☕ A bountiful harvest

To:Brew Readers

IT Brew // Morning Brew // Update

September 26, 2022

TOGETHER WITH

It’s Monday! The first week of fall may give your AC its own vacation, but that doesn’t mean the energy grid goes into hibernation. Here’s how one company is trying to give power grids a break.

In today’s edition:

Bug off

🪄 Abracadabra!

—Tom McKay, Billy Hurley, Patrick Lucas Austin

BUG BOUNTIES

Snitches get riches

Mandel Ngan/AFP via Getty Images

A State Department bounty program that the FBI’s cyber division joined in 2020 is beginning to pay off, CyberScoop reported.

At the Billington Cybersecurity Summit in Washington, DC, earlier this month, FBI Assistant Director for Cyber Bryan Vorndran told attendees, “Recently, the US government has also started to leverage something that was traditionally used in counterterrorism: Rewards for Justice. It’s essentially incentivizing individuals who have intimate knowledge of a criminal conspiracy, whether nation state or not, to report to the US government…That has actually borne fruit at this point.”

When asked for comment by CyberScoop, the FBI declined, and the State Department pointed to a blanket policy, stating that it refuses to comment on whether any given payout occurred.

The Washington Post similarly reported it was unable to gather any details about the program’s alleged success. However, Center for Strategic and International Studies cybersecurity expert and former State official James Lewis told the paper:

“The way to judge it isn’t how many people we catch. It’s how much we get the message out there…As part of a larger US effort to finally begin to impose consequences, it’s a good thing.”

In May 2022, the State Department began offering up to $10 million for information that could lead to the arrest of any of the leaders of the Conti ransomware group (formerly behind Ryuk), which it said was responsible for over 1,000 attacks that had successfully earned collective ransoms of over $150 million, according to FBI estimates. It also offered $5 million for information leading to the arrest of any Conti ransomware participants. At the same time it announced the Rewards for Justice bounty, the State Department shared a photo of a key suspect referred to as “Target.”

Read the rest here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @thetomzone on Twitter. Want to go encrypted? Ask Tom for his Signal.

TOGETHER WITH DELL

When cyberattacks loom, business can’t boom

From boardrooms to IT departments, organizations have all but accepted a “not if, but when” mentality about cyberattacks—and are beefing up their cybersecurity preparedness.

That sounds like the right call, judging by this (yikes-worthy) stat: 79% of organizations have reported a ransomware attack in the past year alone.¹If you need to fortify your org ASAP, Dell Technologies can equip you with the right modern security.

Once you’ve prepped your infrastructure with advanced tech and security, your business can get back to focusing on growth-based tasks, all the while knowing you’re taking steps to protect your company and your customers’ confidence.

Dell’s cybersecurity resilience capabilities can position you riiight in that sweet spot.

Learn how to start protecting your biz here.

MALWARE

It’s magically malicious

Francis Scialabba

Malware revealed by Microsoft presented a reminder that Active Directory—and the many accounts and permissions it contains—is a valuable target for hackers and must be protected.

Guidance from Microsoft and others, given the threat of the bad binary file known as “MagicWeb,” include AD monitoring and building defenses around the database.

“We recommend that any such infrastructure is isolated, accessible only by dedicated admin accounts, and regularly monitored for any changes,” said a lengthy post from Microsoft in August.

What’s MagicWeb? The threat appears to come from NOBELIUM, the group associated with major compromises like the SolarWinds hack. Not a new David Copperfield trick, MagicWeb takes over Active Directory.

NOBELIUM has some history of taking credentials by gaining admin-level access to Active Directory Federation Services (AD FS) servers—see its earlier work with the lesser-known FoggyWeb.

How does MagicWeb work? MagicWeb inserts itself into AD’s “claims-based” authentication, a method of verifying user- and access-privilege with a token. MagicWeb is a malicious DLL that messes with that token, generated by an AD FS server.

NOBELIUM deployed MagicWeb by first gaining access to highly privileged credentials and moving laterally to attain administrative privileges to an AD FS system. The attacker replaced a legitimate DLL with their own malicious one, causing AD FS to load the malware.

Laterally, everyone is doing it. Lateral movement—highlighted in a recent VMware report—has been trending with attackers looking to slowly creep from machine to machine to find sensitive data.

“Moving from one device to another can be very beneficial, so that you can potentially infect different networks and try to spread across multiple different sectors and sections of a business,” said Allie Mellen, senior analyst at Forrester. “Most of the time, in order to spread ransomware and try to lock down as many computers as possible.”

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.

TOGETHER WITH ROBIN

Hybrid work, unlimited possibilities: Empowering your team to make decisions that work for them is something worth celebrating. Join Robin’s Hybrid Work Conference in Boston or online from Oct. 3–5 to network with workplace experts, learn about the future of work, and plenty more. Save 15% on virtual or in-person attendance with codes HWC15V and HWC15IP, respectively. Register here.

PATCH NOTES

picture of data with "Clean Me" written on it + bottle of cleaner in front of it

Francis Scialabba

Today’s top IT reads.

Stat: 1.1 million. That’s the number of Tesla vehicles being recalled due to power window issues. (Ars Technica)

Quote: “We fixed a bug that didn't close all active logged-in sessions on Android and iOS after an account’s password was reset.” —Twitter, explaining why a now-fixed password reset feature did not log users out (PCMag)

Read: These scientists are using fiber-optic cables to detect the sounds of baleen whales. (The Verge)

Learn: Ready to find that elusive work-life balance? The Brew’s ready to teach you what you need to know. Join us at our upcoming master class and learn how to take back your time with ease.

Help your clients: Reach monetization faster with membership software trusted by the web’s biggest creators. Memberful handles the nuts and bolts of bringing membership to Wordpress sites, so your clients reach their audience and cash in on content. Try it for free.*

^{*This is sponsored advertising content.}

WHAT ELSE IS BREWING…

A Microsoft survey of 20,000 people found 87% of workers feel just as efficient working from home as they do from work.
Customers of India’s ICICI Bank were targeted with SMS phishing campaigns that urged users to download a fake bank rewards app.
Boeing has agreed to pay $200 million to settle charges related to misleading investors concerning two Boeing 737 Max plane crashes.
Mercedes’s F1 team has cut freight emissions by 89% by using biofuel to power its transport trucks.

ICYMI

Check out the IT Brew stories you may have missed.

✢ A Note From Dell

1. Source: Enterprise Strategy Group—The Long Road Ahead to Ransomware Preparedness e-book, March 2022.

Written by Tom McKay, Billy Hurley, and Patrick Lucas Austin

Was this email forwarded to you? Sign up here

WANT MORE BREW?

{if !contains(profile.lists,"Daily Business")}

Get the daily email that makes reading the news enjoyable →

Morning Brew: become smarter in 5 minutes, every morning

{/if} {if !contains(profile.lists,"EmTech Brew") || !contains(profile.lists,"HR Brew") || !contains(profile.lists,"Marketing Brew") || !contains(profile.lists,"Retail Brew") || !contains(profile.lists,"IT Brew") || !contains(profile.lists,"Future Social") || !contains(profile.lists,"CFO Brew")}

Industry news, with a sense of humor →

CFO Brew: your go-to source for global finance insights
Emerging Tech Brew: AI, crypto, space, autonomous vehicles, and more
Future Social: the Brew's take on the world of social media
Healthcare Brew: the comprehensive industry guide for administrators, medical professionals, and more
HR Brew: analysis of the employee-employer relationship
Marketing Brew: the buzziest happenings in marketing and advertising
Retail Brew: retail trends from DTC to "buy now, pay later"

{/if} {if !contains(profile.lists,"Money Scoop") || !contains(profile.lists,"The Essentials") || !contains(profile.lists,"Money With Katie")}

Tips for smarter living →

Incrypto: Finally, crypto news you can understand
Money Scoop: your personal finance upgrade
Money With Katie: manifest your financial freedom
Sidekick: lifestyle recs from every corner of the internet

{/if}

Podcasts → Business Casual, Founder's Journal, Imposters, and The Money with Katie Show

YouTube

Accelerate Your Career with our Courses →

Business Essentials Accelerator: Become a better communicator, operator, and innovator.
Leadership Accelerator: Grow your team, grow yourself, grow your impact.
Business Analytics Accelerator: Understand the business of numbers and make better decisions with data.

Top insights for IT pros

From cybersecurity and big data to software development and gaming. Our IT Brew newsletter delivers the latest news and analysis of trends shaping the IT industry, like only The Brew can.

IT Brew is a newsletter that delivers the latest news and analysis of trends shaping the IT industry. Check out the latest issue below and don't forget to subscribe.