In this week's Security Sprint, Dave and Andy covered the following topics:
Warm Open:
• TribalHub Magazine, Winter 2025: A Publication For Technology Minded Professionals In Tribal Government Tribal Health, Tribal-Gaming And Non-Gaming Tribal Enterprises. Includes Tribal-ISAC happenings!
• React2Shell: Risky Bulletin: APTs go after the React2Shell vulnerability within hours & Critical Security Vulnerability in React Server Components
• We discussed our daily SUN and Weekly Ransomware & Data Breach Digest available via Gate 15’s GRIP: Join the GRIP! Gate 15’s Resilience and Intelligence Portal (GRIP) utilizes the robust capabilities available in Cyware’s Collaborate platform to provide the community with technology-enhanced, human-driven analysis products. Further, our team supports the implementation and use of Cyware Collaborate at the Enterprise level.
Main Topics:
FinCEN Issues Financial Trend Analysis on Ransomware. The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) is issuing a Financial Trend Analysis on ransomware incidents in Bank Secrecy Act (BSA) data between 2022 and 2024, which totaled more than $2.1 billion in ransomware payments… Previous FinCEN Financial Trend Analyses have focused on reported ransomware payments and incidents by the date the activity was filed with FinCEN. Today’s report shifts the focus to the incident date of each ransomware attack and offers greater visibility into the activities conducted by ransomware actors.
• Reported Ransomware Incidents and Payments Reach All-Time High in 2023
• FinCEN Data Shows Ransomware Payments Top $2.1B in Just Three Years
• Financial Services, Manufacturing, and Healthcare were the Most Impacted Industries
• The Onion Router (TOR) was the Most Common Communication Method Reported
• ALPHV/BlackCat was the Most Prevalent Ransomware Variant Between 2022 and 2024
• FinCEN analysis shows scope of ransomware problem
Five-page draft Trump administration cyber strategy targeted for January release; The six-pillar document covers a lot of ground in a short space, and could be followed by an executive order implementing it, according to sources familiar with the draft. America 250: Presidential Message on the Anniversary of the Monroe Doctrine
• Here’s what the new National Security Strategy says about threats to critical infrastructure
• New US National Security Strategy reveals Trump administration’s latest stance on Taiwan
FBI PSA: Criminals Using Altered Proof-of-Life Media to Extort Victims in Virtual Kidnapping for Ransom Scams. The Federal Bureau of Investigation (FBI) warns the public about criminals altering photos found on social media or other publicly available sites to use as fake proof of life photos in virtual kidnapping for ransom scams. The criminal actors pose as kidnappers and provide seemingly real photos or videos of victims along with demands for ransom payments… Criminal actors typically will contact their victims through text message claiming they have kidnapped their loved one and demand a ransom be paid for their release. Oftentimes, the criminal actor will express significant claims of violence towards the loved one if the ransom is not paid immediately. The criminal actor will then send what appears to be a genuine photo or video of the victim’s loved one, which upon close inspection often reveals inaccuracies when compared to confirmed photos of the loved one. Examples of these inaccuracies include missing tattoos or scars and inaccurate body proportions. Criminal actors will sometimes purposefully send these photos using timed message features to limit the amount of time victims have to analyze the images.
Quick Hits:
• US leader of global neo-Nazi terrorist group signals retribution for arrests
• ASD: Information stealers are on the rise, are you at risk?
• UK NCSC: Prompt injection is not SQL injection (it may be worse)