SS-NEWS-090: Infragard hacked!

This was a pretty boring news week.  ChatGPT took up all the air, so we tried it out to see if it could podcast better than us!  Spoiler alert - Not yet.  The ChatGPT summaries (included below as an fyi) were ALL wrong in some way, and we discuss how in the podcast.

Article 1 - AWS strains to make Simple Storage Service not so simple to screw up
ChatGPT Summary - Amazon Web Services (AWS) has announced a new feature for its Simple Storage Service (S3) called S3 Replication Time Control (S3 RTC), which allows users to specify the exact time that objects should be replicated between S3 storage classes and AWS regions. S3 RTC is designed to help users reduce costs and improve the efficiency of their data replication processes by allowing them to specify when replication should occur and how often it should be repeated. The feature also includes options for scheduling replication during specific time windows and for specifying different replication times for different object groups. AWS believes that S3 RTC will be particularly useful for users who need to replicate data between regions for disaster recovery or compliance purposes, as it allows them to specify exact replication times to meet their specific business needs.

Article 2 - Royal Ransomware Puts Novel Spin on Encryption Tactics
ChatGPT Summary - The article discusses a new variant of ransomware called "Royal Ransomware," which uses novel encryption tactics to evade detection and make recovery more difficult. The ransomware is delivered through a phishing email that contains a malicious link or attachment, which, when clicked, installs the malware on the victim's system. Once installed, the ransomware encrypts the victim's files and demands a ransom in exchange for the decryption key. What sets Royal Ransomware apart from other ransomware is its use of advanced techniques to avoid detection by security software and to make it more difficult for victims to recover their data. These techniques include using multiple layers of encryption, deleting shadow copies of the victim's files, and installing a rootkit to maintain persistence on the victim's system. The article advises organizations to implement strong cybersecurity measures, such as email filtering and employee training, to protect against ransomware attacks.

Article 3 - InfraGard, FBI Program for Critical Infrastructure Cybersecurity, Breached by Hackers
ChatGPT Summary - The Federal Bureau of Investigation (FBI) has issued a warning about a recent cyber attack on the InfraGard program, which is a partnership between the FBI and private sector organizations to share information about critical infrastructure and cybersecurity threats. The attack reportedly involved the use of a phishing email that was sent to InfraGard members, which contained a link that, when clicked, installed malware on the recipient's computer. The malware gave the attackers access to the victim's system and allowed them to steal login credentials and other sensitive information. The FBI is advising InfraGard members and other organizations to be cautious when opening emails and to use strong passwords and two-factor authentication to protect against these types of attacks.
Supporting Article:
FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Article 4 - New Ransom Payment Schemes Target Executives, Telemedicine
ChatGPT Summary - The article discusses a new type of ransom payment scheme that has emerged in recent months, targeting executives and telemedicine organizations. In these attacks, the attackers use a variety of tactics to gain access to the victim's email account and impersonate the victim, sending requests for money or sensitive information to colleagues and associates. The attackers may also threaten to release sensitive or embarrassing information if the ransom is not paid. The article advises individuals and organizations to be vigilant in protecting their email accounts and to carefully verify the identity of anyone requesting sensitive information or money. It also recommends using two-factor authentication and other security measures to protect against these types of attacks.

If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!