Riaan Kafushane Owesilisa osolwa ngokuba yinhloko yezinye zezigebengu ezinkulu eziku-inthanethi, iBreachForums, uboshiwe ePeekskill, eNew York.
UConor Brian FitzPatrick, okukholakala ukuthi uzosebenzisa inkundla ngaphansi kwegama elithi pompompurin, kwaba kubikwa ukuthi uboshiwe ngoLwesithathu ntambama futhi ngokusho amaphepha asenkantolo [PDF] UFitzpatrick uvumile ukuthi nguyena ophethe lesi sithangami.
“Ngesikhathi ngibopha ummangalelwa ngoMashi 15, 2023, washo kimina futhi ngokwengxenye ukuthi: a) igama lakhe kwakunguConor Brian FitzPatrick; b) wasebenzisa igama elithi ‘pompourin,’ futhi c) wayengumnikazi futhi umlawuli we-‘BreachForums,’ iwebhusayithi yokwephulwa kwedatha ebalulwe kuSikhalazo,” kusho umenzeli okhethekile we-FBI u-John Longmire.
I-BreachForums ivele kuwebhu emnyama ngemuva nje kwe- ukufa ye-RaidForums – isiza esigxile ekuthengiseni idatha ye-purloined. It ngokushesha yakhula ukuze ibe isayithi edume kakhulu ukuze amasela edatha amemezele ukuphumelela kwawo.
UFitzPatrick ubekwe icala elilodwa lokwakha uzungu lokwenza ukukhwabanisa kwedivayisi yokufinyelela futhi ibheyili yabekwa ku-$300,000 – ekhokhelwa abazali bakhe.
Imikhonyovu ye-SVB isaqhubeka nokuza
Abanikazi bama-akhawunti ebhange laseSilicon Valley sebevele bakhungathekile ngenxa yokuwa kwesikhungo sabo sezimali, futhi izigebengu ze-inthanethi ziye zashesha ukufaka inhlamba ekulimaleni ngokugxumela ithuba lokuphanga labo imali yabo ebanjwe ebhange.
Senzile esexwayisiwe abafundi mayelana nemikhonyovu etholakala ku-inthanethi ukuze isizakale ngokuwa kwe-Silicon Valley Bank, futhi okungenani umkhankaso owodwa usuvele uvele: inkampani yezokuphepha i-Inky kubika elikufunayo wumkhonyovu wokuqala ohlobene ne-SVB wokukhomba izifakazelo ze-akhawunti ye-Microsoft.
Ngombiko ka-Inky, ukuhlasela kuqala ngezaziso zomgunyathi ze-DocuSign ezinophawu lokuthi zivela eThimbeni Lokuvuselela Ikhasimende Lakho le-SVB, futhi licela isisulu ukuthi sigcwalise ipheya yezinhlolovo ukuze kuqinisekiswe ubunikazi baso njengomphathi we-akhawunti ye-SVB.
Uma izixhumanisi ku-imeyili ichofozwa, nokho, iqondisa kabusha abasebenzisi kuzixhumanisi ezihlukene ezithi ziqondisa kabusha umsebenzisi ekhasini labo lokungena lenhlangano – kulokhu kuphazanyiswe ukubukeka njengokungena kwe-akhawunti ye-Microsoft.
Yebo, uma umuntu ebechofoza lezo zixhumanisi ngeso elibucayi, ukudideka okuncane kungase kuvele ekudingeni ukungena ku-akhawunti ye-Microsoft ukuze ufinyelele imibhalo ye-DocuSign. Uma lokho kungabanciphisi abasebenzisi kuwumbono omuhle ukuvinjelwa izizinda u-Inky amakwe njengengxenye yomkhonyovu: serving-sys[.]com kanye ne-docuonline[.]eu. U-Inky uphinde axwayise ngokusetshenziswa kwewebhu[.]izizinda zohlelo lokusebenza ezisetshenziselwa ukusingatha amakhasi okungena e-Microsoft mbumbulu.
Lo mkhankaso uhlukile kunemikhonyovu ye-SVB efike ngaphambi kwawo, kodwa ngamadigri kuphela, njengoba imikhonyovu ebike yabikwa ngaphambilini iphinde yazama ukukhohlisa abantu ngezixhumanisi ezingamanga ze-DocuSign.
I-Proofpoint iphinde yahlonza umkhankaso ekuqaleni kwaleli sonto oqondiswe kubasebenzisi be-DeFi app Circle, eyayinesandla esikhulu ku-SVB, ngokukhohlisa abantu ukuthi bathenge i-cryptocurrency USDC – “stablecoin” ekhonjwe enanini ledola laseMelika elalahlekelwa isikhonkwane sayo ngesikhathi i-SVB. idilikile. I-Proofpoint ithe umkhonyovu ubuzama ukuheha amakhasimende ukuthi ahlenge i-USDC ngamadola aseMelika ngenani elingu-1:1.
Ngakho-ke, njengeminye imikhonyovu ethrendayo yobugebengu be-inthanethi, lezo ezizungezile ukuwa kwe-SVB akwakhiwanga kahle, futhi akuyingozi ngokukhethekile. Kungamaqhinga amadala obugebengu bokweba imininingwane ebucayi: izicupho zabahahayo nezilula zabathukile.
