Risky Biz News: Russia arrests WazaWaka

Risky Business News: Russia Arrests WazaWaka – Detailed Summary

Podcast Information:

• Title: Risky Business News
• Host: Claire (read by Claire, prepared by Catalyn Kimpanu)
• Episode: Risky Biz News: Russia arrests WazaWaka
• Release Date: December 2, 2024
• Description: Regular cybersecurity news updates from the Risky Business team.

Top Stories Overview

In this episode of Risky Business News, host Claire delves into several significant cybersecurity events, including the arrest of a notorious ransomware affiliate in Russia, a major heist targeting Uganda's central bank, privacy concerns surrounding Zoom, and vulnerabilities affecting Windows Server 2012. Additional topics include a ransomware attack on an Italian soccer club, misuse of DDoS features in South Korea, and emerging threats in software licensing bypasses.

Arrest of Waza Walker (00:04)

The episode opens with the high-profile arrest of Mikhail Matveev, known as WazaWaka, a significant figure in the ransomware community.

• Details of Arrest:

  • Affiliations: Matveev operated as an affiliate for several major ransomware groups, including Babuk, Conti, Darkside, Hive, and Lockbit.
  • Charges: He faces charges in the US for orchestrating ransomware attacks targeting hospitals and police departments.
  • Notable Attack: In 2022, Matveev led an attack on the Washington, D.C. Metro Police, threatening to release sensitive data on cases and informants. This incident resulted in the disbanding of the Babuk ransomware gang.

• Key Quote:

  "His most infamous attack targeted the Washington, D.C. metro Police in 2022 when he threatened to release data on cases and informants." — Claire [00:04]

• Recent Developments:

  • Court Case: Matveev's arrest was highlighted in a recent Kaliningrad court case, which noted his involvement in developing new ransomware in January of the current year, directly leading to his apprehension.

Uganda Central Bank Heist (08:30)

A cybercriminal group named WASTE successfully stole nearly $17 million from Uganda's central bank earlier this month.

• Attack Details:

  • Confirmation: Ugandan officials have officially confirmed the breach.
  • Recovery Efforts: Authorities have tracked a portion of the stolen funds to bank accounts in Japan, recovering over half of the total amount.

• Impact: The audacious nature of the heist underscores vulnerabilities in national banking systems, highlighting the sophisticated methods employed by modern cybercriminals.

Zoom Faces SEC Probe (15:45)

Videoconferencing giant Zoom is navigating significant legal challenges as it seeks to settle a probe from the U.S. Securities and Exchange Commission (SEC) concerning its privacy practices.

• Settlement Offer:

  • Zoom has proposed an $18 million settlement in response to the SEC's investigation.

• Investigation Focus:

  • Privacy Policies: The SEC is scrutinizing Zoom's privacy policies and alleged misleading statements regarding call encryption.
  • Timeline: The investigation commenced in 2020 amid the surge in video conferencing usage due to the COVID-19 pandemic.

• Current Status:

  • Zoom awaits the SEC's final decision, as indicated in documents filed last week.

• Key Quote:

  "The SEC started investigating Zoom in 2020 during the height of the COVID-19 pandemic, when video conferencing platforms boomed." — Claire [15:45]

South Korean Tech Company CEO Arrested (22:10)

South Korean authorities have apprehended the CEO of an unnamed tech company, along with four employees, over the illicit addition of a DDoS (Distributed Denial of Service) feature to their satellite TV receiver firmware.

• Circumstances:

  • Customer Request: The feature was allegedly incorporated at the behest of a customer facing DDoS attacks from a competitor.
  • Scale of Distribution: Since January 2019, over 240,000 units with the unauthorized DDoS capability were shipped.

• Legal Repercussions: The arrests highlight the severe legal consequences for companies engaging in cyber offensive measures, even when requested by clients.

European Court Rules Against Hungarian Government (28:50)

The European Court of Human Rights has ruled in favor of a reporter against the Hungarian government in a landmark case involving illegal wiretapping.

• Case Details:

  • Reporter Involved: Claudia Chikos, a BLIC reporter.
  • Incident: In 2016, Hungarian police wiretapped Chikos to unmask a source providing information on a high-profile murder case.
  • Outcome: The wiretapped conversations were later used to terminate her source, leading to legal action by Chikos.

• Court Ruling:

  • The court found that the Hungarian government violated Chikos's rights to privacy and freedom of expression.
  • It also noted the government's failure to properly investigate the illegal surveillance.

• Key Quote:

  "The court says the government broke the reporter's right to privacy and freedom of expression and failed to investigate her complaint of illegal spying." — Claire [28:50]

Ransomware Attack on Bologna FC (35:20)

Italian soccer club Bologna FC has been hit by a ransomware attack, resulting in the unauthorized publication of sensitive internal data.

• Attack Details:

  • Perpetrators: The Ransom Hub Ransomware Group is responsible for the breach.
  • Data Compromised: Personal and medical records of players and staff, along with financial records, were leaked after the club refused to comply with ransom demands.

• Impact on the Club:

  • Bologna FC is currently ranked 8th in Italy's soccer league, and the attack may have implications for its operations and reputation.

• Key Quote:

  "The leaked data allegedly includes the personal and medical records of the club's players, staff and financial records." — Claire [35:20]

Vulnerability in Windows Server 2012 Remains Unpatched (42:15)

Researchers have uncovered a critical vulnerability in the Windows Server 2012 operating system that allows threat actors to bypass security measures.

• Vulnerability Details:

  • Bug Nature: The flaw permits attackers to circumvent the mark of the web, a security feature in Windows Server 2012.
  • Affected Versions: All versions released in the past two years are susceptible.

• Current Mitigation:

  • Vendor Response: Microsoft has yet to release a patch for this vulnerability, despite it being reported.
  • Workaround: Security firm Across has issued a micro patch to temporarily address the issue until Microsoft can provide an official fix through its Extended Security Updates program.

• Additional Threats:

  • Malware Sneak-Ins: Cybercriminals are exploiting corrupted files to bypass email security measures like sandboxes and spam filters.
  • Recovery Mechanisms: Malicious files leverage built-in recovery features of user applications to gain access.

• Key Quote:

  "The researchers from Across say they reported the issue to Microsoft, but the bug is still unpatched." — Claire [42:15]

Emergence of Software Licensing Bypass Techniques (49:40)

A group of software crackers, identified as the MAS group, claims to have developed a novel method to bypass Microsoft’s licensing protections for Windows and Office software.

• Bypass Details:

  • Technique: Their method reportedly does not require any third-party software.
  • Scope: The bypass can activate licenses for Microsoft Office, Windows Desktop and Server, and even licenses for Microsoft's Extended Security Updates program.

• Implications:

  • If verified, this breakthrough could significantly escalate Windows piracy, undermining Microsoft's software protection efforts.

• Key Quote:

  "The MAS group claims their licensing bypass does not require third-party software and can activate licenses for Microsoft Office, Windows Desktop and Server." — Claire [49:40]

Conclusion

This episode of Risky Business News presents a comprehensive overview of recent cybersecurity incidents and developments. From the arrest of a major ransomware figure in Russia to vulnerabilities in longstanding software systems, the discussions underscore the evolving challenges in the cybersecurity landscape. The insights provided by Claire offer listeners a deep understanding of the threats and responses shaping the digital world today.

Note: This summary excludes advertisements, introductions, and outros to focus solely on the substantive content discussed in the episode.