Commit 11_13_2023: Trouble in the land down under

CHUTTERSNAP / Unsplash

Welcome to Commit 11_13_2023! README senior editor Nathaniel Mott here after the long weekend with some of the hottest cybersecurity news.

The Register: Ransomware takes Australian ports offline

We have another euphemism for “devastating ransomware attack”: The Register today reported that an attack on DP World that forced the closure of four Australian ports last week has been dubbed a “nationally significant cyber incident” by the country’s National Cyber Security Coordinator. (It hasn’t been confirmed to be a ransomware attack, but at this point, I think that assertion is reasonable.)

DP World “handles 40 percent of the containers coming into Australia's ports – so while the incident has not stopped all goods moving in and out of the country, the impact is significant,” The Register reported. The ports were closed on Nov. 10 and remain closed at time of writing. The whole thing smacks of the NotPetya attack, but on a much smaller scale, and without nearly as much attention from Western media.

Reuters: The aftermath of a big banking hack

The Industrial and Commercial Bank of China (ICBC) branch in the U.S. was hacked last week, too, and Reuters today reported that the attack had such a broad impact that “even the corporate email stopped working and forced employees to switch to Google mail.” LockBit—which also features in the next item—has claimed responsibility for the ransomware attack on the world’s biggest bank.

“While market participants and officials have said the impact of the ICBC hack on Treasury market functioning was limited, the full extent of it is not yet understood,” Reuters said. “There is some debate, for example, about whether it had affected a major auction of Treasury bonds on Thursday.” No doubt assessing the attack’s impact will be a matter of weeks or months rather than days.

BleepingComputer: LockBit starts leaking Boeing data

Speaking of LockBit: The ransomware crew has started leaking data it pilfered from Boeing in October. BleepingComputer reported that “Boeing disappeared from LockBit’s list of victims for a period but was listed again on November 7, when the hackers announced that their warnings had been ignored.” Now the group has published nearly 50GB of data, which BleepingComputer said is mostly system backups.

The publication of this data seems to confirm that Boeing refused to play ball with LockBit. Naturally the hack-and-leak attack moved on from the “hack” to the “leak” from there. Just another day in cybercrime.

Risky Biz News: Malaysia takes down phishing-as-a-service provider

A leading phishing-as-a-service provider, BulletProftLink, was disrupted by Malaysian police following the arrest of eight individuals believed to be connected to the organization. Risky Biz News reported that law enforcement “took down the service after receiving a tip from the FBI and the Australian Police Force in October”—and noted that the identity of the group’s leader was known long before that.

“While Malay officials did not release any of the names of the detained suspects,” Risky Biz News said, “the site's administrator had been doxxed for more than three years.” That’s a pretty long time to continue to get away with running a global criminal enterprise after your identity has been publicly revealed, but then, I don’t know the ins-and-outs of how the Royal Malaysia Police operate.

WSJ: Google sues to take down ads using Bard as a lure 

The Wall Street Journal today reported that Google has filed a lawsuit against “unnamed individuals in India and Vietnam” for “tricking small-business owners into clicking on Facebook ads that offer to download Google’s Bard artificial-intelligence chatbot,” which is freely available and can’t be downloaded. Instead the people who click on these ads end up installing some infostealer malware on their systems.

It’s that “Field of Dreams” quote all over again: “If you build it, they will come.” Only in this case “it” is “literally any remotely popular service” and “they” are “scammers” instead of… whatever they were talking about in that movie. (Baseball?) Expect to see more AI-themed scams and malicious advertisements as more and more companies devote themselves to chatbots based on large language models.