Ransomware attack sends New Jersey county back to 1977 • The Record

Briefly Somerset County, New Jersey, was hit by a ransomware attack this week that crippled its ability to do business, as well as halting access to essential data.

“Services that rely on access to county databases are temporarily unavailable, such as land records, vital statistics, and probate records. Property can only be searched on paper records dated prior to 1977,” the county said. in the current situation.

The attack, which occurred on Tuesday, disrupted email services for county government departments as well as leaving the county clerk’s office “unable to provide most services that depend on internet access.” Somerset County residents have been asked to contact government offices via Gmail addresses It is set up for various departments, or over the phone.

For the 911 system of Somerset and its prisons and courts, business continued as usual, albeit at a slightly slower rate. The New Jersey primaries, scheduled for June 7, will continue as normal in the county, as “the digital records and voting machines for the upcoming primaries are never connected to the county’s system and will not be affected.”

According to Somerset County Sheriff Colin Maher, the outages are likely to remain in place for at least the rest of the week. “We have a distinguished IT department working around the clock to assess our situation, prevent further damage, and ultimately recover,” Maher said.

The county government has not responded to a request for an update on their condition, but they are probably a bit busy.

The unknown APT attack on Russia may be Chinese

Malwarebytes her Discover An advanced and persistent threat group (APT) is attacking Russia, and in a small development it said the organization is showing signs of being from China.

Beginning in February, the anonymous group launched four separate spear-phishing campaigns against Russian government entities, including the state-controlled RTTV network. The attacks themselves are nothing new: one contained malware days after the Russian invasion of Ukraine designed to look like an interactive map of Ukraine, and the second contained a fake patch for Log4jand another one containing a .doc file with a fake job offer in it with some malicious macros embedded.

The fourth campaign involved attackers impersonating Russia’s Rostec and pushing fake software patches. The inclusion of state-owned defense company Rostec in phishing campaigns is of particular interest, as Chinese cyber spies were recently found to be carrying out phishing campaigns. phishing campaign against some subsidiaries of Rostec.

Attributing the attacks to anyone is difficult, Malwarebytes said, in part because “threat actors are known to use indicators from other groups as fake flags.” The infrastructure of the attack is what prompted researchers to learn its Chinese origin, from Wrote Much of the way the attack is organized reflects previously identified Chinese actors.

In their evaluation, Malwarebytes said they had “low confidence,” as we note.

AI can “catch and kill malware” in 0.3 seconds

The Boffins at Cardiff University, Wales recently published a paper in which they claim to have created a AI’s novel It can “successfully prevent up to 92 percent of files on a PC from getting corrupted, taking only 0.3 seconds on average to erase a portion of the malware.”

The team approached AI malware detection from the perspective of detecting not what is written in the malware binary, but what malware typically does when it infects and begins attacking the system.

Traditional antivirus software suffers from the fact that malware makers simply modify and mask their code, making previous antivirus definitions obsolete, said study co-author Pete Burnab.

“We want to know how a piece of malware behaves, so once it starts attacking a system, like opening a port, creating a process, or downloading some data in a specific order, it will leave a fingerprint that we can then use to build a behavioral profile,” Bernab said.

Detecting malware behavior is not new in itself, as endpoint detection and response software works similarly. What the team said its design does differently is adding real-time malware killing to the mix that eliminates the need to send data to administrators for verification, losing precious seconds to stopping an infection.

Don’t expect to see this in your environment anytime soon, though: The 14 percent false-positive rate, the researchers wrote, “remains too high to adopt this approach as is.”

Patch time: Google has patched dozens of security holes in Chrome

Google Chrome version 102 was released this week, and if you’re thinking of delaying this update, don’t do it: it has 32 security fixes for desktop devices.

Among the fixes, Google said a Weakness after use In the indexed database, it is rated very dangerous, which may have motivated the release of this specific patch, as it was reported to Google on May 12. Use-after-free() attacks involve exploiting buggy code to alter or read memory that has been released for use for other purposes, which could result in a program inadvertently executing malicious random code.

According to vulnerability indexing site Vuldb, This particular error It is easy to exploit, can be executed remotely, and requires no authentication.

In addition, 12 of the vulnerabilities in the patch were considered high risk, 13 were rated as medium severity, and six were rated as low. Twelve of the vulnerabilities include use-after-free() errors in Chrome bookmarks, tablet mode, ANGLE, messaging, sharing, and more.

Google said Chrome 102 will be rolled out over the coming days and weeks, and is part of the new Chrome extended stable release channel for Windows and macOS. The Google Describe Extended stable release Like doubling the lifecycle of Chrome release “by supporting critical security fixes to create an extended stable channel, with a new milestone shipped every eight weeks.”

Phishing attack earns $144,000 from Chinese tech company employees

Twenty-four employees of the Chinese internet portal Sohu recently fell victim to a $6000 phishing attack each, which, once again, reinforces the importance of good cybersecurity awareness training.

Both victims received an email from a previously hacked Soho employee account tell them That if they provide the bank account details and some additional personal information, they will get an additional allowance from the company. Instead of getting this allowance, they each saw more than 40,000 yuan drained from their accounts.

Soho said in a statement that the fact that the email came from an internal address is what deceived the victims. It added that the address used to launch the scam was compromised in another successful phishing attack that the company faced earlier. The company said in a statement that the attack did not affect its consumer email services.

SOHO joint news From the phishing attack on Weibo, it faces a lot of ridicule from users. “How could a tech company make such a low-level mistake,” one commenter asked. Getting around the human element in cybersecurity is a well-established problem, and one without an easy solution.

In the 2022 data breach investigation report, Verizon He said Cybersecurity training helps, but it’s hard to say how effective it is. One might hope that it wouldn’t take much training to convince employees not to give out their bank account information in an email, internal or not. ®