I-Proofpoint ifingqa ukuthi labo abanentshisekelo ku-SVB kufanele baphendule kanjani endaweni esongelayo yamanje ku-tweet: “Noma ubani ohilelekile ekusingatheni imininingwane yezezimali noma ukuthengiselana. [should] sebenzisa ukuqapha nokukhuthala okwengeziwe njengoba imilayezo ingase iphume kubakhwabanisi.”
Izinto zaleli sonto ezingasetshenzwa
Uhlu lwaleli sonto lwezindaba ze-cybersecurity ezidinga ukuthathwa ngokushesha lugqugquzelwa yi-Patch Tuesday, thina osekumboziwe. Uma lolu hlu lubonakala lufushane, lokho kungenxa yokuthi zonke izimbungulu ezinkulu zeMicrosoft, Adobe, Android, Chrome kanye ne-SAP ezibikwe kuleli sonto zimbozwe lapho.
Sekushiwo lokho, uma ukumkhakha we-IT wezimboni nhlobo, bekuyiviki elibi le-Siemens ne-AVEVA. Uma usebenzisa noma iyiphi yalezi zinhlelo thola ukupeshishwa:
- I-CVSS 9.8 – I-CVE-2023-1256: I-AVEVA Plant SCADA kanye ne-AVEVA Telemetry Server zombili ziqukethe i ukuba sengozini kokugunyazwa okungafanele okungase kuvumele umsebenzisi okude ongagunyaziwe ukuthi afunde idatha, abangele ukunqatshelwa kwesevisi futhi aphazamise izimo ze-alamu.
- I-CVSS 9.8 – ama-CVE amaningi: Esibuyekezweni sesaziso sangaphambilini i-CISA ithe isofthiwe ye-AVEVA InTouchAccess Anywhere kanye ne-Plant SCADA Access Anywhere ithintwa iziphazamisi ezintathu ezingase zivumele umsebenzisi ongagunyaziwe ukuthi athole ukufinyelela kumasistimu avikelekile futhi akhiphe ikhodi engafanele. Kuyathakazelisa ukuthi i-SCADA yeluleka amakhasimende kulesi simo ukuthi angabuyekezi isofthiwe ethintekile, kodwa ayikhiphe ngokuphelele futhi enze ukufakwa okusha kwenguqulo ebuyekeziwe.
- I-CVSS 9.8 – ama-CVE amaningi: I-Honeywell OneWireless Device Manager ine-trio yobungozi obungavumela umhlaseli ukuthi akhulise amalungelo akhe futhi asebenzise ikhodi yesilawuli kude.
- I-CVSS 9.1 – I-CVE-2023-0811: Ama-CJ1M PLC ka-Omron ane- inqwaba yezingxenye ezisengozini okungase kuvumele umhlaseli ukuthi adlule ukuvikelwa kwenkumbulo yomsebenzisi, abhale phezu kwamaphasiwedi futhi akhiye onjiniyela ekufundeni izifunda zabo zememori.
- I-CVSS 9.8 – AMANINGI ama-CVE: Izinombolo ze-CVE ezihlukene ezingu-65 zifakiwe kulesi sexwayiso sokuthi ngaphezu kweshumi nambili i-Siemens Scalance kanye nepheya lamadivayisi we-Ruggedcom aqukethe ubungozi obungavumela umhlaseli ajove ikhodi futhi kubangele ukunqatshelwa kwesevisi. Ungase ufune ukuhlola lolo hlu.
- I-CVSS 9.1 – I-CVE-2023-25957: Izinguqulo ezimbalwa zesofthiwe ye-Siemens Mendix SAML iqukethe i-algorithm yokuqinisekisa esetshenziswe ngokungalungile engavumela umhlaseli okude ongagunyaziwe ukuthi adlule ukufakazela ubuqiniso.
- I-CVSS 8.8 – 2 CVEs: Zonke izinguqulo ze-Siemens Ruggedcom Crossbow ngaphambi kwenguqulo 5.3 azinawo amasheke okugunyaza avumela umhlaseli ukuthi aqalise ukuhlasela komjovo we-SQL.
Ngaphambi kokuthi sikubuyisele ezindabeni zokuphepha ezengeziwe, kufanelekile ukukhomba izindaba ezimbalwa ezingazange ziphumelele kuleli sonto, kodwa ezisabalulekile ukuthi wazi.
Okokuqala, i-CISA ine yethuliwe i-Ransomware Vulnerability Isexwayiso uhlelo lokulinga lapho izolandelela futhi yazise izinhlangano emikhakheni ebalulekile uma inquma ukuthi ezinye zezinhlelo ezizisebenzisayo zisengozini yokuhlaselwa yi-ransomware. I-CISA ithe izokwenza lokhu ngokusebenzisa izinsiza ezikhona kanye nemithombo yedatha, okuhlanganisa ubuhlakani bomthombo ovulekile obuqoqwe kuwebhu. Akukho okushiwo ngokudinga ukubhalisa ukuze uthole lezi zaziso, ngakho-ke kubonakala sengathi i-CISA izovele icabange ukuthi ufuna lezi zaziso.
