Reporter Referred to Missouri Prosecutor for Notifying State About Data Leak
A reporter at the St. Louis Post-Dispatch who alerted the Missouri Department of Elementary and Secondary Education (DESE) that a web application was leaking the sensitive data of teachers and other school workers has been reported to the Cole County prosecutor by state Governor Mike Patterson. Governor Patterson has also threatened to initiate criminal proceedings against anyone who assisted the reporter or who also accessed the...
Operator of Botnet Used for DDoS and Password Spraying Attacks Arrested in Ukraine
A hacker alleged to be the creator and manager of a powerful botnet consisting of more than 100,000 devices has been arrested by law enforcement officers in Ukraine. The unnamed hacker was arrested at his home in Prykarpattia and computer equipment was seized that was being used to control the botnet. The botnet was used by paying customers for a variety of attacks, including Distributed Denial of Service (DDoS) attacks, spamming,...
Ransomware Intrusion Actor FIN12 is Aggressively Targeting the Healthcare Sector
While healthcare providers were struggling to cope with providing care to COVID-19 patients during the pandemic, they have been under attack from ransomware gangs. One group which has been particularly active and has been targeting the healthcare industry is FIN12. Approximately 20% of the attacks conducted by FIN12 since September 2020 have been on the healthcare industry, with other targeted sectors including education,...
9 out of 10 Malware Delivered via HTTPS Encrypted Connections
The latest Internet Security Report from WatchGuard Technologies has confirmed the majority of malware infections occur via HTTPS encrypted connections, which demonstrates the importance of implementing a web filtering solution capable of HTTPS inspection. If HTTPS inspection is not enabled, businesses will have no visibility into HTTPS encrypted traffic and 9 out of 10 malware downloads will not be identified and blocked. The Q2,...
October is National Cybersecurity Awareness Month
2021 National Cybersecurity Awareness Month has kicked off with the goal of improving awareness of cybersecurity and the importance of adopting cybersecurity best practices to make it harder for hackers, phishers, and online scammers to succeed. Digital safety and security have never been more important, with cyberattacks on businesses at record levels and ransomware gangs conducting huge numbers of attacks. “Our Nation is under a...
Insider Risk Self-Assessment Tool Released by CISA
Public and private sector organizations are being targeted by threat groups looking to gain access to their networks and sensitive data, but not all threats are external. Steps must also be taken to protect against insider threats, which can be just as harmful. Insiders pose a serious threat to any organization. Malicious insiders have the advantage of having institutional knowledge and being trusted with access to sensitive data and...
Security Agencies Publish New Guidance on Selecting VPN Solutions and Hardening Security
Joint guidance has been released by the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) on selecting Virtual Private Network (VPN) solutions and hardening security. VPN solutions are implemented to improve security for remote workers, as they create an encrypted tunnel into protected networks through which all data traffic is routed; however, VPN entry points into networks can be...
Women and Minorities More Likely to Be Victims of Cybercrime
Just as there is inequality in life, there is also inequality online. Demographics play a big part in how individuals are targeted by cybercriminals and some groups of people are much more likely than others to be victims of cybercrime, according to a recent survey of 5,000 people in the United States. The study, conducted by Malwarebytes in partnership with Digitunity and the Cybercrime Support Network, is detailed in the recently...
Cyberattacks on IoT Devices More Than Double in a Year
A new report from Kaspersky found attacks on Internet-of-Things (IoT) devices have more than doubled since 2020, as cyber threat actors are increasingly turning their attention on the devices to steal sensitive data, hijack the devices and add them to botnets for conducting DDoS attacks, and for installing cryptocurrency miners. Between January 1 and June 30, 2021, Kaspersky says telemetry data collected through its honeypots shows...
288% Increase in Ransomware Attacks Between Q1 and Q2, 2021
There was a massive 288% surge in ransomware attacks between the first and second quarters of 2021, according to research recently published by NCC Group. The Conti ransomware gang was the biggest threat in this period, having conducted 22% of the attacks. The Avaddon ransomware gang was also particularly active and was behind 17% of the attacks. The Avaddon ransomware-as-a-service (RaaS) operation is believed to have been shut down,...
9 Out of 10 Industrial Companies Vulnerable to Cyberattacks
A recent study conducted by Positive Technologies has revealed 91% of industrial companies are vulnerable to cyberattacks. Positive Technologies’ penetration testers determined vulnerabilities had not been addressed in all of those companies, and that external cyber threat actors could exploit the security vulnerabilities to gain access to their corporate networks, obtain credentials, and take full control of their IT infrastructure....
CISA Adds Single-Factor Authentication for Remote and Administrative Access to Cybersecurity Bad Practices Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its list of cybersecurity bad practices that should be avoided. The Bad Practices Catalog was first published in July 2021 and, upon its launch, only included two entries. A third has now been added to the list. The list includes practices that CISA advises against due to them being exceptionally risky. The entries on the list may seem obvious security errors...
38 Million Records Exposed Online Due to Default Settings in Microsoft App Building Tool
Researchers at UpGuard have discovered a huge amount of sensitive data have been exposed over the Internet due to default permissions not being changed on a tool developed by Microsoft for building apps. The researchers discovered many Microsoft Power Apps portals had not had the default settings changed, which were set to public access. An investigation was launched by the researchers in May 2021 after the discovery of one leaking...
