TL; DR: Don’t trust even the courier – especially when they send you an odd e-mail
The number of vulnerability victims in enterprise content firewall Accellion is constantly increasing. Most recently, a Canadian airplane maker has been targeted. Hackers also targeted Microsoft’s e-mail accounts, whilst in other case Microsoft quite richly rewarded a security researcher.
A Finnish company also had to disconnect its services and dozens of nurseries in Britain renounced the vulnerable camera system.
Top brands abused
Thousands of users of Microsoft’s e-mail accounts have become a target of an extensive and sophisticated phishing campaign.
Attackers pretend to be from popular mail couriers FedEx and DHL Express and aim to steal their credentials.
They probably weren’t modellers
A Canadian airplane maker Bombardier has become a target of ransomware attack executed by the cybercrime gang Clop. The investigation revealed that the gang could have gained access through zero-day vulnerability in enterprise content firewalli Accellion into hundreds of servers.
The attackers accessed and stole documents related to design of airplanes and their spare parts, and a few of them were already available on dark web. The personal data of clients and employees weren’t allegedly stolen.
Unscheduled pause
A Finnish IT company TietoEVRY, employing 24 thousand people throughout 80 countries, was forced to disconnect clients’ services and to disconnect part of the infrastructure.
The service was disconnected to prevent the spread of a successful ransomware attack. The attacker and the amount of ransom are not yet known.
They probably didn’t access the data
A cloud provider named Qualys has become a target of a cyberattack. The attack probably allowed the attackers to gain access to part of the data and it is possible (not yet confirmed) that this is another attack executed by the Clop ransomware.
Qualys indicates that the attacker didn’t gain access either to users’ data or to codes and the production environment.
The problem was connected with the password recovery
Microsoft paid 50 thousand American dollars to a security researcher who discovered the vulnerability allowing the takeover of Microsoft account.
The attack was focused on one of the steps of the password recovery process and the condition of vulnerability was that the account hadn’t two-factor authentication enabled.
SHORTCUT
- Twelve thousand accounts, which contained login data to the camera system for parents of children in nurseries, leaked online. The already shut down service operated in 40 nurseries in Great Britain.
- Microsoft Exchange contains serious vulnerabilities that are actively exploited by attackers around the world. SK-CERT has issued a warning on this vulnerability.
- The attacks using zero-day vulnerabilities in enterprise content Accellion affect approximately hundreds of organizations. The security company FireEye has attributed the attacks to the cybercrime group known as FIN11.
- Microsoft has awarded the researcher 50,000 dollars for reporting a vulnerability that could have caused a theft of users’ accounts.
- Prague municipality has become a target of a large-scale cyberattack, which had a minimal impact on services and data due to an early intervention.
- Ransomware doesn’t avoid optometrists as well. Ransomware attack on an optometry clinic in Arizona caused the leak of more than 100,000 customers’ records.
- Oxford University’s research laboratory studying the coronavirus has been hit by a cyberattack. It’s not yet clear if the intent of attackers was to steal coronavirus research data or to sabotage the ongoing research.
« Späť na zoznam