Yebo, lokhu kungase kuphakamise kalula ukugebenga kwabaningi be-cybersecurity pro – njengokuthi ubani owaziyo ukuthi ngabe i-CISA yangempela iyafona yini – kodwa i-ejensi ibonakala iwazi amandla okukhwabanisa. Ithe noma ngubani othintwa yihhovisi le-CISA ngaphansi kohlelo lokuhlola kufanele axhumane naye I-CISA Central ukuze kuqinisekiswe ukufaneleka kwesaziso.
Okwesibili, i-Digital Threat Analysis Center ye-Microsoft ixwayise ngokuthi ibona izimpawu zokuthi iRussia ingahle ihlanganele omunye umjikelezo wokuhlasela kwe-cyber okungase kuhlanganise izinhlobo ezintsha ze-ransomware kanye nezinhloso ezintsha, futhi. “Abadlali be-Cyberthreat abanolwazi noma okusolwa ukuthi bahlobene nezinsizakalo zezobunhloli zaseRussia bazamile ukuthola ukufinyelela kuhulumeni nezinhlangano ezihlobene nezokuvikela hhayi eCentral naseMpumalanga Yurophu kuphela kodwa nasemazweni aseMelika,” iMicrosoft. waxwayisa.
Phakathi kwemikhonyovu yasebhange nezimpi ze-inthanethi, cishe akulona iviki elibi ukwenza ukucwaninga okuthile kwezokuphepha.
I-Cryptocurrency launderer ekhishwe yi-US, abomthetho baseJalimane
I-ChipMixer, “i-mixer” ye-cryptocurrency esetshenziswa kakhulu izigebengu ze-inthanethi, yehlisiwe ngenxa yomzamo ohlanganyelwe oholwa uMnyango Wezobulungiswa wase-US kanye neziphathimandla zaseJalimane, okwathi kusenjalo. banjiwe cishe ama-Bitcoins angu-2,000 (amaRandi ayizigidi ezingu-50.7), amaseva amane nama-terabyte ayisikhombisa edatha eseduze nobugebengu obunoshukela.
Kuze kube yilapho yehliswa ngoMashi 15, iChipMixer ibisetshenziselwa ukukhwabanisa imali ye-crypto ngokuguqula yonke i-crypto efakiwe – ngokuyinhloko i-Bitcoin – ibe yimpahla yayo ebonakalayo ebizwa ngama-chips. Lawo ma-chips abe esexutshwa echibini elilodwa elikhulu ngaphambi kokuba aphinde asatshalaliswe, kufihlwa yonke imikhondo ye-blockchain ngesikhathi kuqhubeka inqubo.
Le nkonzo yasungulwa ngo-2017 ngumhlali wase-Vietnamese kanye nomhlali uMinh Quốc Nguyễn, u-US DoJ obekwe icala lokushushumbisa imali, eqhuba ibhizinisi lokuthumela imali elingekho emthethweni kanye nokweba umazisi. Njengamanje uNguyễn ugcwele amathafa kanti ubhekene neminyaka engu-40 ejele uma elahlwa yicala.
Ngokusho kwe-DoJ, iChipmixer intshontshe imali yezigebengu ze-cyber ngemuva kwezinhlobo ezingama-37 ze-ransomware, imali engaphezu kwezigidi ezingama- $ 700 e-Bitcoin exhumene nezikhwama ezebiwe, ngaphezu kwezigidi ezingama- $ 200 ezihambisana nezimakethe ze-darknet – okubandakanya ama- $ 60 wezigidi okungezona I-Hydranezinye izigidi ezihlotshaniswa nezinkundla zewebhu ezimnyama lapho abalingisi ababi bengathenga khona izifakazelo ze-akhawunti ezebiwe nokunye okunjalo.
I-ChipMixer kuthiwa ibala phakathi kwamakhasimende ayo i-Russian General Staff Main Intelligence Directorate, noma i-GRU, kanye namayunithi ayo angaphansi, okuhlanganisa Idatha ye-APT28abalingisi baseNyakatho Korea ngemuva kwe I-Axie Infinity Hack, kanye nabantu abangemuva kwe I-Horizon Bridge Hack. Izikhulu zase-Europe zithe abalingisi be-ransomware okubalwa kubo iMamba ne-Lockbit nabo bayisebenzisile le nkonzo.
Ngombono wokuthi i-cryptocurrency – noma izinsizakalo zokuhlanza izingubo ezifana ne-ChipMixer – zingakwazi ukufihla ubugebengu, i-FBI ithe ubuchwepheshe angeke buvikele muntu.
“Ubuchwepheshe buwushintshile umdlalo … Ngenxa yalokho, i-FBI iyaqhubeka nokuvela ngezindlela ‘esilandela ngayo imali’ yebhizinisi elingekho emthethweni,” kusho umenzeli okhethekile we-FBI ophethe u-Jacqueline Maguire we-Philadelphia Field Office. ®