CISA Publishes Guidance on Protecting Sensitive Data from Ransomware-Caused Data Breaches
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published new guidance to help public and private sector organizations deal with the increasing ransomware threat, specifically ransomware gangs using double extortion tactics in which sensitive data are located and exfiltrated prior to file encryption. Double extortion has become the norm in ransomware attacks. When data are stolen, victim organizations are required...
T-Mobile Investigating Potential Breach of Data of Millions of Customers
On Friday August 14, 2021, a cyber threat actor listed a stolen database for sale on a hacking forum which includes data from a recent hack of servers belonging to T-Mobile that allegedly contains the sensitive personal data of around 100 million T-Mobile customers. The database allegedly contains customer names, International Mobile Subscriber Identity numbers (IMSIs), International Mobile Equipment Identity numbers (IMEIs), phone...
NCSC Recommends Against Arbitrary Password Complexity Requirements
The UK National Cyber Security Centre (NCSC) has made new recommendations for password creation that are intended to ensure passwords meet requirements for complexity while also making them easy for users to remember. While the latest password guidance may reduce password complexity compared to the standard password advice of creating passwords consisting of a random selection of characters, the former approach hasn´t been wholly...
NSA/CISA Publish Guidance on Improving Kubernetes Security
The U.S. National Security Agency (NSA) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued new guidance on improving Kubernetes security. The guidance document includes best practices for securing container environments and blocking key threats such as supply chain attacks, data theft, and malicious attacks by insiders. Kubernetes is an open-source container-orchestration system used to automate the...
Average Data Breach Costs Reach Record Level of $4.24 Million per Breach
IBM Security has published its 2021 Cost of a Data Breach Report. The report is based on an analysis of data breaches at 500 organizations between May 2020 and March 2021 and shows data breach costs have increased by 10% year-over-year. Data breach costs are now at the highest they have been in the 17 years that IBM Security has been publishing data breach cost reports. The average cost of a data breach is now $4.24 million, having...
Kaseya Obtains Universal REvil Ransomware Decryptor for Customers and Downstream Businesses
Kaseya has obtained a universal decryptor for REvil ransomware and will be working with all customers affected by its July 2021 ransomware attack, which affected around 60 of its customers and an estimated 1,500 downstream businesses. In early July, the REvil ransomware gang exploited one or more zero-day vulnerabilities in the Kaseya Virtual System/Server Administrator (VSA) platform, and then used the software update mechanism to...
Kaseya Supply Chain Attack on MSPs Sees REvil Ransomware Delivered to Several Thousand Companies
On Friday July 2, 2021, an affiliate of the REvil ransomware-as-a-service operation delivered the REvil ransomware payload to dozens of Kaseya customers including many managed service providers (MSPs) and, through them, thousands of their customers. Victims have been issued with ransom demands based on the extent to which they were affected by the attack, with ransom demands starting at around $45,000 for small businesses and rising...
CISA Creates Catalog of Bad Practices in Cybersecurity
The Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security has published a catalog of bad practices in cybersecurity. These practices are commonplace and exceptionally risky. If these practices are not eradicated, organizations will be vulnerable to hacking. Improving critical infrastructure cybersecurity is a major focus of the U.S. government following the recent SolarWinds Orion supply...
422% Year-Over Year Increase in Ransomware Attacks, but a 50% Decline in Q1, 2021
The number of successful ransomware attacks increased by 422% between Q1, 2020 and Q1, 2021 according to data released by Mandiant. The increase was seen in the number of datasets uploaded to data leak sites by ransomware gangs. While there was a major increase in attacks in 2020, the June 2021 McAfee Threats Report shows there was a 50% decrease in ransomware attacks in Q1, 2021 indicating the upward trend in attacks has come to an...
NIST Publishes Draft Ransomware Risk Management Guidance
The National Institute of Standards and Technology (NIST) is seeking comments on new draft guidance to help businesses protect against ransomware attacks and recover quickly should an attack succeed. Ransomware attacks on businesses increased sharply in 2020, with many threat actors also exfiltrating data prior to encrypting files. This double extortion tactic pressures victims into paying the ransom to prevent the sale or exposure of...
Study Reveals Remote Workers Have been Taking Security Shortcuts While Working From Home
The pandemic forced many employers to allow their employees to work from home, but now that governments have lifted restrictions, many employers have taken the decision to allow their employees to continue to work remotely. 9 out of 10 organizations surveyed by McKinsey said they believed a hybrid work model was the way forward for post-pandemic workforces. While there have been reports that workers are happier working remotely and...
80% of Global Organizations Suffer Further Attacks After Paying Ransomware Operators
You suffer a ransomware attack and decide to pay the ransom to regain access to your data, but that may not be the end of it. Chances are that after paying you will be attacked again and will be issued with a further ransom demand. How frequently do these double attacks occur? According to a recent report by Cybereason, 80% of global organizations that paid a ransom experienced a further attack, often by the same threat group that was...
Avaddon Ransomware Gang Shuts Down Operation and Releases Decryption Keys
Avaddon ransomware is no more. The operation has been shut down and decryptors have been released that allow victims to recover their files free of charge. On June 11, 2021, Bleeping Computer received an anonymous tip which appeared to have come from the FBI and included a link to a password protected ZIP file and a password. The file included 2,934 decryption keys for Avaddon ransomware – all outstanding victims that have not yet...
