TL; DR: Hackers have a “blackmail festival.” There are tens of millions of dollars as well as users at stake
The last week has brought an exponential growth of ransomware as a threat to all sectors, in particular to a healthcare sector. A data leak resembling the Marriott hotels’ data leak has also become an important topic. More than 10 million user records of the hotel registration service in Spain have been leaked.
TrickBot group continues to restore the infrastructure after the Microsoft attack. Threats to Android devices such as fleeceware and Ghimob banking malware were also detected. Despite constant calls for updates from the security community, there have been attacks on more than 2 800 vulnerable e-shops. The content management system, which has been without support since June 2020, is responsible for everything.
Computer manufacturing company will have to reach deep into its pocket
Computer manufacturing company Compal Electronics has become a target of a DoppelPaymer ransomware attack. The attackers are demanding 16.7 million dollars from the company. DopperlPaymer is known for a double extortion – a theft of company’s data before their encryption. The company reported that only an “abnormality” in office automation systems has been detected and the production continues without interruption.
An attacker does not communicate
The e-commerce software platform X-Cart has been a target of an unknown ransomware attack. All websites hosted by the company were shut down and gradually restored by the company. No attacker claimed the responsibility for the attack and didn’t provide any way to communicate with the company.
Data of 10 million people
A security team at Website Planet has revealed a data breach in Spain. Stolen data of more than 10 million users from Prestige Software’s Cloud Hospitality hotel reservation platform include credit card information, personal identification information, hotel payment details, dates spent in hotels, number of guests and their names and so on. The data have been recorded since 2013. So far, there is no evidence of attempts to sell these data.
Old CMS
More than 2 800 on-line stores (e-shops) running the outdated version of the Magento 1.x e-commerce platform (not supported since 30 June 2020) have been a target of a cyberattack attributed to one single group of cyber attackers. It is the topic of Hacker News. A campaign called Cardbleed, as the name suggests, aims to steal credit card details. The most appropriate defence against attacks are updates.
In short
A new Pay2Key ransomware is focused on targets in the Middle East and Brazil. The attackers demand between 110 and 140 thousand dollars from victims. It is a completely new ransomware and doesn’t resemble anything created so far.
SHORTCUT:
Zscaler company’s research revealed that ransomware and encryption-based attacks have increased by 260%. The most affected sector is the healthcare industry (25.5%). The research also revealed an increase of SSL certificates used for phishing.
Area1security researchers have attributed a wave of phishing attacks to TrickBot operators. Phishing attacks include a warning e-mail about firing from the job, and they spread Bazar and Buer malware.
A new sophisticated RegretLocker ransomware is focused on efficient encryption of Windows virtual disks. It mounts virtual disks as physical disks and then encrypts the disk’s files individually, which speeds up the encryption process.
A cyber attacker on a darkweb forum offered for sale an access to Pakistani International Airlines’ network. A week later, the attacker announced that they were selling stolen databases, too.
« Späť na zoznam
