Les Bell

Welcome to today's daily briefing on security news relevant to our CISSP (and other) courses. Links within stories may lead to further details in the course notes of some of our courses, and will only be accessible if you are enrolled in the corresponding course - this is a shallow ploy to encourage ongoing study. However, each item ends with a link to the original source.

News Stories

BreachForums Owner Arrested on Hacking Charges

One of the biggest sites for the sale of stolen databases is BreachForum, where hackers offer personal information such as usernames and passwords for sale and subseqent use in fraud. The site is owned and, until a few days ago was operated, by a hacker using the handle 'Pompompurin'.

However, the FBI has identified Pompompurin and last week arrested Conor Brian Fitzpatrick at his home in Peekskill, New York. The agent who led the arrest stated that Fitzpatrick had admitted to using the alias, and he is now scheduled to appear in a Virgina court this week to face charges of conspiracy to commit access device fraud, following his release on a $300,00 bond paid by his parents.

Meanwhile, Breachforums remains operational, having been taken over by another administrator under the handle 'Baphomet'.

Truță. Filip, Police Arrest BreachForums Owner ‘Pompompurin’ on Hacking Charges. Parents Bail Him Out, Bitdefender blog, 21 March 2023. Available online at https://www.bitdefender.com/blog/hotforsecurity/police-arrest-breachforums-owner-pompompurin-on-hacking-charges-parents-bail-him-out/.

Ferrari Hit By Ransomware Attack

Luxury carmaker Ferrari's Italian subsidiary, Ferrari S.p.A., has disclosed a ransomware attack by an unidentified threat actor which has exfiltrated customer contact data. The company received a ransom demand, but its policy is not to pay such a ransom since it only funds further criminal activity.

Instead, Ferrari has contacted the affected customers and hired a global cybersecurity firm to manage incident response and forensic investigation. The company has also informed the relevant authorities and is assisting investigations.

Ferrari owners in Italy should probably brace for upcoming identity theft attempts.

Ferrari N.V., Cyber Incident in Ferrari, news release, 21 March 2023. Available online at https://www.ferrari.com/en-EN/corporate/articles/cyber-incident-in-ferrari.

Summary of 2022 Zero-Day Exploitations

Incident response firm Mandiant has shared some highlights of the firm's analysis of zero-day exploitations during 2022. The company tracked 55 zero-day vulnerabilities which it believes were exploited - slightly down from 2021's record-breaking 81, but still almost triple the level of 2020.

As in previous years, Chinese state-sponsored cyber-espionage groups led the field, making more use of zero-days than other groups. The leading affected vendors are the ones with the broadest product ranges - Microsoft, Google and Apple - and the most affect product types were operating systems (19 exploits), browsers (11), security, network and IT management products (10) and mobile OS's (6).

Four exploitations were financially motivated - three of these linked to ransomware operations.

There's a lesson here for most of us on the defender side of this game: patches need to be deployed faster than ever before, especially on Internet-facing systems which are not on well-defended network segements inside multiple layers of firewalls. While patient zero literally gets no warning, most of us will get a chance to deploy security patches, if we are fast enough.

Sadowski, James and Casey Charrier, Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace, blog post, 20 March 2023. Available online at https://www.mandiant.com/resources/blog/zero-days-exploited-2022.

These news brief blog articles are collected at https://www.lesbell.com.au/blog/index.php?courseid=1. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.

Copyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License and is labeled TLP:CLEAR.