Take Ransomware Seriously, Warns White House
Ransomware attacks have been increasing and it is now common for the threat actors behind these attacks to not only encrypt data to prevent access, but also to steal data prior to file encryption and then threaten to sell or publish the data if the ransom is not paid. Data exposure or data loss can have major consequences but the biggest threat for businesses is often the downtime caused by a successful attack. It is often this...
FBI Says REvil Behind Ransomware Attack on JBS Foods
The Federal Bureau of Investigation (FBI) has issued a statement about the recent ransomware attack on the JBS Foods attributing the attack to the REvil (Sodinokibi) ransomware gang. Sao Paulo, Brazil-based JBS Foods is the world’s largest meat processing company. The ransomware attack occurred in the early hours of Sunday May 31, 2021 and encrypted data on servers supporting its North American and Australian IT systems. JBS acted...
New Report Highlights Scale of Attempted Cyberattacks
One tactic commonly adopted by organizations to improve their security posture is to block traffic from countries where hackers are known to reside: Russia, China, North Korea for example. If a business has no dealings with those countries, it is a sensible tactic, but one which could lead to a false sense of security. Hackers may be based in those countries, but that may not be where their command and control infrastructure is...
How to Avoid Using the Most Common Passwords
How to Avoid Using the Most Common Passwords When people create an online account requiring a username and password, many choose one of the most common passwords because they are easy to remember. The password may include a memorable string of keyboard characters (i.e., “qwerty”), a person´s name (i.e., “ashley”), the name of a device they are using (i.e., “samsung”), or some other phrase that means something to them (i.e.,...
Studies Provide Insights into Vulnerability Exploitation and the Best Patching Policies
If you want to prevent threat actors from exploiting vulnerabilities and gaining access to your network, you need to make sure you patch promptly, but that is much easier said than done. You could work full time patching flaws, but you still may never get everything fully patched and up to date, so it is necessary to prioritize and ensure that the vulnerabilities most likely to be exploited are addressed. But how should you prioritize...
DarkSide Ransomware Operation Shuts Down and RaaS Operators Place Limits on Attacks by Affiliates
The DarkSide ransomware gang, which was responsible for the cyberattack on Colonial Pipeline that caused the shutdown of fuel pipelines supplying 45% of the fuel needs of the East Coast of the United States, has been shut down. The group lost access to its data leak site, payment server, and DOS servers last week, and the funds in its cryptocurrency wallets have been transferred to an unknown wallet. The Colonial Pipeline ransomware...
Colonial Pipeline and Brenntag Pay Ransoms to DarkSide Ransomware Gang
The DarkSide ransomware attack on Colonial Pipeline that disrupted fuel supplies to the East Coast for almost a week and triggering a spike in fuel prices has now been resolved, but only after a ransom of around $5 million was paid to the attackers for the keys to unlock encrypted files. The attack started on Friday May 7, with Colonial Pipeline taking the decision to shut down its systems to contain the attack which also required the...
Largest Fuel Pipeline in United States Shut Down due to Ransomware Attack
The largest fuel pipeline in the United States has been forced to shut down due to a ransomware attack, with the United States declaring a state of emergency over the attack. Colonial Pipeline confirmed the cyberattack occurred over the weekend. The decision was taken to take its systems offline to contain the threat, which has resulted in a temporary halt to all pipeline operations. The 5,500-mile fuel pipeline passes through 12...
Data Exfiltration Extortion Attacks Spike and Ransom Payments Increase
Payments to resolve ransomware and data exfiltration extortion attacks increased in the first quarter of 2021, with the rise largely due to the Accellion legacy File Transfer Appliance (FTA) cyberattack and attacks by small ransomware groups such as CLoP. CLoP was highly active throughout Q1 and was the 4th most common ransomware variant in Q1, having not even been in the top 10 in Q4, 2020. Ransom payments declined in the last...
Even When Warned, Many Users Do Not Change Breached Passwords
Google has launched its Password Checkup service on chrome, which displays a warning to users when they login to a website using a password that is known to have been compromised in a previous data breach. Each username is checked against a database of more than 5 billion compromised logins. If the password used matches one associated with the same username in the database, the warning is triggered. The chrome extension has been added...
Actively Exploited Zero Day Vulnerability Identified in Pulse Secure Connect VPN
A critical zero-day vulnerability has been identified in Pulse Secure VPN appliances that is being actively exploited by a Chinese advanced persistent threat group. The vulnerability is being chained with previously disclosed Pulse Secure Connect vulnerabilities to gain persistent access to vulnerable appliances and achieve lateral movement within victims’ networks. Targeted organizations include government agencies, defense, critical...
FBI Removes Malicious Web Shells from Hundreds of Corporate Exchange Servers
The Federal Bureau of Investigation (FBI) has removed malicious web shells from hundreds of corporate servers in at least 8 states without the knowledge or permission of the owners of the servers. The web shells were installed on corporate Exchange Servers that had previously been compromised by Advanced Persistent Threat (APT) groups by exploiting the ProxyLogon Microsoft Exchange Server vulnerabilities. It has been more than a month...
