TL;DR

TL; DR: Even exceptional IQ won’t protect you from the attack, but updates can help (5th week)

If anyone thought that we would no longer hear about the Solar Winds vulnerability case and that we are out of the woods, they were very wrong. A number of attackers has begun to exploit it.

In the fifth week, ransomware attacks dominated, often without knowing the attacker and his ransom demands. On the contrary, some companies have admitted how expensive such attacks worked out.

Google has warned that many attacks can be avoided if we stop clicking endlessly on “later” when called for an update.

Even a high IQ of Mensa members did not prevent attackers from abusing one important password after another and entering their systems.

Solar Winds product is still a problem

The analysis of incidents caused by the vulnerability of Solar Winds, which were attributed to the Russian APT group, continues worldwide. In Solar Winds software, security researchers from Palo Alto revealed further vulnerability.

The vulnerability is allegedly unrelated to the supply chain attack on Solar Winds from Russia. China is suspected of its abuse. The National Finance Center in the United States was probably among victims of the Chinese attack.

Finally, they have made a confession

BigNox, an Android emulator, with over 150 million users has become a victim of the supply chain attack. The attack was discovered by ESET security researchers. Initially, the company denied the attack, but later on, it invited ESET researchers to assist with the investigation.

ESET affirms that the attackers managed to exchange a website to download a new version of the software for their malicious website, which resulted in installing harmful updates to all users who updated the emulator.

A cyber penitent

Fonix, a ransomware cybercriminal group, has announced the closure of its activities. The ransomware operator announced that they had started the project because they wanted to make money and they are shutting down the project because “their heart didn’t want this project”.  

Finally, the operator apologised to victims and promised to run, with the other members, a website for analysing malware. The attackers also published the keys for decryption of files.

A mysterious attack

Hackers have attacked the software development company Wind River Systems. Reportedly, they downloaded the employees’ data. They may have stolen their social security numbers, passport and credit card details, birth dates, drivers’ license numbers, health records and states of their financial accounts.

The attacker, success rate and method of compromise are not yet known.

The director’s password was sufficient

Mensa has become a target of a cyberattack. It was allegedly the password of one of the directors misused through which the attackers entered the Mensa system, from which the passwords of many Mensa club members were stolen, probably stored in a plaintext.

It is possible that payment information, private conversations and IQ scores of 18 thousand members and an unknown number of candidates for membership have been stolen. Some of the stolen data have already been published on PasteBin website several times.

He hasn’t demanded a ransom yet

Serco, a multi-national outsourcing company, also has been hit by the Babuk ransomware attack. The company has about 50 thousand employees. The attacker was in the Serco network for at least three weeks and successfully downloaded 1 TB of data.

The company’s partners such as the Belgian army and NATO may have been involved in the leak as well. The amount of demanded ransom is unknown.

SHORTCUT

  • Google stated that the correct update policy would have prevented 25% of the “zero-day” vulnerabilities actively exploited by attackers in 2020.
  • Logistics Company Forward Air, which was targeted by the Hades ransomware attack on 15 December, declares that the attack cost 7.5 million American dollars.
  • The number of organisations willing to pay the ransomware ransom is declining. And even if they paid, they paid less than before. The average ransom payment of one organisation therefore declined by 34 % from 233.5 thousand dollars in Q3 2020 to 154 thousand dollars in Q4 2020.
  • UK Research and Innovation Agency has become a target of a ransomware attack. The administrators had to take offline the portal for its Brussels-based UK Research Office and work intensively to restore the functionality. Both the attacker and the ransom are unknown.

« Späť na zoznam
Current threats
all publications
Links