In short Somerset County, New Jersey was hit this week by a ransomware attack that hampered its ability to conduct business and also cut off access to critical data.
“Services that depend on access to county databases are temporarily unavailable, such as land records, vital statistics, and probate records. Title searches are only possible on documents paper dated before 1977,” the county said in a statement.
The attack, which occurred on Tuesday, disrupted email services from county government departments and left the county clerk’s office “unable to provide most services that rely on internet access.” Residents of Somerset County have been asked to contact government offices through Gmail addresses set up for various departments or by telephone.
For Somerset’s 911 system, its jails and courts, business continued as usual, albeit at a somewhat slower pace. New Jersey’s primary elections, which are scheduled for June 7, will also continue as normal in the county, as “the digital records and voting machines for the upcoming primary elections are never connected to the county system and are not affected”.
According to Somerset County Administrator Colleen Mahr, the outages are expected to remain in effect for at least the rest of this week. “We have an exceptional IT department working around the clock to assess our situation, prevent further damage and ultimately recover,” Mahr said.
The county government did not respond to a request for an update on their status, but they are likely a bit busy.
Unknown APT attacking Russia may be Chinese
Malwarebytes discovered an Advanced Persistent Threat (APT) group attacking Russia, and in a small detour, said the organization shows signs of originating in China.
Beginning in February, the unknown group launched four separate spear-phishing campaigns against Russian government entities, including the state-controlled television channel Russia Today. The attacks themselves are nothing new: one launched days after Russia invaded Ukraine contained malware designed to look like an interactive map of Ukraine, a second contained a fake patch for Log4j and another contained a .doc file with a fake job ad with some embedded malicious macros.
The fourth campaign involved attackers impersonating the Russian company Rostec and distributing fake software patches. The inclusion of public defense firm Rostec in the phishing campaigns is particularly interesting, as Chinese cyber spies were recently discovered conducting a phishing campaign against some of Rostec’s subsidiaries.
Malwarebytes said it was difficult to attribute the attacks to anyone, in part because “threat actors have been known to use indicators from other groups as false flags.” The infrastructure of the attack is what told researchers its Chinese origin, who wrote that much of how the attack is structured reflects previously identified Chinese actors.
Of their assessment, Malwarebytes said it had “low confidence”, we note.
AI can “catch and kill malware” in 0.3 seconds
Boffins from the University of Cardiff, Wales, recently published a paper in which they claimed to have designed a new AI that can “successfully prevent up to 92% of files on a computer from becoming corrupted. taking only 0.3 seconds on average for a piece of malware to be eliminated.”
The team approached AI malware detection from the perspective of determining not what is written in the malware binary, but what the malware typically does when it infects and begins to attack. a system.
Traditional antivirus, said study co-author Pete Burnap, suffers from malware makers simply modifying and obfuscating their code, rendering previous antivirus definitions obsolete.
“We want to know how malware behaves, so once it starts attacking a system, like opening a port, creating a process, or downloading certain data in a particular order, it will leave a footprint behind which we can then use to build a behavioral profile,” Burnap said.
Malware behavior detection is not new in itself, as endpoint detection and response software works the same way. What the team said their design does differently is add real-time malware removal to the mix which eliminates the need to send data to administrators for verification, wasting precious seconds to stop an infection. .
However, don’t expect to see this in your environment anytime soon: it has a 14% false positive rate that “still too high to take this approach as is,” the researchers wrote.
Patch time: Google fixes dozens of security flaws in Chrome
Google Chrome version 102 was released this week, and if you were thinking of delaying this update, don’t: it contains 32 security fixes for desktop devices.
Among the patches, Google said a use-after-free vulnerability in the indexed database was considered extremely serious, and may have been the source of this particular patch release, like this was reported to Google on May 12. () involve exploiting buggy code to cause it to modify or read memory that has been freed for use for other purposes, which may result in the software inadvertently executing malicious arbitrary code .
According to vulnerability cataloging site Vuldb, this particular bug is easy to exploit, can be done remotely, and requires no authentication.
Additionally, 12 of the patch’s vulnerabilities were rated as very severe, 13 were rated as medium severity, and six were rated as low. Twelve of the vulnerabilities involve use-after-free() bugs in Chrome’s bookmarks, tablet mode, ANGLE, messaging, sharing, and more.
Chrome 102 will be rolling out over the next few days and weeks, Google said, and is part of Chrome’s new extended stable release channel for Windows and macOS. Google describes the extended stable release as doubling the release lifecycle of Chrome “by backporting important security fixes to create an extended stable channel, where a new stage ships every eight weeks.”
Phishing attack nets Chinese tech company employees $144,000
Twenty-four employees of the Chinese internet portal Sohu were recently victims of a phishing attack worth $6,000 each, reinforcing, once again, the importance of good cybersecurity awareness training.
The victims each received an email from a previously compromised Sohu employee account telling them that if they provided additional bank details and personal information, they would receive an additional allowance from the company. Instead of receiving said allowance, they each saw over 40,000 Yuan drained from their accounts.
The fact that the email came from an internal address is what tricked the victims, Sohu said in a statement. The address used to launch the scam was compromised in another successful phishing attack the company faced earlier, he said. The company said in a statement that the attack did not affect its consumer messaging services.
Sohu shared news of the phishing attack on Weibo, facing a lot of snark from users. “How can a tech company make such a minor mistake,” one commenter asked. Bypassing the human element in cybersecurity is a well-established problem with no easy solution.
In its 2022 Data Breach Investigation Report, Verizon said cybersecurity training is helpful, but it’s hard to quantify its effectiveness. Hopefully, it wouldn’t take a lot of training to convince employees not to give out their bank details in an email, internal or otherwise. ®