Are You One of the 533 Million Facebook Account Holders Affected by This Data Breach?
The personal information of 533 million Facebook account holders has been leaked online on a public hacking forum. The incident that resulted in the theft of such a huge amount of Facebook data is believed to be a 2019 hack that exploited the “Add Friend” Facebook security bug, rather than a more recent hack. The flaw allowed information such as the account holder’s name, Facebook ID, mobile number, gender, occupation, city, country,...
United States Data Protection and Privacy Laws
Although not the first state law to address data protection and consumer privacy, the passage of the California Consumer Privacy Act (CCPA) made the headlines in 2018 due to being closely modeled on the EU´s General Data Protection Regulation (GDPR). The CCPA requires organizations with revenues of more than $50 million, organizations that buy, receive, or share the personal data of more than 100,000 Californian residents or...
Verkada Hacker Indicted on 8 Counts of Computer Crimes and Fraud
The hacktivist who gained access to the systems of the cloud-based enterprise security camera platform provider Verkada in March 2021 has been indicted on criminal hacking charges and faces up to 27 years in jail. A federal grand jury charged Till Kottmann, 21, for a string of computer intrusion and identity and data theft activities that started in 2019 and continued until the hacking of Verkada in March. Kottmann, who goes by the...
Retaliation Against Company Over Complaint Sees IT Worker Jailed for 2 Years
It may be satisfying taking retaliatory action against a company that complains about the quality of your work and gets you fired, but consider the repercussions for such an action, as Deepanshu Kher, 32, from Delhi, India will be doing for the next two years while he serves his sentence in Federal prison. Kher worked as an IT contractor for a US IT consulting firm from 2017 to May 2018. His employer won a contract to assist a...
Acer Ransomware Attack: $50 Million Ransom Demand Issued
The REvil ransomware gang gained access to the systems of the Taiwanese computer giant Acer and stole sensitive data before encrypting data. It has been confirmed that a ransom demand was issued for $50 million to ensure the stolen files are deleted and for the keys to unlock the encrypted files. That demand is set to double to $100 million if prompt payment is not made. According to Bleeping Computer, over the weekend, the REvil gang...
Internet Crime Complaints Increased by 69% in 2020 with $4.2 Billion in Losses to Cybercrime
During the pandemic, cybercriminals stepped up their attacks on businesses and individuals and record numbers of complaints about cybercrime were filed with the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3). 69% more complaints were filed with IC3 than 2019, which received 791,790 complaints about cybercriminal activity such as phishing attacks, ransomware and malware, and a wide range of online scams....
TrickBot Becomes Biggest Malware Threat Following Emotet Takedown
The Emotet botnet was the biggest malware threat until a joint law enforcement operation succeeded in taking the botnet down. Emotet was primarily used as a malware loader, with the malware-as-a-service operation used to distribute several malware variants. The takedown of the Emotet botnet only caused temporary disruption to malware distribution, with cybercriminals quick to switch to other botnets to distribute their malware...
Hacking Collective Accesses Live and Archived Feeds from 150,000 Verkada Security Cameras
Verkada, a California-based provider of enterprise video security cameras is investigating a hacking incident which saw hackers gain access to the video footage of its customers’ facilities across around 150,000 security cameras. Customers include Tesla and Cloudflare, penitentiaries, hospitals, gymnasiums, schools, factories, and police stations. Bloomberg reports it received footage obtained by the hackers and verified its...
Microsoft Fixes 82 Vulnerabilities on March 2021 Patch Tuesday Including One Actively Exploited 0Day Flaw
March 2021 Patch Tuesday saw Microsoft deliver patches for 82 vulnerabilities across its product range, including fixes for 10 critical flaws and 2 zero-day vulnerabilities for which exploits have been made public. The remaining 72 vulnerabilities are all rated important. In addition to the patches released today, Microsoft issued 7 patches to correct flaws in Microsoft Exchange since February 2021 Patch Tuesday, four of which are...
SITA Passenger Service System Data Breach Impacts Multiple Air Carriers
SITA, a global provider of communication and IT solutions to the aviation industry, has suffered a breach of servers used for its Passenger Service System (SITA PSS). SITA PSS is used by many air carriers for processing airline passenger data as part of their frequent flyer programs. Hackers accessed its servers in Atlanta, GA in what SITA describes as a highly sophisticated cyberattack. The hackers were able to obtain the data of...
Trend Micro Reports 20% Increase in Blocked Threats in 2020
Trend Micro reports a 20% increase in the number of threats it identified and blocked in 2020. In total, 62.6 billion threats were blocked at an average of 112,000 per day, according to the Trend Micro 2020 Annual Cybersecurity Report – A constant State of Flux. “In 2020, businesses faced unprecedented threat volumes hitting their extended infrastructure, including the networks of home workers,” said Jon Clay, director of global...
Accellion FTA Extortion Attacks Linked to FIN11 and CL0P Ransomware Gang
In mid-December, threat actors started exploiting zero-day vulnerabilities in the Accellion File Transfer Appliance (FTA) product, and over the next few weeks it became apparent that many companies had suffered data breaches. The Accellion FTA was originally launched around 20 years ago to get around the problem of emailing large file attachments. Rather than emailing large files, individuals are sent links to the files hosted on the...
