The Week in Cybersecurity: Vice Society ransomware group targets back-to-school

Welcome to the latest edition of The Week in Cybersecurity, which brings you the newest headlines from both the world and our team about the most pressing topics in cybersecurity. This week: Vice Society ransomware group targets America’s education sector, the U.S. government’s new position on software supply chain security, and more.

This week’s top story

As classrooms reopen for another school year, Vice Society ransomware group targets America’s education sector

This week, the U.S. government has turned its attention to an emerging threat group that has been targeting one of the nation’s critical entities: education. CISA, in conjunction with the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has released a joint Cybersecurity Advisory warning the public of the Vice Society ransomware group. The advisory includes tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) related to Vice Society, based on the group’s attacks that have occurred as recently as this month.

According to the advisory, Vice Society is described as an “intrusion, exfiltration, and extortion hacking group.” The attackers have been utilizing the same versions of past ransomware types, such as Hello Kitty and Zeppelin Ransomware. The group has also utilized Cobalt Strike, SystemBC and PowerShell Empire to move laterally in victims’ networks. The group so far has taken hold of sensitive information belonging to students and staff at educational institutions using double-extortion techniques, seeking financial profit from their targets.

It’s still unclear why Vice Society has chosen to target the education sector, considered to be a key part of America’s critical infrastructure. There is obvious concern that the country’s education system will remain a target for cybercriminals, especially since many schools have begun their calendar-year this past week. The education sector is already dealing with a worrisome labor shortage, and the last thing it needs is more school closures due to ransomware attacks.

News roundup

Here are the stories we’re paying attention to this week…

U.S. Gov's Securing the Software Supply Chain guidelines: A roadmap for the post-SolarWinds world (develop.secure.software)

The U.S. Federal Government dropped what may be its most significant statement on software supply chain security. Here are four key takeaways from the government’s report which recommends practices for development teams.

Critical RCE vulnerability affects Zyxel NAS devices - firmware patched released (The Hacker News)

Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices. The issue relates to a "format string vulnerability" affecting NAS326, NAS540, and NAS542 models.

QNAP tells NAS users to "take immediate action" after new wave of DeadBolt ransomware attacks (Graham Cluley)

Owners of QNAP NAS drives have been advised to “take immediate action” in the wake of a new wave of DeadBolt ransomware attacks. According to a news release by NAS manufacturer QNAP, the DeadBolt ransomware is exploiting a vulnerability in QNAP’s Photo Station software to encrypt data stored on victim’s drives.

New stealthy Shikitega malware targeting Linux systems and IoT devices (The Hacker News)

A new piece of stealthy Linux malware called Shikitega has been uncovered adopting a multi-stage infection chain to compromise endpoints and IoT devices and deposit additional payloads.

Violence-as-a-Service: brickings, firebombings, and shooting for hire (Krebs on Security)

A 21-year-old New Jersey man has been arrested and charged with stalking in connection with a federal investigation into groups of cybercriminals who are settling scores by hiring people to carry out physical attacks on their rivals.

Montenegro is the victim of a cyberattack (Schneier on Security)

Details are few, but Montenegro has suffered a cyberattack. Russia is being blamed, with the assumption that “they’re the obvious perpetrator,” despite a lack of evidence.