[ad_1]
When they are ransomware hackers hit the Colonial Pipeline last month and close gas distribution together A large part of the east coast of the United States, the world woke up to the danger of a digital disruption in the petrochemical pipeline industry. It now appears that another pipeline-focused business was also hit by a group of ransomware at the same time, but remained silent, even as 70 gigabytes of internal files were stolen and thrown into the dark network.
Last month, a group identified as the Xing Team posted a collection of stolen files to LineStar Integrity Services on its dark website, a Houston-based company that sells audit, compliance, maintenance and technology services to pipeline customers. He has seen the data for the first time online WikiLeaks style transparency team Distributed secret denials, or DDoSecrets, which includes 73,500 emails, accounting files, contracts and other business documents, about 19 GB of software code and data, and 10 GB of human resources files, including employee driving license and Social Security card scanners. And while the breach appears to have caused no disruption to infrastructure such as the Colonial Pipeline incident, security investigators have warned that the leaked data could give hackers a roadmap to target more pipelines. LineStar did not respond to comments.
DDoSecrets, which makes practice crawl data filtered by ransomware groups as part of its mission to reveal data that is worth analyzing in public, it posted 37 gigabytes of the company’s data on its filter site on Monday. The team said it could be careful to draft potential software data and code – DDoSecrets says hackers can allow hackers to find or exploit vulnerabilities in pipeline software – as well as leaked human resource material in an effort to exclude LineStar employees. ‘sensitive and personally identifiable information.
However, the edited files reviewed by WIRED remain online. Joe Slowik, a threat intelligence researcher at Gigamon Security, who has led the Los Alamos National Labs incident response to critical infrastructure security for years, argued Joe Slowi, information that will allow other pipelines to be tracked. Slowik warns that it is not yet clear what sensitive information can be accessed at 70 GB, he is concerned that information about the software architecture or physical equipment used by LineStar customers may be included, as LineStar provides information technology and industrial control systems. . pipeline customers.
“You can use that to fill in a lot of routing data, depending on what’s in it,” says Slowik. “It’s very worrying, not only because of people’s driver’s license information or other items related to Human Resources, but also because of data related to the operation and more critical functionality of those networks.”
Xing Team is relatively new to the ransomware ecosystem. But while the band writes its name with a Chinese character on its dark website – and the mandarin comes from the word “star,” there’s little reason to believe the band is Chinese based on that name, says Brett Callow, a ransomware. focused researcher with the anti-virus company Emsisoft. Callow says the Xing Team has seen it use an upgraded version of Mount Locker malware to encrypt victims ’files, as well as threaten to leak unencrypted data as a way to extort payment from targets. In the case of LineStar, the Xing Team seems to have followed suit.
This leak, in turn, could be a stepping stone for other ransomware hackers, who often comb out dark web data dumps to get information that can be used to represent companies and target customers. “If a pipe company were to steal data, this would allow the construction of a fairly conventional spearphishing email for the pipe company,” Callow says. “We absolutely know that teams do that.”
[ad_2]
Source link