US Healthcare Data Breach Report Shows Breaches Increased by 55% In 2020
An analysis of 2020 healthcare data breaches has been conducted by Bitglass that shows the extent to which the healthcare industry was targeted by hackers. There was a sharp increase in hacking and IT incidents in 2019 and that trend continued in 2020 when 67% of all reported healthcare data breaches were the result of hacking/IT incidents. The healthcare records of 24.1 million individuals were exposed in those breaches – 91% of all...
Microsoft: Over 1,000 Hackers Suspected to be Involved in SolarWinds Hack
Microsoft President Brad Smith recently claimed the SolarWinds supply chain attack was “the largest and most sophisticated attack the world has ever seen” and may have involved more than 1,000 Russian operatives. The attack saw the code of the SolarWinds Orion solution updated so that when it was automatically updated a backdoor was inserted into all users’ networks that gave the attackers remote access. Many thousands of IT...
Ethical Hacker Breached 35 Companies Including PayPal, Microsoft, and Apple
An ethical hacker developed a novel supply chain attack that allowed him to gain access to the systems of more than 35 technology companies, including Microsoft, PayPal, Apple, Shopify, Netflix, Uber, and Tesla. Alex Birsan developed a technique that involved injecting malicious code into open source developer tools commonly used to install dependencies in developer projects. Dependencies are blocks of code that are shared across...
U.S. Companies Slow to Terminate Access to Systems When Employees Leave the Company
When an employee is terminated or leaves a company for other reasons, access to systems should be immediately revoked, but in the U.S., many companies are slow to block access, according to a study conducted by the Identity Defined Security Alliance (IDSA). The study was conducted on 313 U.S. professionals in HR, sales, and help-desk positions who had responsibility for setting up or revoking system access. All respondents worked at...
More Than 37 Billion Records Were Exposed in Data Breaches in 2020
A new report from Risk Based Security suggests the number of data breaches fell by 48% globally in 2020; however, the number of breached records increased by 141% to 37 billion. The data for the Risk Based Security 2020 Year End Report came from crawls of the Internet to find information on data breaches, with all cases then subject to manual review. The researchers identified 3,932 breaches that had been disclosed in 2020 and. The...
Patients Rerouted to Other Hospitals After Cyberattack on Belgian Hospital
A hospital in Belgium has suffered a cyberattack that has seen approximately between 40 and 80 of its 300 servers encrypted using Windows BitLocker. The hackers claim to have encrypted around 100TB of data but maintain that they do not steal data prior to file encryption so there will be no data leak if the hospital does not pay the ransom. The attack differs from many of the attacks on U.S. healthcare providers in recent months....
Cloud and Medical Device Security are the Top Challenges for Healthcare IT Teams
A recent 2021 IDG research study sponsored by Masergy and Fortinet explored the state of IT in the healthcare industry and revealed the key challenges faced by IT security teams. 2020 has certainly been a challenging year for the healthcare IT teams. In response to the pandemic, IT teams have had to accelerate digital transformations, greatly expand telemedicine, support an increasingly remote workforce, and cope with an increasing...
Hackers Behind European Medicines Agency Cyberattack Publish Stolen COVID-19 Vaccine Data
The hackers behind the cyberattack on the European Medicines Agency (EMA) have leaked some of the COVID-19 vaccination data that was stolen in the attack. The EMA is responsible for the evaluation and supervision of medicines and vaccines in the European Union and is the EU equivalent of the U.S. Food and Drug Administration (FDA). As such, all COVID-19 vaccines and medicines must be approved by the EMA before they can be used in the...
Third Malware Variant was Used by SolarWinds Hackers
As the investigations into the SolarWinds hack continue, CrowdStrike reports a third malware variant was used in the attack. Researchers at CrowdStrike discovered a malware variant dubbed Sunspot that consists of sophisticated novel code that was used to ensure the Sunburst backdoor was correctly delivered without raising flags to the SolarWinds developers that their build environment had been compromised. The main malware used in the...
Ransomware Attacks on Healthcare Organizations Continue to Rise with Ryuk the Biggest Threat
Cyberattacks on healthcare organizations have continued to increase over the past two months, according to research conducted by cybersecurity firm Check Point, and ransomware is now the biggest malware threat. In October, a joint security advisory was issued by the DHS’ Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) warning the...
Microsoft Says SolarWinds Hackers Viewed its Source Code
In December, Microsoft confirmed that it had downloaded the compromised SolarWinds Orion software update that contained the Sunburst/Solarigate backdoor. Microsoft previously announced that the backdoor had been detected but no evidence had been found to indicate its software was compromised and used in similar supply chain attacks on its customers. Investigations into the breach have been continuing and Microsoft has now confirmed...
CISA and CrowdStrike Release Free Azure/O365 Analysis Tools to Identify Malicious Activity
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a PowerShell-based tool for detecting unusual and potentially malicious activity in Azure/Office 365 environments. The tool can be downloaded free of charge and used by incident response teams to identify the identity- and authentication-based attacks that have been observed in multiple sectors in the wake of the SolarWinds...
SolarWinds Supply Chain Attack Impacts up to 18,000 Customers
Hackers successfully compromised the SolarWinds Orion software solution and incorporated a backdoor dubbed SUNBURST that has been downloaded by up to 18,000 of its customers, including many large enterprises and government agencies. SolarWinds Orion is a software solution used by large enterprises and government agencies to manage their IT networks and IT infrastructure. The software is used by all five branches of the U.S. military,...
