Today’s topics include Microsoft’s decision to drop a lawsuit seeking to curb the U.S. Department of Justice’s secrecy orders, Arm’s introduction of a new IoT security platform at TechCon 2017; the “Bad Rabbit” ransomware spreading across the Ukraine and Russia; and how cyber-criminals are using compromised RDPs to anonymize their attacks.
Microsoft is dismissing an April 2016 lawsuit against the U.S. Department of Justice seeking to curb the U.S. government’s issuing of secrecy orders, or gag orders.
Microsoft decided to drop the lawsuit after the Justice Department enacted a binding policy reducing secrecy orders and prohibiting ones without an end date.
Gag orders prohibit cloud and online services providers from telling customers when law enforcement agencies have obtained their data using a statute in the Electronic Communications Privacy Act.
Microsoft also argued that the ECPA statute violates their First Amendment right to free speech and customers’ Fourth Amendment right to know if the government seizes or searches their property.
Microsoft president and chief legal officer Brad Smith said, “[The amended policy] is an unequivocal win for our customers, and we’re pleased the DOJ has taken these steps to protect the constitutional rights of all Americans.”
Since its $32 billion acquisition last year by SoftBank, Arm has focused more tightly on IoT, launching its Mbed IoT platform and operating system for internet-connected devices three years ago.
On Oct. 24 at TechCon 2017, Arm introduced a framework for developing secure connected devices called the Platform Security Architecture that they hope the industry will adopt to help drive the scalability of IoT.
PSA includes IoT threat models and security analytics capabilities, hardware and firmware requirements. The company unveiled on-die threat mitigation technology as well as an extension to Mbed Cloud- called Mbed Edge- to help designers, developers and businesses secure devices that sit between the end devices and the cloud.
A new ransomware attack known as “Bad Rabbit” began to spread on Oct. 24 primarily in the Ukraine and Russia, with limited reports in Turkey, Bulgaria and Germany.
The Ukranian version of CERT issued an advisory warning of the potential of widespread ransomware attacks. Among the infrastructure attacked in Ukraine is the Kiev Metro as well as the Odessa airport.
The name “Bad Rabbit” comes from the title of the ransomware page that exploited users are directed to after being infected by the ransomware.
The initial ransom the attackers have asked for is 0.05 Bitcoin, worth approximately $283 dollars, with the threat that the ransom will increase if not paid.
“It seems to be delivered via malicious URL as fake flash update and then using EternalBlue and Mimikatz for lateral movement and further spreading,” wrote security consultant Xaviar Merten.
More than 35,000 servers that host remote desktops for companies have been compromised by an Eastern European group that is selling access to the computers for less than $15 each.
The compromised remote desktop protocol servers allow the dark-web group to offer anonymization services and access to any information on the servers, which most often belong to healthcare companies, educational institutions and government agencies.
Olivia Rowley, intelligence analyst at Flashpoint told eWEEK: “Cyber-extortionist[s] … [have] likely utilized RDPs in order to steal personally identifiable information and other sensitive data.” RDP systems are often connected to back-end retail systems, allowing attackers access to credit and debit-card details.
Companies should conduct regular audits and scans of their own networks for the protocol and require strong passwords for any RDP server accessible from the Internet.