Cybersecurity News: Hive Ransomware Takedown, APT29 Malware, Closing the Cybersecurity Talent Gap

4 minute read

February 2023

In this episode of GRXcerpts:

  • Hive Ransomware Takedown
  • Russian-Linked APT29 Malware
  • Breach Notifications
  • Closing the Cybersecurity Talent Gap

Watch now:

Hive Ransomware Takedown

There’s good news on the fight against ransomware. Agencies from around the world combined efforts and were successful in seizing the Hive ransomware website, taking down their servers, and temporarily dismantling their network. In addition, US officials revealed that FBI agents secretly hacked into Hive systems in July of 2022, enabling them to identify targets and obtain decryption keys that allow victims to recover encrypted files, without paying a ransom. The Hive ransomware operation has victimized over 1,300 companies worldwide, ​​including hospitals, school districts, financial companies and critical infrastructure in more than 80 countries, and captured an estimated $100 million dollars in ransom payments. Authorities continue to investigate Hive operations in an effort to identify the cyber criminals involved, and are offering rewards up to $10 million dollars for information leading to their arrest. Officials also caution that until the group is arrested, they will never truly be gone, and their malicious activities may reappear over time.

Russian-Linked APT29 Malware

And just as one malicious group is disbanded, another one emerges. A new Russian-linked cyber espionage group has been observed staging new malware attacks targeting embassy staff and ambassadors. APT29, also known as Cozy Bear, the Dukes, Nobelium, and Yttrium, is believed to be sponsored by the Russian Foreign Intelligence Service and may have orchestrated multiple high-profile attacks, including the 2020 SolarWinds attack. CyberGRX partner Recorded Future first identified the new malware in October of 2022, which used a compromised website with embassy themes to lure visitors and then infect them with GraphicalNeutrino malware. The threat, which uses the US-based business automation service Notion for command and control, is a loader that packs numerous anti-analysis capabilities, including sandbox evasion, API unhooking, and string encryption. A second nearly identical GraphicalNeutrino sample was discovered days later, which Recorded Future believes will also employ ambassadorial or embassy themes as lures and will be used during periods of heightened geopolitical tensions, such as the ongoing war with Ukraine.

Breach Notices

Unfortunately, cyber incidents are not a question of “if” but “when. 

New data from Identity Theft Resource Center’s Annual Breach Report shows 2022 had the highest number of publicly reported data compromises in a single year, but at the same time, two thirds of breach notices did not include enough details to help individuals or businesses determine their potential risk. In the US, the burden of determining the risk to individuals or business partners is on the organization that was compromised– and these companies may be withholding information, according to the ITRC, a non-profit organization focused on identity crime. As an example, DoorDash, LastPass, and Samsung were called out for issuing breach notices with limited-to-no detail about what happened and who was impacted. Especially when a third party is breached, customers need proper information to respond appropriately– it’s not what you know but what you don’t know that will get you into trouble.

Closing the Cybersecurity Talent Gap

Our current economic climate has led to layoffs from SMBs to some of our most prominent brands. In January alone, Google laid off 12,000 employees, Amazon and Microsoft laid off a combined 28,000 people, Meta laid off 11,000, and the list goes on. No industry is immune to the downsizing, with some smaller cybersecurity vendor firms also affected. So the question becomes, could the influx of experienced tech professionals help to fill the cybersecurity talent shortage? SecurityWeek examined the skills available in the workforce and the skills required by employers. Their observation is that those laid off know how to work a computer, but may not necessarily understand how computers work. In other words, there is still a skills gap needed to enter cybersecurity roles today. However, there is opportunity to close the gap, if employers are willing to adjust attitudes and hiring criteria, which typically requires cybersecurity experience plus certifications plus university degrees. Per Dave Stapleton, CISO at CyberGRX, “Organizations need to look for candidates that are passionate and willing to learn and then commit to providing mentorship and allocating resources for formal education and on-the-job training.” Dave Gerry, CEO of Bugcrowd takes a similar approach, recruiting individuals from non-traditional backgrounds, which he says significantly expands his candidate pool and with the right training, can have incredibly high-potential. Could the recent layoffs and downsizing be the silver lining for developing the next generation of cybersecurity talent? That’s up to you to decide.

All information is current as of January 30, 2023. Subscribe to receive future episodes as they are released.

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit