Cybersecurity News
- Microsoft Exchange Server attacks: a significant number of cyberattacks targeting vulnerable Microsoft Exchange servers are attempted every single day, warn researchers at F-Secure – who say it is critical to apply the patches immediately.
- The REvil ransomware operation has added a new ability to encrypt files in Windows Safe Mode, likely to evade detection by security software and for greater success when encrypting files.
- DDoS-for-hire services are now actively abusing misconfigured or out-of-date Datagram Transport Layer Security (D/TLS) servers to amplify Distributed Denial of Service (DDoS) attacks. DDoS attacks using DTLS can reach an amplification factor of 35 according to German DDoS protection vendor Link11 or an amplification ratio of 37.34:1 based on info from DDoS mitigation firm Netscout.
- Popular npm library netmask has a critical networking vulnerability. Netmask is frequently used by hundreds of thousands of applications to parse IPv4 addresses and CIDR blocks or compare them. The component gets over 3 million weekly downloads, and as of today, has scored over 238 million total downloads over its lifetime.
Cybersecurity Blog Posts
- Anton Chuvakin have run quick poll focused on the use cases for threat intelligence in 2021. His thoughts and learnings based on the poll and the discussion, as well as other things are given in his blog.
- Dan Verton from Threat Connect has published 5 cybersecurity challenges chief information security officers must tackle in 2021.
- Eric Kedrosky from Sonrai Security in his post advised to stop identity misconfigurations in the cloud. He explains how to avoid misconfiguring identities by using the right tools and lists the methods of cloud account exploitation of misconfigured identities.
Research and analytics
- CrowdStrike experts have analyzed a year of chaos and courage in their 2021 Global Threat Report. You’ll learn in this report how state-sponsored adversaries infiltrated networks to steal valuable data on vaccine research and government responses to the pandemic, how criminal adversaries introduced new business models to expand their “big game hunting” ransomware activities and how both eCrime and targeted intrusion adversaries stepped up their development efforts.
- Electricity Grid Cybersecurity Report published by United States Government Accountability Office describes the extent to which grid distribution systems are at risk from cyberattacks and the scale of potential impacts from such attacks. The report describes selected state and industry actions to improve distribution systems’ cybersecurity and federal efforts to support those actions, and examines the extent to which DOE has addressed risks to distribution systems in its plans for implementing the national cybersecurity strategy.
- Project Zero Team at Google has summarized the exploit chains they discovered in October 2020. They have already published the details of the seven 0-day vulnerabilities exploited in the root cause analysis (RCA) posts. These attacks appear to be the next iteration of the campaign discovered in February 2020.
- The key findings of the 2021 Identity Fraud Study by Javelin Strategy & Research revealed a significant increase in identity fraud scams and loan fraud. Identity fraud has quickly evolved through unique societal changes related to innovation, the worldwide Covid-19 pandemic, and criminal tactics that focus on both corporate and consumer targets.
- Infosec surveyed over 370 cybersecurity leaders in the U.S. and Canada about resources used to structure job descriptions and development plans. According to 2021 Cybersecurity Role & Career Path Clarity Study, 81% of organizations reported they were at least considering aligning cybersecurity job descriptions to the NICE Framework.
- Experts from Check Point Research found out that desperate job seekers turned to the Darknet and hacking forums for opportunities. The norm for the Darknet and hacking forums is vendors posting opportunities for work. CPR has observed the opposite trend: individuals offering to assist in cybercrime, in exchange for money. Since the advent of 2021, CPR has found dozens in recent months in selected hacking forums and Darknet.
- Sophos Home commissioned Vanson Bourne to survey more than 1,000 U.S.-based respondents with school-aged children under 18 years old, 94% of which have had children attend school via remote learning at some capacity since the start of the COVID-19 pandemic. Two-thirds (67%) of parents fear they or someone in their family could be the target of an online attack in the next 12 months. At the same time, more than half (51%) of parents say that family members are more at risk of being hit by an attack now than they were 12 months ago.
Major Cyber Incidents
- Shell disclosed the attack in a public statement published on the company’s website and said that the incident only affected the Accellion FTA appliance used to transfer large data files securely. According to the company, some of the data accessed during the attack belongs to stakeholders and Shell subsidiaries.
- Acer reportedly targeted with $50 million ransomware attack. The REvil ransomware gang over the weekend published various Acer documents, such as financial spreadsheets, bank balances, and bank communications. The leaked images showed documents that include financial spreadsheets, bank balances, and bank communications, the report said, with the attack possibly coming from a Microsoft Exchange exploit.
- Sierra Wireless, a world-leading IoT (Internet of Things) solutions provider, disclosed a ransomware attack that forced it to halt production at all manufacturing sites. Following the attack, the company also had to shut down manufacturing plants worldwide, and it expects to resume production and operations soon.
- The technology and computing giant Stratus Technologies has suffered a ransomware attack. Upon detecting the incident, the firm quickly pulled the affected systems offline in a bid to isolate them from the network. Also, out of caution, Stratus pulled Active Service Network (ASN) and Stratus Service Portal offline.
- American managed service provider CompuCom is expecting losses of over $20 million following this month’s DarkSide ransomware attack that took down most of its systems. CompuCom is an IT managed services provider (MSP) and a wholly owned subsidiary of The ODP Corporation (Office Depot/Office Max).