Generational Security Gap, BlackByte Data Theft, & Apache Vulnerability

Generational security gaps, BlackByte introduces a new tool, and Apache vulnerability.

Latest Threat Intel News:

Gen Z and Millenials Less Serious about Security at Work

According to a recent report released by EY, Gen Z and Millennials are less serious about cybersecurity at work. A survey found that 58% of Gen Z and 42% of Millennials report disregarding mandatory IT updates for as long as possible compared to 31% of Gen X and 15% of Baby Boomers. Reusing passwords for professional and work accounts was likewise found to be much higher with Gen Z and Millennials than prior generations. If you’re reading this cybersecurity blog we probably don’t need to tell you the importance of regular IT updates that often include security patches, or about the folly of reusing passwords across professional and personal accounts.The EY report also contains advice for helping all employees adhere to best practices in your company’s cybersecurity posture. For example, making cybersecurity education personal can bridge the generational gap in the workplace when it comes to security behaviors, and using carrots instead of sticks can promote a culture that rewards good practices rather than punishing mistakes.

Why This Matters

While it may be tempting to cast blame across generational lines, take research like this as instructive. Rather than a one-size-fits-all approach to cybersecurity education, this may reveal a need to approach things differently. As prior generations work longer, the workplace has a mix of cohorts, each with a very different habitus. There are a variety of improvements to be made to modern cybersecurity training outside of mandatory videos and an annual quiz.

Additional Information:

• Gen Z and millennials less serious about cybersecurity on work-issued devices than personal (EY Consulting)

BlackByte Ransomware Adds a New Data Theft Tool

BlackByte ransomware has begun using its own tool, ExByte, to quickly steal data from victims. ExByte is designed to be stealthier and more efficient. Upon execution, the malware checks for evidence of antivirus and sandbox-related files that indicate a security researcher is trying to analyze a malware sample. The program then enumerates all documents including .txt, .doc, and .pdf files before uploading these to the attackers’ cloud infrastructure. With this development, BlackByte joins the ranks of Lockbit and BlackCat (ALPHV), two other ransomware gangs that we recently reported are upgrading their data theft capabilities. Data theft is clearly becoming an area of focus for ransomware gangs given this pattern of recent investments.

Why This Matters

Double extortion is a common term to indicate modern ransomware operators’ twin goals to 1) steal data and 2) encrypt systems. This method was developed to increase the chances that a victim organization would pay a ransom even if they had viable backups. Threat actors will often threaten to leak stolen data on the dark web or sell it to the highest bidder in order to receive some profit for their efforts.

Additional Information:

• BlackByte Ransomware Attackers Deploy New Exfiltration Tool (Symantec)

Apache Commons Text Vulnerability (CVE-2022-42889)

A new vulnerability in open-source software garnered significant attention this week as some compared it in scale to the Log4j vulnerability of 2021, although it is unlikely to have the same widespread impact. The flaw, nicknamed Text4Shell, affects the Apache Commons Text utility used in Java-based software to evaluate and process text for a variety of different use cases. An unauthenticated threat actor can execute arbitrary commands on systems running applications with the vulnerable code. This could lead to the wider compromise of the underlying system. 

While Apache Commons Text is widely used, the specific components of code with the flaw may not be as commonly utilized. Organizations using Commons Text in software they write should update to version 1.10 and ensure they are validating and sanitizing any untrusted input in their code.

Why This Matters

Since open-source software is used widely and in a variety of contexts, it is a major source of concern in information security. Log4j was a haunting example of a widespread piece of open-source software with a vulnerability that will likely linger for years. Fortunately, Text4Shell does not appear to be as pervasive. Organizations should still be ready to apply vendor updates and check their own code to ensure they’re not vulnerable. While not as many organizations will have Text4Shell, those that do should take steps to protect themselves.

Additional Information: 

• CVE-2022-42889: interpolations that allow RCE disabled in Commons Text 1.10.0 : Apache Security Team (Apache)

• NVD - CVE-2022-42889

• Experts downplay reach of Apache bug ‘Text4Shell’ (The Record)

This blog post and its contents are intended for general guidance and informational purposes only. This blog post is under no circumstances intended to be used or considered as specific insurance or information security advice.