Top Tweets: QuickBuck Ransomware Simulator
Verdict lists five of the most popular cybersecurity tweets in Q2 2022 based on data from GlobalData’s technology influencer platform.
Top Tweets are based on the total number of engagements (likes and retweets) received on tweets from 808+ cybersecurity experts tracked by GlobalData’s Technology Influencer Platform during the second quarter (Q2) of 2022.
The most popular tweets on cyber security in Q2 2022: Top 5
1. Florian Roth’s tweet about the QuickBuck ransomware simulator
Florian Roth, head of research at software development firm Nextron Systems, tweeted about the company releasing the ransomware simulator called QuickBuck. The goal of the repository is to offer a simple and harmless way to check antivirus (AV) protection on ransomware. The tool thus carries out various actions to simulate the activity observed by ransomware on endpoints, details the article. The company plans to use it in demos to showcase Sigma matching with Aurora.
The tool simulates typical ransomware behaviors, such as staging from a Word document macro, encrypting documents, deleting Volume Shadow Copies, and dropping a ransomware note on the desktop of the user, further notes the article.
Username: Florian Roth
Twitter username: @cyb3rops
2. Brian Krebs’ Tweet About US DEA Investigating Agency Portal Breach
Brian Krebs, an investigative correspondent, shared an article about the US Drug Enforcement Administration (DEA) saying it was investigating reports of hackers accessing an agency portal that operated 16 databases separate federal law enforcement agencies. The intruder they had logged into DEA with just a username and password, and no two-factor authentication (2FA). Reports suggest the hack is linked to a cybercrime and online harassment community that constantly mimics police and government officials to obtain personal information from their targets, the article points out.
Hackers notified cybersecurity blog KrebsOnSecurity of the breach using only a username and password for an unauthorized user of esp.usdoj.gov, which is the Law Enforcement Inquiry and Alerts (LEIA) system operated by the DEA. The Obama administration had released a document in May 2016 stating that the DEA’s El Paso Intelligence Center (EPIC) systems in Texas were available for use by federal, state, local, and tribal law enforcement, as well as only by the Department of Defense and the intelligence community, the article noted.
EPIC and LEIA also have access to the DEA’s National Seizure System (NSS), which the DEA has used to track property believed to have been purchased with the proceeds of crime. The article detailed that the shared screenshots showed that the hackers could have used EPIC to view multiple records related to motor vehicles, firearms, boats, drones and aircraft.
Twitter username: @briankrebs
3. Kim Zetter’s tweet about the availability of military-made cyberweapons on the darknet in a few years
Kim Zetter, a cybersecurity journalist, tweeted that military-made weapons and cybercrime malware sometimes differ only in sophistication, or simply in intent or use. Zetter further shared an article detailing how military-made cyber weapons are likely to become available on the darknet, a hidden area of the internet inaccessible to search engines, in a few years, according to concerns raised by Jurgen Stock, the Secretary General of Interpol. . Cyber warfare has always been a concern for governments around the world, but it received renewed attention after the Russian-Ukrainian conflict, the article details. According to the World Economic Forum’s Global Cybersecurity Outlook report, the number of cyber attacks more than doubled worldwide in 2021.
A senior Interpol official further warned that digital tools used by the military to wage cyber warfare could ultimately end up in the hands of cybercriminals. Stock thinks this could be dangerous for the physical world, as weapons used in the military would now be used by organized crime groups, and the same goes for digital weapons used by the military, the article notes. Cyberweapons come in many forms, ransomware being one of the main ones, where paying a ransom is involved to restore hackers’ control of computer systems. Moscow has been blamed for several cyberattacks that took place before and during its invasion of Ukraine.
Username: Kim Zetter
Twitter username: @KimZetter
4. Mark Russinovich’s tweet about Russia’s ongoing cyber attacks on Ukraine
Mark Russinovich, chief technology officer (CTO) of Microsoft Azure, the technology-operated cloud computing platform Microsoft, shared an article about a company’s report that highlighted Russia’s ongoing cyberattack activity in Ukraine. For example, a day before the military invasion, operators linked to the Glavnoye Razvedyvatelnoye Upravlenie (GRU), the Russian military intelligence service, exposed destructive wiper attacks on hundreds of systems across the Ukrainian government, energy, IT and financial organizations, underlined article. Since then, Russian cyberattack activities have included efforts to destroy, disrupt or penetrate the networks of government agencies and other critical infrastructure organizations, which Russian military forces have also targeted with missile strikes and network attacks. floor.
Microsoft security teams worked closely with cybersecurity officials from government organizations and with the government to detect and remediate threat activity against Ukrainian networks, the article further notes. For example, in January, the Microsoft Threat Intelligence Center (MSTIC) exposed the wiper malware in more than a dozen networks in Ukraine. Other malware families exploited for harmful consequences include WhisperGate/WhisperKill, FoxBlade, aka Hermetic Wiper, SonicVote, aka HermeticRansom, CaddyWiper, DesertBlade, Industroyer2, Lasainraw, aka IssacWiper, and FiberLake, aka DoubleZero.
Username: Mark Russinovich
Twitter username: @markrussinovich
5. Zack Whittaker’s tweet about Block’s data breach of his Cash app
Zack Whittaker, a security editor, shared an article about the software development company To block (formerly Square) confirming a data breach involving its Cash app, which notified nearly 8.5 million of its customers. The breach went undetected for four months and eventually pointed to a former employee with privileged access to customer data. The company said in a filing with the Securities and Exchange Commission (SEC) on April 4, 2022 that the former employee downloaded reports from the Cash app that included US customer information on December 10, 2021, details the item.
The information viewed included full user names and brokerage account numbers, and for some clients, the data included brokerage portfolio value, brokerage portfolio holdings, as well as stock trading movements for a trading day, further notes the article. The company confirmed that no other personal information was accessed except for names, and it contacted approximately 8.2 million current and past customers about the breach.
Username: Zack Whittaker
Twitter username: @zackwhittaker