Cybersecurity Digest #34: 20/09/2021 – 1/10/2021

Cybersecurity news

Cybersecurity Blog Posts

Research and analytics

  • Imperva Research Labs released the findings of new threat intelligence research showing that 46% of all on-premises databases globally are vulnerable to attack. A five-year longitudinal study conducted by Imperva Research Labs comprising nearly 27,000 scanned databases discovered that the average database contains 26 existing vulnerabilities. 56% of the CVEs found were ranked as ‘High’ or ‘Critical’ severity, aligned with NIST guidelines.
  • According to the data presented by the Atlas VPN team, cryptocurrency miners were the most common malware family, with 74,490 such threats detected in the first half of 2021. In addition to cryptocurrency miners, WannaCry ransomware threats were seen 61,068 times in the first half of 2021. What is more, malware detection infrastructure identified 39,612 webshell threats in H1 2021.
  • A new study performed by experts at the Ecole Polytechnique de Lausanne (EPFL) in Paris and University College London (UCL) questions the growing belief that synthetic data can solve the privacy issues that threaten the progress of machine learning. They results demonstrated that Synthetic data drawn from generative models without ex-plicit privacy protection does not protect outlier records from linkage attacks. Given access to a synthetic dataset, a strategic adversary can infer, with high confidence, the presence of a target record in the original data.
  • The Ponemon Institute surveyed 597 health delivery organizations (HDOs), including integrated delivery networks, regional health systems, community hospitals, and more. According to the survey, COVID has reduced HDOs confidence in mitigating the risks of ransomware. 61% of HDOs lack the confidence to combat ransomware, up from 55% before COVID. 67% of HDOs have been victims of ransomware attacks, while 33% have been hit twice or more.
  • The 2021 State of the Threat Report by Secureworks comprehensively examined the adversary’s ongoing innovation and evolution of tried-and-true TTPs like ransomware, business email compromise, zero-day threats, espionage, and more. The report revealed +8% rise in ransomware threats as a proportion of IR engagements worked in Q1 and Q2, compared to 2019 and 19% of network intrusions featured Cobalt Strike, by far the most popular OST tool used by threat actors.
  • 1Password Research Report revealed the scope and complexity of the secrets management problem. The key findings are: 52% of workers say that digital transformation has made managing secrets more difficult and 80% of IT/DevOps organizations admit to not managing their secrets well.
  • The State of Ransomware in Manufacturing and Production 2021 Report by Sophos revealed that 36% of manufacturing and production organizations were hit by ransomware in the last year. 49% of organizations hit by ransomware said the cybercriminals succeeded in encrypting their data in the most significant attack and 19% of those whose data was encrypted paid the ransom to get their data back.
  • WatchGuard’s Threat Lab Analyzed the Latest Malware and Internet Attacks in their Internet Security Report – Q2 2021. Threats get sneakier with 91.5 percent of malware arriving over encrypted connections.

    Major Cyber Incidents

  • EventBuilder misconfiguration exposes Microsoft event registrant data. Personal details of registrants to virtual events available through the EventBuilder platform have stayed accessible over the public internet, open to indexing by various engines.
  • Russian hackers target Iowa grain co-op in $5.9 million ransomware attack. Cybercrime cell BlackMatter threatened to release New Cooperative’s proprietary business data unless it paid up. Hackers leveled a ransomware attack on an Iowa farming co-op and demanded a ransom to unlock the computer networks used to keep food supply chains and feeding schedules on track for millions of chickens, hogs and cattle.
  • The personal details of more than 106 million international travelers to Thailand were exposed on the web without a password, Comparitech researchers report. An unsecured database containing international travel records dating back 10 years was left exposed on the web. The database included full names, passport numbers, arrival dates, and more.
  • Hackers hacked the DeFi project Vee Finance, which runs on the Avalanche blockchain, and stole $ 35 million worth of cryptocurrency. In total, 8804.7 ETH ($ 26 million) and 213.93 BTC ($ 9 million) were stolen.
  • GSS, the Spanish and Latin America division of Covisian, one of Europe’s largest customer care and call center providers, has suffered a debilitating ransomware attack that froze a large part of its IT systems and crippled call centers across its Spanish-speaking customerbase.
  • A user on a popular hacker forum is selling a database that purportedly contains 3.8 billion user records. The database was allegedly compiled by combining 3.8 billion phone numbers from a previously scraped Clubhouse ‘secret database’ with users’ Facebook profiles. The compilation appears to include names, phone numbers, and other data.
  • Threat actors hijacked, the authentic website of the Bitcoin project, and altered its parts to push a cryptocurrency giveaway scam that unfortunately some users fell for. Although the hack lasted for less than a day, hackers seem to have walked away with a little over $17,000.