A new FBI leak appeared to ring in the new year, but many believe that the “leak” contains false information. Goldeneye ransomware set a gold standard for exploited HR departments, and the squirrels are up to no good.
Goldeneye for Ransomware
Recently, cyber criminals began targeting Human Resources departments with Goldeneye ransomware, a variant of a strain known as Petya. Created by cyber criminal group Janus, this Ransomware-as-a-Service was sold to any interested buyer, after which Janus took part of their profits from the exploit.
The Goldeneye ransomware is sent as an attachment to a fake job application. The email includes a clean PDF cover letter attachment that aims to lull the opener into a false sense of security, and the second attachment is an infected Excel file. Upon opening, a note asks the victim to initiate the encryption process. A golden screen, hence the name, pops up demanding 1.3 BTC ($1167.61 USD) and provides instructions on how to acquire bitcoin and how to contact the admin if they have issues decrypting files or with the payment process.
Cybercriminals are becoming increasingly more creative with their exploits and attacks; they know how to create a false sense of security. Exploits are hidden in ordinary content. Nearly everyone knows the prince-who-lost-his-money scam, so cyber criminals create content that hits closer to home. These attacks are not readily apparent, but sometimes your instincts tell you when an email looks phishy.
As most were welcoming New Year’s Day with celebration and good company, the hacker known as CyberZeist leaked credentials from the US intelligence community. It wasn’t immediately clear if the dump was new or not, and many remain skeptical.
The self-described “political and offensive black-hat” dumped a list of 155 FBI email addresses, SHA1 passwords and their Salts on Pastebin, in a move that CyberZeist said was “totally devoted to the Anonymous Movement.” CyberZeist claimed to have accessed the information through a zero-day exploit in the Plone Content Management System (CMS), which supports the FBI’s site (as well as other notable organizations, including the CIA and Google).
Although some were new, many of the credentials in the New Year’s dump also appeared in CyberZeist’s 2011 leak of FBI email addresses and plaintext passwords, which they obtained through spear-phishing. But unlike other high-profile hacks of government agencies, there was no comment from the FBI (or other official agencies) on the New Year’s leak. Plone CMS, however, did speak up, calling the leak an outright “hoax.” Their statement specifically pointed to the hashes and salts in the leak, which are not consistent with values generated by Plone.
Why would a hacker leak fake information to boost their reputation if they’re anonymous? Because a reputation can make money - CyberZeist is now selling the Plone CMS “zero-day” on the dark web for $9,000.
One more thing: It’s been a nutty week…
The presentation “35 Years of Cyberwar: The Squirrels are Winning” at the Shmoocon security conference revealed that squirrels (and not cyberattacks) were one of the biggest threats to critical infrastructure. CyberSquirrel 1, the project that collects data on “animal-induced infrastructure outages,” has tracked “over 1,700 outages, affecting nearly 5 million people”.