves Worthless

We all remember the story from a few months back where Missouri Governor Mike Parson made headlines for a painfully obvious case of shooting the messenger. In this case, a reporter from the St. Louis Dispatch responsibly disclosed and reported about an error on a website for the state’s Department of Elementary and Secondary Education (DESE), that disclosed social security numbers for hundreds of thousands of teachers.

Image Source: Governor Parson’s Facebook Page

The governor tasked the Missouri Highway Patrol to use government resources to do a thorough investigation of the matter by looking into the actions of the journalist and a college university professor that assisted him.

A recent story by Brian Krebs highlights a report from the Missouri Highway Patrol that confirms that no wrong-doing was performed by the individuals who reported the website error. In fact, DESE had a draft ready for a press release that would thank the media members who found the issue, before the Governor’s office railroaded their plans. In addition, an FBI St. Louis agent had advised the state that it was not an actual network intrusion and that the state database was misconfigured.

It is a shame that taxpayer money had to be spent to support such an obvious case where there was no wrongdoing.

3. South Korean Researchers Crack Code for Hive Ransomware

In another little spell of good news, it is being reported that a group of South Korean researchers have uncovered a method to recover files that have been encrypted by the Hive ransomware strain.

Normally, the encryption methods for ransomware attacks are strong and one-way, meaning that they your data can’t be recovered unless you have the specific decryption keys and tools from the ransomware author.

In this case, the researchers were able to sufficiently guess a piece of the keystream which made allowed them to recover a large portion of the master key material for this particular ransomware. Another rare win for the good guys, as the Hive ransomware was an up-and-coming aggressor that has hit hundreds of companies over the course of the last few months.

Thanks for reading! Learn more about Echelon here: https://echeloncyber.com/about

Sign Up for Weekly Cyber Intelligence Delivered to Your Inbox

Sign up to get Cyber Intelligence Weekly in your inbox.
Latest Intelligence