Ransomware Gangs Cold Call Victims Attempting to Restore Files from Backups
Several ransomware threat actors have taken to cold calling victims who are attempting to restore their files from backups to pressure them into paying the ransom demand. Several ransomware gangs including Sekhmet, Maze, Conti, and Ryuk are known to be using this tactic, which started around August/September this year. The calls are scripted and are very similar across all of the different ransomware variants, which led Bill Siegel,...
Cyberattacks Increased During the Pandemic as Enterprises Struggled with Security with a Remote Workforce
A recent study conducted by the California based endpoint security and systems management company Tanium suggests enterprises have struggled with security during the pandemic and have experienced an increase in cyberattacks. Tanium commissioned a Censuswide survey of 1,000 CXOs and vice presents at enterprise and government organizations in the United States, United Kingdom, France and Germany in June 2020 to explore how they coped...
BEC Gang Members who Scammed More Than 50,000 Organizations Arrested
Image source: INTERPOL Three members of a cybercriminal gang that has attacked more 50,000 organizations have been arrested in Lagos, Nigeria. The arrests come at the end of a year-long investigation into the prolific business email compromise scammers by INTERPOL, Group-IB, and the Nigerian Police Force. The three gang members arrested are believed to be responsible for phishing scams, BEC attacks, and malware distribution on tens of...
FBI Issues Warning Following Increase in Ragnar Locker Ransomware Activity
A recent increase in Ragnar Locker ransomware activity has prompted the Federal Bureau of Investigation (FBI) to issue a warning to private industry partners. The alert provides information to help system administrators and security professionals protect against attacks. Ragnar Locker is a relatively new ransomware strain, first identified in April 2020. The ransomware variant was used in an attack by unknown threat actors on a large,...
Study Reveals New Financial Services Employees are Immediately Given Access to Millions of Files
A recent study conducted by Varonis has revealed new employees are given excessive permissions and can access a huge amount of company data from their first day on the job. The study was conducted on 56 companies in the financial services and Varonis analyzed a dataset of around 4 billion files. The study revealed employees have access to an average of 10.8 million files as soon as they join the company, with the number rising to...
Time to Switch from SMS and Phone-Based MFA to More Secure Authentication Methods
Multi-factor authentication is an important security measure to prevent compromised credentials from being used to gain access to accounts and sensitive data, but not all forms of MFA are equal. Earlier this year, Microsoft explained in a blog post that MFA is effective at blocking 99.9% of automated attacks on Microsoft accounts. While the advice remains the same – enable MFA on all accounts if possible – Microsoft is now urging...
Ransomware Gang Uses Hacked Facebook Account to Run Adverts Threatening Release of Campari Group Data
It is now common for ransomware gangs to steal data prior to encrypting files and to issue threats to publish or sell the stolen data if the ransom is not paid. This double extortion tactic was started by the Maze ransomware gang in 2019 but has since been adopted by many different threat groups. While companies attacked with ransomware usually have backups and can restore their systems in the event of an attack, the reputation damage...
Unprotected AWS S3 Bucket of Hotel Reservation System Contained 10 Million+ Files Containing Guests’ PII
Another day, another cloud misconfiguration. This time, more than 10 million files have been exposed that contained the personal information and credit card data of well over 10 million hotel guests. The exposed AWS S3 bucket was discovered by security researchers at Website Planet, who linked the data to the Spanish developer Prestige Software. Prestige Software is the developer of ‘Cloud Hospitality’, a software solution used by...
October Threat Report Shows 1,200% Increase in Emotet Attacks in Q3, 2020
New data from HP Inc. shows cyberattacks involving the Emotet Trojan increased by more than 1,200% between Q2, 2020 and Q3, 2020. The data for the company’s October 2020 Threat Insights Report come from HP Sure Click Enterprise, a security solution used on enterprise desktops and laptops that captures malware and allows it to run in a secure container. Data were collected from 1 July to 30 September 2020, with the report proving...
Ryuk Ransomware Gang Steps Up Attacks on U.S. Hospitals
The U.S Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have issued a warning to healthcare providers and public health agencies of an imminent threat of attacks using Ryuk ransomware. An advisory was issued on October 28, 2020 after credible evidence was uncovered indicating the operators of Ryuk...
Maze Ransomware Gang Shuts Down Operations
The Maze ransomware gang, which operated one to the most prolific ransomware campaigns over the past 18 months year, has shut down. The Maze ransomware operators were the first to utilize a double-extortion tactic involving the theft of data prior to the encryption of files to increase the likelihood of the ransom being paid. While all ransomware operations involve the encryption of files and the payment of a ransom in order to obtain...
78% of Microsoft 365 Administrators Have Not Enabled Multi-Factor Authentication
Despite the risk of phishing attacks and email account compromises, 78% of Microsoft 365 admins have not enabled multi-factor authentication and 97% of all Microsoft 365 users are not using MFA, according to a recent report published by CoreView Research. Multi-factor authentication is one of the most effective measures to prevent stolen credentials from being used to gain access to accounts. It is alarming that so few users and...
