HGF Delivers the weekly breaches in “Whose Been Popped?” Oracle’s macOS 14.4 Java hiccup, the ever-adapting landscape of ransomware warfare, the emerging threat of Loop DoS attacks, and the Biden-Harris administration’s call to action for water sector cybersecurity.

Original URLs:

• https://www.bleepingcomputer.com/news/apple/oracle-warns-that-macos-144-update-breaks-java-on-apple-cpus/
• https://www.guidepointsecurity.com/blog/t-o-x-i-n-b-i-o-ransomware-recruitment-efforts-following-law-enforcement-disruption/
• https://www.helpnetsecurity.com/2024/03/20/raas-recruit-affiliates/
• https://thehackernews.com/2024/03/new-loop-dos-attack-impacts-hundreds-of.html
• https://cispa.de/en/loop-dos
• https://www.epa.gov/newsreleases/biden-harris-administration-engages-states-safeguarding-water-sector-infrastructure
• https://www.cybersecuritydive.com/news/warnings-state-linked-cyber-threats-water/710834/

Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

Logo Design by https://www.zackgraber.com/

macOS 14.4, Java Issues, Oracle Warning, Ransomware Wars, Law Enforcement, Cybersecurity, Loop DoS Attack, Water Sector Cyber Threats, Biden-Harris Administration, Cyberattack Prevention, Mobile Security, Password Managers, Apple Silicon CPUs

Search Phrases:

1. macOS 14.4 Java problems
2. Oracle advice on macOS update
3. Ransomware recruitment post-crackdown
4. Effects of law enforcement on ransomware
5. Understanding Loop DoS attacks
6. Cyber threats to water infrastructure
7. Biden-Harris cyber security efforts
8. Protecting against cyberattacks in the water sector
9. How ransomware groups adapt
10. Cybersecurity measures for water systems
11. Impact of macOS updates on Java
12. Dealing with ransomware wars
13. New cybersecurity threats 2024
14. Administration’s response to cybersecurity in infrastructure
15. Cybersecurity tips for protecting critical infrastructure

Transcript:

mar 21

[00:00:00] offsetkeyz: welcome back to the Daily Decrypt. Today, we’re joined by HotGirlFarmer, as she delivers last week’s breaches in your favorite segment, Who’s Been Popped.

Also, the company Oracle alerts customers that the new Mac OS 14. 4 update will disrupt Java functionality and urges. Customers to postpone this update. Ransomware as a Service groups are upping their recruitment efforts, defying law enforcement disruptions. With cunning resilience.

What are ransomware as a service groups and how are they recruiting? Stick around to find out.

And the White House is really doubling down on water utilities, urging states and governors to collaborate to help protect this critical infrastructure.

And finally, researchers have discovered a new loop denial of service attack that targets [00:01:00] UDP based application level protocols, putting an estimated 300, internet hosts at risk for continuous looping and unneeded stress.

How will this affect everyday users?

Alrighty, so before we get into the breaches with Hot Girl Farmer, I just wanted to warn macOS users to maybe postpone the most recent update to avoid any system disruptions. There are no current workarounds

and Java isn’t liking the new update.

This isn’t like how it used to be in the earlier 2000s where Java ran everything on your computer. It shouldn’t affect you unless you’re developing in Java.

But besides Java issues, Updated users are reporting issues with their printer drivers, lost iCloud files,

and connectivity issues with USB hubs and monitors. So let’s just hold off on the new macOS 14. 4 upgrade for a few more days.

[00:01:53] HGF: [00:02:00] First off, hackers targeted MediaWorks, a company in New Zealand, demanding a ransom in cryptocurrency from victims who just wanted to win a free radio contest. MediaWorks is out here like, sorry, your name, address, and birthday were part of our grand prize giveaway to some hackers.

Hopping on a financial rollercoaster, the International Monetary Fund got their emails hacked. And these weren’t just any emails, they were the kind that you use fancy words in hoping to sound smart. The IMF is like the person who insists on using a $10 word when a $1 word will do, and now everyone knows they’ve been using “Synergy” wrong this whole time.

[00:02:41] HGF: Meanwhile in France, they’ve turned data breaches into an art form, with up to 43 million people affected. It’s a breach so chic, it’s practically wearing a striped shirt and smoking a cigarette. And let’s not forget Alabama, where the state government websites faced a denial of service [00:03:00] attack. Alabama’s like, Our websites are slower than molasses in January, but don’t you worry, your data’s as safe as a church potluck.

Except in this case, the potluck’s been crashed by every hacker in a 10 mile radius. So, what have we learned aside from the fact that the world is a hacker’s oyster? Keep your friends close, your passwords closer, and maybe, try not to store your entire life on a device that could be hacked by a 12 year old with a grudge. In the grand scheme of things, we’re all just trying to make it through this digital world.

[00:03:32] transition: Thanks for watching!

[00:03:38] offsetkeyz: We’ve been hearing a lot coming out of the White House about critical infrastructure, such as power and water. They’ve been providing a lot of guidance recently and encouraging collaboration to avoid cyber attacks. So what do they know that we don’t know? It’s starting to get me a little scared. So just two days ago, the Biden Harris administration

released some more guidance on how to stay safe, but is [00:04:00] also urgently calling governors and state governments to start collaborating. and really hardening the systems of their critical water infrastructure.

When we think about crippling cyber threats, we tend to think about big corporations and ransomware

and things like that, but

those may be where the money is, but those who are out to get

the United States of America, like maybe China and maybe Russia, I’m not sure. We’ll be targeting our critical infrastructure first

Now, if you are working in it in a critical infrastructure like power or water,

our hats are off to you. I know what you’re up against and even. The White House knows what you’re up against, which is why they’re starting to step in. So keep doing the Lord’s work out there and try to get it as secure as possible. Because, hey, we all need water to live.

And I don’t want to be making that Walmart run when my water stops working. That’s going to be crazy.

So part of the major efforts by the Biden Harris administration includes creating a cybersecurity task force between the EPA

and the [00:05:00] NSC,

promoting existing resources to protect against cyberattacks on water systems.

According to the letter from the White House, there have been an increased amount of attacks on water systems

driven by both countries or nation state actors and run of the mill cyber criminals.

So I’m glad to see our federal government stepping in and helping where they can.

But we might be reaching the point where we need to take our own health and wellbeing into our own hands, stock up on water, buy a nice filter, maybe get a rain bucket for outside. Make sure that you and your family are taken care of in the event that the water does go down.

[00:05:40] offsetkeyz: Recently we’ve been seeing a lot of ransomware as a service groups being shut down by the FBI and other three letter organizations, which is great.

But the FBI can only do so much, and what they’ve been doing is trying to capture individuals who are responsible for running these ransomware as a service groups or developers, [00:06:00] but mostly they’re just shutting down dark web websites. with big banners that say claimed by the FBI.

So in most instances, the individuals behind these ransomware as a service groups are just moving and creating new ransomware as a service groups, or joining others, strengthening their staffing.

But let’s back up for a second. What is ransomware as a service? Well, this is the new hot thing in ransomware, where it’s essentially Cloud as a service, or something that you would sign up to use not really knowing how to make it yourself, but you want to use the tools to conduct a ransomware.

So a good example of something you might use as a service is something like Squarespace, where if you don’t know how to do web development, but you want a website, you would then pay for Squarespace’s services and they give you some features, right? Depending on how much you’re willing to pay.

So Squarespace specifically is considered software as a service. Now ransomware as a service does exactly [00:07:00] that. I would like to ransomware somebody. So I go sign up

for an account at one of these places.

Such as Medusa or Cloak, as referenced in the article by HelpNet Security that’s linked in our show notes below.

And depending on the amount you want to pay for this service, you can get perks. Thanks. The amounts are surprisingly low between 800 to 1, 000 a year to access this product and they’re getting lower. They’re being pushed harder onto end users and the perks are getting better too. One of the lowest tiers is once you reach a million dollars in ransom payments, you get access to dumped hashes, you get access to a bunch of tools that make it easier to do the initial compromise.

There have also been a string of

Exit scams across the dark web, which is essentially when a company like Medusa or any ransomware as a service will Receive the ransom that you [00:08:00] went out and earned and then just close down their site keeping all of the money most ransomware as a services Set up the platform to receive the money And then they pay you about 85 percent of the ransom, as agreed upon before using the service. But now these groups are starting to let you collect the ransom, and then allow you to pay that 15 percent usage fee. helping to encourage people to use their services and not be so afraid of exit scams or other scams on the dark web. But what’s so crazy about this is that they’re literally just posting ads on the dark web.

They’re in forums and they are offering these perks

and security researchers are able to see them in real time and see who’s interacting with them. And the beauty of the dark web is that. If you’re doing it correctly, it can be completely anonymous. Now I don’t encourage you to get on the dark web to see this type of activity, but it is available to you.

And if you’d like more information about the dark web, I released a talk about a week ago, maybe two weeks ago at this point, outlining at a high level how the dark web [00:09:00] works.

[00:09:12] offsetkeyz: And finally, researchers have developed or discovered a new denial of service or DOS attack. that relies on UDP based application level protocols. And if you’re not familiar, there are two main protocols on the transport layer that you interact with on a daily basis. UDP and TCP. UDP is the faster of the two, and it doesn’t require any sort of verification that the data has been received.

And this is often used when gaming online with your friends or talking, or even streaming like YouTube videos. Those rely heavily on UDP because you need to get the data as quickly as possible when streaming videos. And it doesn’t really matter if every single frame is accounted for, you can occasionally drop frames, which might result in a little skip, but [00:10:00] overall, most of them are going to get through kind of like a shotgun spray.

Whereas TCP is more for like text based communications or things where data needs to be verified on both ends, and it’s a little slower due to the verification. So, UDP inherently doesn’t verify, which is important to understand this type of attack,

because this loop denial of service exploits UDP’s lack of source IP validation to create endless communication loops between servers, eventually overwhelming them.

Additionally, protocols like DNS, NTP, and TFTP are among those vulnerable to these attacks, potentially affecting basic internet functionalities. So this does tie back into the attack on DNS, which is essentially like a lookup of what you’re

trying to navigate to. So, when you navigate to facebook.com it reaches out to a DNS server and says, Hey, what the heck is facebook. com? And it replies with an address. Without those [00:11:00] DNS servers, we actually can’t move about the internet like we do on the day to day.

So this attack is easily triggered by a single spoofed message and can stress entire networks with 300, 000 hosts already at risk. There’s no evidence of this loop denial of service being used in the wild, but its exploitation is considered trivial, affecting major vendors like Cisco and Microsoft. Now, these are likely a little further down the pipeline than you’re familiar with as a regular user or even as a cybersecurity analyst.

but you might notice slower internet speeds, stuff like that, if this happens, with the potential for it to completely shut down your internet connection.

And on that note, not much is to be done on the user level. Just letting you know what’s possible and what the attackers are doing. Hitting you from all kinds of angles.

All right, and that is all we’ve got for you today. A little bit longer of an episode because we missed yesterday due to technical [00:12:00] issues,

but we’re back and better than ever, and we will talk to you some more tomorrow.