#AxisOfEasy 247: Cybergang Threatens To Topple Costa Rica’s Government With A Ransomware Attack


Weekly Axis Of Easy #247


Last Week’s Quote was  “Correction does much, but encouragement does more,” was by  Johann Wolfgang von Goethe.  Our winner is E Blakely.  Well done E!  

This Week’s Quote:   “Some people see things that are and ask, Why? Some people dream of things that never were and ask, Why not? Some people have to go to work and don’t have time for all that.” …by???

THE RULES:  No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.

 


This is your easyDNS #AxisOfEasy Briefing for the week of May 23rd, 2022, wherein our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy. 
 
In this issue:
  • Democratic senators call on the FTC to investigate ID.me over selfie data 
  • Cybergang threatens to topple Costa Rica’s government with a ransomware attack 
  • Hackers from North Korea pretend to be IT employees in the US 
  • Hong Kong considers banning Telegram 
  • A data breach exposed the personal information of nearly two million Texans

Elsewhere online

  • Chaos Ransomware Variant Sides with Russia 
  • Data breach affects 3.6 million customers of pharmaceutical giant 
  • A shadow server exposed over 380,000 Kubernetes API servers to the internet
  • Google announced that its Russian bank account had been frozen 
  • Hackers use cold callers to intimidate ransomware victims into paying up

 

Democratic senators call on the FTC to investigate ID.me over selfie data

Some Democrats in the U.S. Senate asked the Federal Trade Commission (FTC) to investigate ID.me for making “deceptive statements” about facial recognition data. Senators argue that Blake Hall, CEO of ID.me, has provided conflicting information about how his company uses facial scan data received from the federal government and states that use ID proofing technology to screen unemployment insurance applicants.

Legislators assert that ID.me issued statements and blog posts, claiming it didn’t use one-to-many facial recognition. But after a public backlash, the company acknowledged the allegations were true.

Within days, the company edited the numerous blog posts and white papers on its website that previously stated the company did not use one-to-many to reflect the truth,” the letter alleges. 

According to media reports, the company’s decision to correct its prior misleading statements came after mounting internal pressure from its employees.”

In response to senators’ concerns, ID.me boasted about its successes in preventing fraud. Additionally, the company expressed its desire to work with all relevant government agencies.

“Five state workforce agencies have publicly credited ID.me with helping to prevent $238 billion in fraud,” the statement says. 

“Conditions were so bad during the pandemic that the deputy assistant director of the FBI called the fraud ‘an economic attack on the United States.’ ID.me played a critical role in stopping that attack in more than 20 states. The service was rapidly adopted for its equally important ability to increase equity and verify individuals left behind by traditional options. We look forward to cooperating with all relevant government bodies to clear any misunderstandings.”

Read:
https://krebsonsecurity.com/2022/05/senators-urge-ftc-to-probe-id-me-over-selfie-data/ 



Cybergang threatens to topple Costa Rica’s government with a ransomware attack

Last week, Costa Rica declared a state of emergency after a Conti Group ransomware attack infected government computer networks. The ransomware gang has reportedly said its objective is to overthrow the government.
According to the newly elected President Rodrigo Chaves, the Russian-speaking threat actors had increased the ransom payment to $20 million. “We’re at war, and that is not an exaggeration,” Chaves told reporters, adding officials believe they’re dealing with a national terrorist group with collaborators inside Costa Rica.

The ransomware attack infected 27 government institutions, including the Finance Ministry and other federal agencies, state-run utilities, and municipalities. The cyber gang has threatened to overthrow the government if the ransom is not paid promptly.

Read: https://www.zerohedge.com/technology/ransomware-gang-threatens-overthrow-costa-ricas-government-attack-deepens


Hackers from North Korea pretend to be IT employees in the US

US government officials warned organizations to be wary of hackers posing as independent contractors and claiming to be non-DPRK nationals. In an advisory issued by the US State and Treasury Departments and the Federal Bureau of Investigation (FBI), highly skilled mobile app and software developers from North Korea pose as independent contractors to secure employment.

North Korea allegedly engages in this scam to circumvent sanctions and launch a cyberattack on its enemies. The North Korean government reportedly runs the fraud to exploit the demand for remote work. North Korean hackers generate revenue for the North Korean government by getting employed, allowing them to fund their activities and support their president Kim Jong Un.

US officials believe North Korean IT workers appear to be engaged in routine IT work but are providing money laundering and virtual currency services to cybercriminals in the country. According to the advisory, it is possible to identify hackers posing as IT workers by checking their technical configurations and activities.

Read: https://www.hackread.com/us-warns-firms-north-korean-hackers-posing-it-workers/ 


Hong Kong considers banning Telegram

The Privacy Commissioner is considering blocking access to Telegram, a platform found to be rampant with doxxing, the Sing Tao Daily reported. According to the newspaper, the widespread doxxing was aimed at government officials and citizens.

This would likely stoke fears that national security legislation enacted in 2020 would further erode civil liberties as part of Beijing’s continued effort to impose its influence over the city. It is not a coincidence that the report appears days after a new leader –who is a vocal proponent of the China-imposed national security law– was appointed.

Despite the recent overhaul of Hong Kong’s political institutions, the authorities have so far avoided curbing the internet a la China. It’s unclear how the privacy watchdog intends to carry out such an action.

Read: https://www.dimsumdaily.hk/govt-considers-banning-telegram-app-in-hong-kong-sources/ 


A data breach exposed the personal information of nearly two million Texans

An issue at the Texas Department of Insurance (TDI) caused nearly two million Texans’ personal information to be exposed for almost three years.

According to a TDI audit report, from March 2019 to January 2022, information on 1.8 million workers who filed compensation claims was publicly available online. Data included Social Security numbers, dates of birth, phone numbers, addresses, and information about workers’ injuries.

On March 24, the TDI published a public notice revealing that it first became aware of a security problem with a TDI web application used to manage workers’ compensation information on January 4, 2022. Public access to a protected area of the online application was made possible due to this issue.

TDI, a state agency that oversees and enforces insurance regulations in Texas, immediately took the application offline, fixed the issue, and engaged a forensics firm to investigate the nature and scope of the incident. TDI said in a press release that it did not find any evidence that personal information had been misused. The department offers credit monitoring and identity protection services at no cost to those affected.

However, Neil Jones, director of cybersecurity evangelism, Egnyte, warned that the recent data breach at the TDI is especially concerning because the breached information includes personally identifiable information and protected health information, which are potential treasure troves for cyber-attackers.

Read: https://www.infosecurity-magazine.com/news/personal-information-two-million/


Elsewhere online:

Chaos Ransomware Variant Sides with Russia
Read: https://www.fortinet.com/blog/threat-research/chaos-ransomware-variant-sides-with-russia 

Data breach affects 3.6 million customers of pharmaceutical giant
Read: https://www.infosecurity-magazine.com/news/pharmacy-giant-data-breach/ 

A shadow server exposed over 380,000 Kubernetes API servers to the internet
Read: https://www.securityweek.com/over-380000-kubernetes-api-servers-exposed-internet-shadowserver 

Google announced that its Russian bank account had been frozen
Read: https://www.reuters.com/world/europe/google-says-its-russian-bank-account-has-been-seized-2022-05-18/ 

Hackers use cold callers to intimidate ransomware victims into paying up
Read: https://www.zdnet.com/article/wizard-spider-hacking-group-hires-cold-callers-to-scare-ransomware-victims-into-paying-up/



Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:



 

 

 

 

4 thoughts on “#AxisOfEasy 247: Cybergang Threatens To Topple Costa Rica’s Government With A Ransomware Attack

  1. I think this may be a trick question. If you want to know who gave that EXACT quotation, it was George Carlin, however, it’s obvious that he “borrowed” most of it from Robert F Kennedy who likely borrowed it from George Bernard Shaw. The latter stated, “You see things; and you say “Why?” But I dream things that never were; and I say “Why not?”

  2. BTW Mr J and Ms Barnes; You may have missed one entire week of your life. At the end of the intro it says, “This is your easyDNS #AxisOfEasy Briefing for the week of May 16th, 2022” Ummm, today is May 24. 😉 Come out from under your rocks, the world has not yet come to an end 😉

Leave a Reply

Your email address will not be published. Required fields are marked *