French IT Giant Suffers Ryuk Ransomware Attack
One of the largest French information technology consultancies, Sopra Steri, has been hit with a serious ransomware attack that forced its systems offline. Sopra Steri has a global customer base and provides outsourcing services to the UK National Health Service (NHS). According to a statement released by the French-headquartered IT firm, the attack impacted “all geographies”. The attack was detected on the evening of October 20,...
Coalition of Tech Firms Takedown TrickBot Botnet
The backend infrastructure of the TrickBot botnet has been taken down by a coalition of tech companies and government agencies, including Microsoft ESET, NTT, Black Lotus Labs, Symantec, and FS-ISAC. The takedown is the result of several months of painstaking work involving the analysis of more than 125,000 samples of the TrickBot Trojan by the coalition members, who studied the content and extracted and mapped information about how...
What is the Legal Recommended Email Archiving Retention Period?
Legal recommended email archiving retention periods differ considerably depending on the nature of a business’s operations and the regulations it is required to comply with. Why Do I Need to Retain Copies of Emails? Emails can contain important data that may be relevant for litigation. As with other forms of electronic data, emails must be retained and provided if requested by the courts. Federal laws demand the retention of email and...
$23 Million Ransom Demand Issued to Major German IT Firm
Software AG, a German IT firm that specializes in enterprise IoT software, has suffered a ransomware attack. Darmstadt, Germany-based Software AG serves around 10,000 customers in more than 70 countries, has around 5,000 employees, and annual revenues in excess of €800 million. On the evening of October 3, 2020, malware was installed on its network, according to a company press release. The attack was limited to its internal...
Surveys Raise Concerns About Security with a WFH Workforce
The COVID-19 pandemic has forced many businesses to allow employees to work from home or to adopt hybrid working, where employees spend some of their time in the office and some time working form home. During the lockdowns imposed by governments, most workers were using corporate-owned or personal devices to work from home. A recent survey conducted by cybersecurity firm Tessian explored the perceived risks of home working among 250...
Outbound Email Volume Grows During Pandemic, Increasing the Risk of an Email Data Breach
A recent survey conducted on 538 IT leaders has revealed 93% have experienced a data breach as a result of an email error, with 70% believing the move to remote working has increased the risk of outbound email breaches of sensitive data. The research was conducted by email security firm Egress and highlights the risk associated with outbound email and why it is important to implement an email security solution capable of scanning...
Almost a Quarter UK Corporate-Owned Computers and Smartphones Have No Antivirus Software Installed
A worrying percentage of businesses are not adequately protecting the devices they issue to their employees, according to new research commissioned by Kaspersky. Kaspersky commissioned Arlington Research to conduct interviews with 2,000 UK adult consumers in June 2020 to gain a better understanding of the state of cybersecurity at UK businesses. 32% of respondents said they had been provided with a desktop computer by their employer,...
CISA Issues Guidance on Malicious Network Activity Detection and Incident Response
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued a joint Cybersecurity Advisory offering technical guidance on identifying malicious activity and remediating cyberattacks. The guidance is based on research conducted by cybersecurity authorities in Australia, Canada, New Zealand, the United Kingdom, and the United States. The guidance has been written to help incident response teams...
Gartner Predicts CEOs Will be Held Personally Liable Cyber-Physical Incidents by 2024
Garter has predicted 75% of CEOs will be held personally liable for attacks on cyber-physical systems (CPSs) by 2024. CPSs are defined by Gartner as “systems engineered orchestrate sensing, computation, control, networking and analytics to interact with the physical world (including humans).” Cyberattacks on these systems would not only result in data loss, outages, and equipment failure, they could also easily cause physical harm and...
Google to Add MitM Protection Mechanism to Chrome 86 Warning Users About Insecure Forms
Google has announced that the Google Chrome browser will soon alert individuals about insecure forms on websites. Google is planning on rolling out the new feature in Chrome 86 to protect users from man-in-the-middle attacks. The new feature will generate an alert for mixed forms, which are forms on secure (HTTPS) websites that are delivered insecurely and pose a risk to users’ privacy and security. These insecure forms can be visible...
Netwalker Ransomware Gang Generates Over $25 Million in Ransom Payments in 5 Months
2020 has seen the Netwalker ransomware gang step up attacks on government organizations, healthcare providers, educational institutions, and private companies. In late July the FBI issued a Flash Alert warning about the increase in attacks. This week, McAfee has published data showing how successful those attacks have been. McAfee has been tracking payments made to the Bitcoin addresses known to be used by the threat group and $25...
Spear Phishing Used in Twitter Hack: Three Individuals Charged
In July 2020, Twitter was hacked and hackers temporarily took control of several high-profile Twitter accounts with millions of followers. The accounts were used to send Tweets as part of a Bitcoin scam, announcing that if Bitcoin was transferred, the payment would be sent back at double the amount sent. Approximately $120,000 in Bitcoin was sent to the Bitcoin wallets used by the scammers. The Twitter accounts of Elon Musk, Bill...
The Average Cost of a Data Breach is Now $3.86 Million
The 2020 Cost of a Data Breach Report from IBM Security has revealed the global average cost of a data breach is now $3.86 million, down 1.5% from 2019. While data breach costs fell on average year-over-year, in healthcare they increased by 10.5% to $7.13 million per breach, on average. There was also considerable variation in breach costs from country to country, with the United States having the costliest breaches. In the US, the...
Malware Attacks Down, but Ransomware and IoT Attacks Have Surged in 2020
Cybercriminals were quick to respond to the COVID-19 pandemic and changed their tactics, techniques and procedures to capitalize on the uncertainly surrounding the 2019 novel coronavirus and COVID-19. With the pandemic forcing many businesses to drastically increase the number of employees working from home, cybercriminals started targeting home workers. SonicWall has been tracking cyber threats throughout the pandemic and its...
Search and Destroy ‘Meow’ Bot has Wiped More Than 1,000 Online Databases
Companies that fail to secure their Elasticsearch and MongoDB instances are being targeted by an attacker who destroys the data, overwriting the databases with a string of random numbers and the word ‘meow’. The attacks appear to be automated, no note is left, no ransom demand is issued, and there is no explanation as to why the attack has occurred. The attacks are ongoing and, so far, at least 1,269 Elasticsearch servers and 276...
Twitter Confirms Admin Tool Hacked and Used in Massive Cryptocurrency Scam
Several high-profile Twitter accounts have been ‘hacked’ and used in a major cryptocurrency scam. The first Tweets were sent from the accounts around 3pm on July 15, 2020 and asked account followers to transfer Bitcoin to a specific address. In return, the account holder promised to double the amount sent. The Twitter accounts of Elon Musk, Bill Gates, Jeff Bezos, Kanye West, Kim Kardashian, Michael Bloomberg, Joe Biden, Barack Obama,...
Maximum Severity Flaw in SAP Could Allow Full Takeover of Enterprise System
The U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency has issued an alert about a critical vulnerability in the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. The flaw, tracked as CVE-2020-6287, can be exploited through HTTP and would allow an attacker to take full control of vulnerable SAP applications. The flaw was discovered by researchers at Onapsis who named...
Microsoft Research Develops Undetectable Malware Scanner for Virtual Machines
Many businesses have replaced traditional desktops with virtual machines located in the cloud. Each virtual machine is an exact replica of a standard desktop complete with an operating system that is located on a cloud service provider’s server. One cloud server can house many virtual machines that run simultaneously. While antivirus software can be used on virtual machines, the signature-based detection is only good at identifying...
More Than 15 Billion Credentials are up for Sale on Hacking Forums
New research conducted by Digital Shadows has provided insight into the scale of credential theft and the extent to which stolen credentials are being sold on hacking forums and darknet marketplaces. A wide range of credentials are up for sale including social media accounts, streaming services, Office 365 accounts, and bank accounts. According to the Digital Shadows analysis, there are currently more than 15 billion username and...
ESET Reports Doubling of Brute Force Attacks on Remote Desktop Services During the COVID-19 Pandemic
Cybersecurity firm ESET has analyzed its telemetry data and found there has been a major increase in brute force attacks on remote desktop services during the COVID-19 pandemic. There was a steady increase in attacks between December 1, 2019 and May 1, 2020, rising from around 30,000 brute force attacks a day in early December to around 60,000 daily attacks by the end of the month. Then followed a slight decline, before a sharp rise...
REvil Ransomware Gang Observed Scanning Compromised Networks for PoS Software
The REvil gang behind Sodinokibi ransomware are using a new tactic in their attacks. The gang is already known for compromising systems and stealing data before the ransomware payload is deployed. The gang had previously threatened to publish data stolen in their attacks if the ransom was not paid and followed through with that threat for the first time in January 2020. After gaining access to a system, the attackers move laterally...
Massive Global Surveillance Campaign Used Rogue Chrome Extensions to Steal Data
Researchers at Awake Security have uncovered a massive global surveillance campaign that used malicious Google Chrome extensions to steal sensitive data. The extensions had been downloaded millions of times before Google removed them from the Chrome Web Store. These Trojan browser extensions were used to steal corporate data and gain a persistent foothold in corporate networks. Awake Security researchers identified 111 malicious...
Exposed Elasticsearch Instances are Found by Hackers in a Matter of Hours
How long does it take hackers to find exposed Elasticsearch servers and exposed S3 Buckets? Just a few hours according to Comparitech. Comparitech researchers are no strangers to exposed cloud data. They commonly find unprotected databases and report the lack of protections to the data owners. In many cases, exposed Elasticsearch servers are secured quickly, although it is often not clear for how long data has been exposed. The...
June 23, 2020: MVP GrowthFest: Join Magic Johnson and Channel All-Stars at this Must Attend Virtual MSP Event
Businesses in all industry sectors have faced difficult challenges during the COVID-19 pandemic and have had to make considerable changes in order to survive. Managed Service Providers (MSPs) have similarly had to adjust their business practices in response to the pandemic, and while some have struggled there have been several success stories. Overall, the Channel has demonstrated considerable strength and resilience and some...
Zoom Patches Two Serious RCE Flaws and States E2E Encryption Will Not Be Available to Free Users
Two high severity vulnerabilities in the Zoom videoconferencing platform have been identified by researchers at the Cisco Talos threat intelligence team that could allow a remote attacker to send files to the system of a Zoom meeting participant, which could potentially allow remote execution of arbitrary code on the target’s system. The flaws were reported to Zoom and have now been patched in version 4.6.12 of the Zoom video...