Positive Security News - Edition 16
Hello all, another week another roundup! Welcome back to the Positive Security News where it's not all doom and gloom in the cyber security industry!
1. US State Department offering $10 million reward for information about Conti members
Another week, another Conti revelation so it would seem. As some of our astute viewers may have noticed, we've spoked about Conti on numerous occasions and their, how do we put it, ... "dynamic" in the cyber world, and today will be no different! Having dedicated a whole news round up to them with a brief mention in another, we thought it be only appropriate to keep the tradition going.
In addition to this reward which is for any information that leads to the identification or location of people connected to the notorious Conti ransomware gang, an additional $5 million reward is also being offered for any information that leads to the arrest or conviction of a Conti member.
The group has been behind hundreds of ransomware attacks over the last two years. Specifically, as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti Ransomware variant the costliest strain of ransomware ever documented.
Source: The Record
2. NIST releases updated guidance for defending against supply-chain attacks
Titled the “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations”, the guidance from the National Institute of Standards and Technology details the risks at all levels of the organisations, it provides information about major security controls and practices that organisations should adopt to identify, assess, and respond to supply-chain threats.
The document includes warnings such as the need for diligence towards devices that may have been designed in one country with its components manufactured across multiple countries worldwide, resulting in a dramatic enlargement of the surface of attacks for organisations.
3. Texas man gets 5 years for stealing 38,000 PayPal account credentials
Admittedly we would have liked to see a little more than 5 years but we don't look a gift horse in the mouth over here at Practical Infosec!
Marcos Ponce, 37, of Austin, was also ordered to pay $1.4 million in restitution, according to a Justice Department press release. Court documents in the case show that from at least November 2015 until November 2018, Ponce and his co-conspirators established buyer accounts on an illegal online marketplace which sold stolen payment account credentials along with complementary personal identification information.
Prosecutors contend that Ponce and his co-conspirators developed social engineering techniques so they could dupe third parties into accepting money transfers from the compromised PayPal accounts, before transferring the money into accounts they controlled.
And so that does it for this week's Positive Security News, be sure to stick around for next week's edition! Until then!