May CyberCapsule

Orange County, Calif. (June 8, 2023) – Welcome to the inaugural edition of the Lewis Brisbois CyberCapsule. Each month, the CyberCapsule will highlight newsworthy events that occurred during the preceding month. This edition: (i) discusses efforts by the FTC and NIST to assist with cybersecurity risks; (ii) identifies successful cybercriminal website shutdowns; and (iii) some new threat actor groups to be aware of.

Consider This

Not A List You Want To Be On. The FTC maintains a list of communications equipment and services that the U.S. government determined pose an unacceptable national security risk.

The Path of Kahn. On May 11, 2023, FTC Chair Lina M. Khan announced proposed amendments the Health Breach Notification Rule. The proposed amendments seek to, among other things: (i) clarify the entities covered by the Rule; (ii) facilitate greater electronic breach notices to consumers; and (iii) expand the required content of the notices.

A Small Business Cybersecurity Community of Interest will gather companies that can share business insights, expertise, challenges, and perspectives to help NIST better meet the cybersecurity needs of small businesses.

Is Your AI OK? NIST Wants to Help You Answer this Question. NIST released the first version of its Artificial Intelligence Risk Management Framework. The framework identifies certain factors for mitigating risk and evaluating the trustworthiness of AI: (i) validity and reliability;(ii) safety; (iii) security and resilience; (iv) accountability and transparency; (v) explainability and interpretability; (vi) privacy; and (vii) fairness with harmful bias managed.

Please Get Rid of What’s Bugging Me. On May 23, 2023, Google announced the launch of its Mobile VRP bug bounty program to identify vulnerabilities in its mobile applications. The new program is specifically designed for first-party Android applications. The bounties range from $500 through $30,000, depending on the type of vulnerability.

Wish The Barracuda Was Caught Earlier. On May 31, 2023, Barracuda reported that the zero-day vulnerability it discovered on May 18, which can be exploited to deploy malware and steals data, has been exploited since October 2022.

As The World Turns

Not On My Watch. On May 1, 2023, the Detroit Field Office of the FBI, with assistance from Ukrainian law enforcement, announced the seizure and shutdown of nine domains that offered anonymous cryptocurrency exchange services. Cyber criminals use these virtual currency exchanges to launder funds obtained from criminal activity.

Try2Check But Can No Longer. On May 4, 2023, the US Government announced it shutdown Try2Check, a website that cybercriminals use to test the useability of stolen credit cards. The site processed a minimum of tens of millions of cards each year since 2005.

Try2Catch Try2Check Guy. On May 4, 2023, the US Government also announced a $10 million reward for the capture of, Denis Kulhov’s, the 43-year-old Russian who operated Try2Check for the last 18 years.

BEC In A Box. On May 19, 2023, Cyber Signals issued a report that between April 2022 and April 2023, Microsoft detected 35 million BEC attempts. One possible reason for the staggering number is the use of platforms that create industrial-scale malicious mail campaigns, which include templates, hosting, and automated services for BEC criminals. The criminals’ use of residential IP addresses also helps them avoid detection.

I Spy With My Little i. On May 23, 2023, ESET researchers discovered that the screen recorder iRecorder, available at the Play Store, contains AhRat – a new Android RAT based on AhMyth – that exfiltrates files and records audio. The initial version, launched on September 19, 2021, did not contain any malicious code. It is believed that the malicious code was added to version1.3.8, which was available in August 2022. Google has since removed the app.

New Kids On The Block

Not That Michael Kors, The Other One. CrowdStrike detected a new Ransomware as a Service (RaaS) group, MichaelKors, which targets ESXi systems through hypervisor jackspotting, a technique that involves targeting VMware ESXi hypervisors with ransomware.

This Is a Prickly One. Kroll detected a new ransomware variant dubbed Cactus. It is believed that Cactus exploits known vulnerabilities in Fortinet VPN appliances. Cactus encrypts itself, making it harder to for antivirus and monitoring tools to detect.

Bespoke Buhti. Buhti is a new ransomware operation that targets Windows and Linux Systems. To do so, it relies on portions of the LockBit and Babuk playbooks but uses a bespoke exfiltration tool configured to specify both the directory to search for files of interest in and the name of the output archive.

For more information, visit our Data Privacy & Cybersecurity Practice page to find an experienced attorney in your area. Read more about data privacy and cybersecurity on our blog, Digital Insights.

Click on our map of the United States, then choose “Data Breach Notification Statutes” or “Information Security Standards,” and then click on the specific state for which you would like information.

Author:

Kamran Salour, Partner & and Co-Chair of the Data Privacy & Cybersecurity Practice