In Brief More than 40 percent of surveyed IT security professionals say they've been told to keep network breaches under wraps despite laws and common decency requiring disclosure.

That's according to Bitdefender's 2023 Cybersecurity Assessment report, which was published this month. According to responses from large companies in the US, EU, and Britain, half of organizations have experienced a data leak in the past year with America faring the worst: three quarters of respondents from that side of the pond said they experienced an intrusion of some kind.

To further complicate matters, 40 percent of IT infosec folk polled said they were told to not report security incidents, and that climbs to 70.7 percent in the US, far higher than any other country. When told to keep mum about breaches, 30 percent of the total global respondents said they followed through and obeyed those orders when they knew it should have been reported. In the US, that number climbs to 54.7 percent of the total. 

Globally, 54.3 percent of respondents said they were worried their organization was at risk of legal action due to incorrect handling of a security breach. Unsurprisingly, that number also spikes among US respondents, 78.7 percent of whom said they were worried their companies were open to legal action due to a bad breach response.

Despite those worrying statistics, a whopping 94 percent said they're still confident in their organization's ability to respond to cybersecurity threats. Is this a massive blindspot, negligence - or what? According to Bitdefender, it's simply par the course for a cybersecurity industry stretched to the breaking point.

"The findings in this report depict organizations under tremendous pressure to contend with evolving threats such as ransomware, zero-day vulnerabilities and espionage, while struggling with complexities of extending security coverage across environments and ongoing skills shortage," said Andrei Florescu, deputy GM and SVP of product at Bitdefender Business Solutions Group. 

We note that the survey involved 400 IT pros, so bear that relatively small sample size in mind.

Sneaky Rorschach ransomware appears

A ransomware strain first identified early this year has reared its head in the US, says Checkpoint.

Dubbed "Rorschach" because "each person who examined [it] saw something a little bit different," said Checkpoint, this particular strain of ransomware is a nasty one not only for how well it disguises its presence, but also for how it uses DLL side-loading by exploiting legitimate software manufactured by Palo Alto Networks, the Cortex XDR Dump Service Tool, to gain a foothold. 

According to Checkpoint, Rorschach shares a number of similarities with Babuk and LockBit ransomware strains, but still appears to be novel, "sharing no overlaps that could easily attribute it to any known ransomware strain." 

Rorschach is partly autonomous, highly customizable, and is one of the fastest-encrypting ransomware samples Checkpoint says it's ever seen. Prior to its arrival on US shores, Rorschach was also tracked as BabLock in Europe, where Group-IB said it managed to stay under the radar by not operating a dedicated website publicizing its leaks and asking for relatively small ransoms. 

Palo Alto Networks said it's readying a version of Cortex XDR Dump Service Tool that won't be vulnerable to the malware's exploitation.

And finally, Russians face outing and sex toy drama

Two interesting cases popped up over the weekend relating to Russia and Ukraine.

The volunteer Ukrainian group InformNapalm has published documents that a crew dubbed Cyber Resistance claimed were swiped from the compromised email account of Ukrainian-born GRU officer Lieutenant Colonel Sergey Alexandrovich Morgachev, who you may remember from the FBI's most wanted list. He's wanted on charges of interfering with the 2016 US elections, conspiracy to commit computer crimes, and money laundering.

There's some surprising data in this email leak. There are numerous references to Cobalt Strike-based attacks, not to mention a parsimonious salary. All the stolen emails have reportedly been shared with the FBI and other interested parties.

The group also ordered sex toys on Morgachev's credit card, the same tactic it reportedly used against a pro-Russian war blogger Mikhail Luchin, who had been trying to raise funds for drones to be used in Putin's invasion of Ukraine.

"So instead of drones, Mikhail will now send to the invaders trucks of dildos, strap-ons and other things useful to every Russian that we ordered and paid for with his card on AliExpress," the Cyber Resistance crew bragged.

Luchin said he had failed to get a refund, and vowed to use the hack to his advantage.

"I will open a sex shop here, make 300 per cent profit and buy three times more drones," he argued. "It would be good to have a Kalibr missile." ®

https://www.theregister.com//2023/04/11/in_brief_security/