Echoes of Conti, cloud computing castles and an energy sector threat

Markus Meier/fsfe.org

Welcome to Changelog for 9/11/22, published by Synack. It’s me, Blake, back after a break to share some exciting news: Cybersecurity journalist Nathaniel Mott is joining README as senior editor! You may already be familiar with him from his past work as a regular README contributor. His timely stories have included a dispatch on open-source software hazards — published weeks before news of the Log4j vulnerability broke — and a deep dive into new variants of “wiper” malware wielded against Ukraine. Nate’s first day is tomorrow, when you can send him a welcome note at nmott@synack.com!

 

The payload

“There is no cloud, just other people’s computers.”

The old joke may oversimplify concepts like SaaS and multi-access edge computing, and it feels unfair to a multibillion-dollar industry that now drives much of the global economy. But the saying holds a kernel of truth: The digital cloud doesn’t exist in the ether. Cloud computing resources are pooled in data centers scattered across the globe, which are closely guarded lest they yield the keys to our online lives.

Cloud anthropologist Steven Gonzalez Monserrate has spent years exploring where people and cloud technology intersect at these data centers. In his inaugural contribution to README, Steven walks us through the elaborate security measures he’s witnessed while conducting fieldwork for his research at Brandeis University and the Massachusetts Institute of Technology.

“To withstand the forces besieging our digital economy, data centers are structured more like fortresses than libraries,” he writes.

Steven’s research offers a rare window into an opaque world. His experiences speak to the anxieties of our digital age, where so much can hinge on row after row of quietly humming computer equipment buried deep underground.

The week, compiled

The Conti cybercriminal gang is behind some of the most disruptive and devious ransomware attacks in history, and the U.S. State Department is offering a cool $10 million to anyone who can help track down its members.

Conti’s attack on Ireland’s national healthcare provider in May 2021 stands out for its cruelty, ensnaring networks spanning 54 Irish hospitals run by the Health Services Executive.

“Healthcare services across the country were severely disrupted with real and immediate consequences for the thousands of people who require health services every day,” investigators wrote in a sweeping post-incident report.

 1_pSWc6Xc12uS0tfPSo-2pgw
Parked ambulances are pictured in Ireland. Greg Clarke/Flickr

The Conti group shook up its operations earlier this year after an anonymous leaker posted chat logs and other sensitive internal data from the gang’s activities. But researchers at Google are now tying former Conti members to recent financially motivated cyberattacks on Ukraine, according to a blog post last week. And the brief emergence of a “MONTI” ransomware strain over the summer could be a rebrand of Conti activity, as Nate Mott reported for PC Mag. (Yes, Nate has written for a range of publications before joining README.)

They’re yet more signs that the prolific, Russia-aligned cybercriminal group may not be down for the count just yet.

Here’s what else happened last week:

TechCrunch: Suspected North Korean state-sponsored hackers have exploited the Log4j vulnerability to target U.S. energy providers in recent months as part of a long-term espionage campaign.

SC Media: The Cybersecurity and Infrastructure Security Agency is seeking public comment on plans to roll out new cybersecurity incident reporting requirements. “We can’t defend what we don’t know about and the information we receive will help us fill critical information gaps that will inform the guidance we share with the entire community, ultimately better defending the nation against cyber threats,” CISA Director Jen Easterly said in a statement.

CyberScoop: Patreon laid off several members of its security team last week, raising hackles in the cybersecurity community as experts warned the move could put millions of users at risk. The membership platform for content creators and artists suffered a cybersecurity breach in 2015.

Forbes: Apple’s long-hyped “Lockdown Mode” will launch “any minute now” as part of iOS 16. Casual users beware: The “extreme protection” provided by the feature could make using the iPhone or other Apple devices a bit of a drag.

A message from Synack

Cybersecurity professionals face a raft of challenges when it comes to staffing up to meet ever-evolving digital threats. Hear how the U.S. Department of Health and Human Services navigates cybersecurity hiring hurdles in a webinar featuring Matthew Shallbetter, Director for Security Design and Innovation at HHS, and Synack’s own Scott Ormiston, who speak to tactics and solutions for augmenting public sector security teams and best practices for setting up continuous penetration testing. Learn more and view the webinar on demand here.

Flash memory

Queen Elizabeth II passed away last Thursday at the age of 96, bringing tributes from around the world and triggering an official 10-day period of mourning in the U.K.

In reading up on her legacy, one chapter surprised me: She was among the first heads of state to send an email, all the way back on March 26, 1976. Her username on the proto-internet ARPANET was “HME2” — short for “Her Majesty, Elizabeth II.”

 1_zCuXrGX8eYks340mxbASNg
Queen Elizabeth II in 1970. Queensland State Archives

Her message, crafted by the late Peter Kirstein, even carried “some real hacker cred,” as Wired reported, by making reference to a cutting-edge programming language at the time.

“This message to all ARPANET users announces the availability on ARPANET of the Coral 66 compiler provided by the GEC 4080 computer at the Royal Signals and Radar Establishment, Malvern, England,” it read. “Coral 66 is the standard real-time high level language adopted by the Ministry of Defence.”

Local files

CNN: Albania cut off diplomatic relations with Iran in response to a disruptive hack of Albanian government services in July. Yesterday the southeastern European nation blamed Iran for a separate hack Friday of its Total Information Management System (TIMS), perhaps demonstrating Iran was unfazed by last week’s diplomatic action.

CNN: Federal officials warned of an uptick in cyberthreats menacing the U.S. education sector as kids go back to school, with the Vice Society ransomware gang being especially noxious. The FBI, CISA and the Multi-State Information Sharing and Analysis Center alert came on the heels of a ransomware attack on the Los Angeles Unified School District.

Off-script

It’s a somber day as the U.S. commemorates the 21st anniversary of 9/11. I was in middle school when the terrorist attacks occurred, and it took years for me to appreciate just how much that day would alter the course of history.

The 9/11 Memorial and Museum has shared many valuable educational resources as we reflect on the traumatic events of that day and its repercussions. I’d also recommend taking some time out to read this Pulitzer Prize-winning feature in The Atlantic. It helped me have a deeper understanding of what so many people lost all those years ago and the roots of conspiratorial thinking.

 1_RtXc8Izi20plDycozMtHJA
@ WashSpirit/via Twitter

That’s all for this week—be sure to send tips or feedback to bsobczak@synack.com, and don’t forget to follow Nate Mott on Twitter!