Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Emotet Malware Automatically Uninstalled

    • An "update" pushed out earlier this year by law enforcement agencies, including Europol, on Sunday began erasing Emotet malware from infected devices worldwide.
    • The “update” file - a customized DLL file called EmotetLoader.dllsent - was activated on infected devices to erase the malware.
    • The latest move by law enforcement agencies against Emotet infections came after the FBI earlier this month obtained a court order permitting it to remotely remove web shells - scripts that allow remote access - from vulnerable on-premises Microsoft Exchange servers in the U.S.
    • After being dormant for several months last year, Emotet reappeared in December 2020 with a new campaign delivering Trickbot malware.
    • Described by Europol as one of the most professional and long-lasting cybercrime services, Emotet, originally a banking Trojan, was discovered in 2014; it later evolved into a network access service.
    - Prajeet Nair | April 26, 2021
    hak-iq.us20.list-manage.comApril 26, 2021

  • Famous ransomware attacks teach us certain lessons to follow while ensuring cybersecurity

    • A few days ago, Quanta Computers Inc., a primary supplier of computers and Macbooks to Apple, acknowledged being dealing with a ransomware attack.
    • A similar infamous incident took the internet by storm in July last year, the Garmin ransomware attack.
    • Various reports stated that the company paid a huge ransom to obtain an encryption key to restore the data.
    • There are many lessons that the Garmin ransomware attack teaches us.
      • Holistic Cybersecurity
        • Integrating cybersecurity to enterprise risk management, developing strong IT asset management, and a robust incident response approach will enhance security.
      • Size Does Not Matter
        • Cyberattacks are not limited to the size of a business and they can threaten any organization.
      • Attackers are Smart
      • Defense is the Only Remedy
        • Safeguarding networks, upgrading cybersecurity strategies, continuous data backups, encouraging patch management programs, regular scanning of internal and external networks, proper encryption, and authentication in place are all a company can consider while preparing itself to fight cyberattacks.
      • Attacking Customers Operations Can Be Fatal
        • Attackers knew how to make the company helpless by targeting its strong point. Businesses should be more aware to maintain good security measures in their user-friendly platforms and save sensitive user data from breaches.
    | April 25, 2021
    hak-iq.us20.list-manage.comApril 25, 2021

  • Saudi Aramco hires KPMG to oversee cyber security compliance among suppliers

    • The company is stepping up protection of its critical Middle Eastern oil and gas facilities, which have been targets of cyber warfare in the past.
    • Suppliers including general vendors and those specialising in outsourced infrastructure, customised software, network connectivity and critical data processors need to obtain Saudi Aramco's cyber security standard certification.
    • While the financial services sector suffered the most cyber attacks, the Middle East's oil and gas facilities have also been targeted.
    • “Third-party risk is a key risk in the area of cyber security, managing this risk will improve the cyber posture of organisations who heavily depend on external parties or suppliers. More organisations should follow the direction which Aramco has taken,” said Ton Diemont, head of cyber security for KPMG Saudi Arabia, Jordan, Iraq and Lebanon.
    • Certificates issued by KPMG will be valid for two years. However, if a supplier is awarded a contract which has specifications not included in the certificate then a new one will need to be issued.
    | April 25, 2021
    hak-iq.us20.list-manage.comApril 25, 2021

  • Hacker leaks 20 million alleged BigBasket user records for free

    • BigBasket is a popular Indian online grocery delivery service that allows people to shop online for food and deliver it to their homes.
    • This morning, a well-known seller of data breaches known as ShinyHunters posted a database for free on a hacker forum that he claims was stolen from BigBasket.
    • The passwords are hashed using the SHA1 algorithm, and forum members have claimed to crack 2 million of the listed passwords already. Another member claims that 700k of the customers used the password 'password' for their accounts.
    • It is strongly suggested that all BigBasket users immediately change their passwords on BigBasket and at any other sites using the same password.
    - Lawrence Abrams | April 25, 2021
    hak-iq.us20.list-manage.comApril 25, 2021

  • Mount Locker Ransomware Aggressively Changes Up Tactics

    • The Mount Locker ransomware has shaken things up in recent campaigns with more sophisticated scripting and anti-prevention features, according to researchers.
    • Having just hit the ransomware-as-a-service scene in the second half of 2020, the group released a major update in November that broadened its targeting capabilities (including searching for file extensions utilized by TurboTax tax-return software to encrypt). It also added improved detection evasion.
    • Like many ransomware gangs, the operators not only lock up files, but also steal data and threaten to leak it if the ransom isn’t paid, in a double-extortion gambit.
    • Another change in tactics for the group involves using multiple CobaltStrike servers with unique domains. It’s an added step that helps with detection evasion.
    • Organizations can look for signs of Mount Locker or AstroLocker within their environments, such as CobaltStrike stagers and beacons; and, they should monitor for the staging and exfiltration of files via FTP.
    Tara Seals | April 22, 2021
    hak-iq.us20.list-manage.comApril 22, 2021

  • Apple Blueprints Stolen In Supplier $50m Ransomware Attack

    • Apple is reportedly at the centre of a ransomware incident after one of its suppliers, Taiwan-based Quanta Computer was hacked.
    • According to the reports, the REvil hacker group stole and published product blueprints from Apple supplier Quanta and is holding other blueprints under a $50 million ransom.
    • Apple has not publicly responded to the incident, but if the REvil hackers have managed to obtain the blueprints of other products, it could mean that Apple notoriously secretive roadmap of new products could be leaked, giving competitors valuable data.
    • REvil meanwhile reportedly claims that it has other product blueprints and that it will continue to publish photos and documents of future Apple devices daily unless Apple pays the $50 million ransom.
    • “Following today’s news of the attack on Quanta, we can be in little doubt that complex digital supply chains are a hacker’s paradise,” noted Mike Beck, Global CISO at Darktrace. “Today, a company’s critical data is fluid, often being handled outside the organisation itself. This complexity offers those with criminal intent with many points of vulnerability that may be exploited.”
    .co.uk - Tom Jowitt | April 22, 2021
    hak-iq.us20.list-manage.comApril 22, 2021

  • Justice Department convenes task force to tackle wave of ransomware attacks

    • The Ransomware and Digital Extortion Task Force will be made of officials from the agency’s National Security Division, Criminal Division, Civil Division, Executive Office of U.S. Attorneys and FBI.
    • The task force will also create and implement a strategy to combat the criminal enterprise involved in ransomware attacks along with strengthening public-private partnerships between the Justice Department and the private sector to address ransomware attacks and furthering collaboration with international partners.
    • The task force was convened following a year that saw a huge increase in ransomware attacks during the COVID-19 pandemic against groups including hospitals, schools and other critical organizations, with cyber criminals targeting vulnerable organizations to make money.
    • DHS announced in March that combating ransomware would be the focus of the first of several 60-day cybersecurity sprints the Department of Homeland Security would take on, with Mayorkas stressing the need to confront the “national security threat” of ransomware.
    - Maggie Miller | April 21, 2021
    hak-iq.us20.list-manage.comApril 21, 2021

  • A decade of email security

    • Flaws in email security are a leading cause of cybersecurity attacks for many organizations. Whether it's ransomware, business email compromise (BEC) attacks, or a phishing email that leads to cybercriminals gaining access to sensitive data, email is the common denominator.
    • According to Google, the average phishing campaign lasts only 12 minutes, making traditional tracing or blocking specific servers less effective and stopping attacks more challenging than ever.
    • Almost 300 billion emails are sent worldwide every day and the number of worldwide users increases at a rate of 3 percent per year. Unfortunately, email is not ready for today’s threats, because it was designed nearly 50 years ago when its current global reach and security challenges were unimaginable.
    • It no longer makes sense to ask “how do I secure email?” Email insiders are busy developing standards aimed at addressing email’s biggest weakness: that anyone can send an email impersonating someone else. In fact, 89% of all phishing attacks have one thing in common - the sender is not who or what they claim to be.
    • Security enhancements like MFA and encryption becoming a top priority for companies today. With so many people working remotely and needing to trust the system, the industry should have at least a basic, minimum email security standard in place and it all starts with DMARC.
    - Peter Goldstein | April 21, 2021
    hak-iq.us20.list-manage.comApril 21, 2021

  • Massive Data Breach of Domino’s India; 10 Lakh Credit Cards on Sale

    • After Facebook and LinkedIn, Domino's India became a victim of a major data breach. The database of hackers have accessed 13TB of internal data of Domino’s India. The credit card details of around 10 lakh of its customers have been leaked on the Dark Web.
    • It is high time that the Indian Government must impose the Data Protection Bill. Protection of the users is much important at every step.
    • The Government needs to focus more on incentivizing security improvements at points in the cyber ecosystem that will produce a large-scale effect and protect the users and the companies.
    | April 21, 2021
    hak-iq.us20.list-manage.comApril 21, 2021

  • Data Breach at New England’s Largest Energy Provider

    • A misconfiguration error has exposed personal data belonging to customers of New England's largest energy provider.
    • An investigation into the data breach found that the unsecured folder contained personal data belonging to customers residing in eastern Massachusetts. 
    • Information exposed in the incident included names, addresses, phone numbers, Social Security numbers, billing addresses, and Eversource account numbers and service addresses. 
    • The folder was secured on the same day that the error was detected, and the company's security team do not believe that the personal information it contains was accessed, stolen, or misused by any unauthorized third parties.
    • "Organizations need to have security processes and procedures in place when utilizing cloud and on-site servers when exposed to the internet," commented James McQuiggan, security awareness advocate at KnowBe4.
    - Sarah Coble | April 21, 2021
    hak-iq.us20.list-manage.comApril 21, 2021

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence