Cyber Round-up for 13th August
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The NCSC have announced their new plans to help in the fight against phishing and scams, by allowing people to report websites they believe to be fake or operated by cybercriminals. This feature enables the NCSC to investigate the potentially malicious sites and take them down accordingly. We strongly encourage everyone to use this new feature on the NCSC website, as it allows everyone to play their part in fighting back against the criminals.
If you think you have stumbled upon a malicious website, you can submit the link or URL for investigation here.
One of the largest cryptocurrency heists ever occurred recently, with $600M being stolen by criminals. This heist targeted Blockchain site Poly Network and was made possible by an undisclosed vulnerability. With decentralised finance attacks at an all time high, this theft has been labelled as a ‘major economic crime’ by law enforcement. Not much more is known at this point in time, but a warning was issued to the thieves via twitter to “establish communication and return the hacked assets”.
USA Waste-Management Resources recently disclosed information on an incident regarding the data privacy of current and former employees. Suspicious network activity was flagged back in January and appears to have led a breach of personal information. After a thorough investigation by the firm, it was found that names, social security numbers, taxpayer ID, bank account details and more were accessed by an unauthorised individual. Waste Management Resources have posted a statement saying they are taking the incident very seriously and have included some steps that those impacted can take to protect their personal information.
More details can be found here if you wish to learn more.
Fortune 500 company, Accenture, has become the most recent victim of the LockBit ransomware gang. The attack occurred this week, with the criminals prepared to leak the stolen files, although Accenture claim they were able to “quickly contain” the incident; despite this, the stolen files were still uploaded to the LockBit gang’s site. The company confirmed that they were able to fully restore their systems and are back to being fully operational. It is still unknown how the criminals were able to gain access.
A new ransomware detection feature will be arriving soon for Azure customers; this new feature will alert security teams when actions “potentially associated with ransomware activities” are observed. This includes action such as defense evasion and specific timeframe execution. This is another huge step in the right direction for Microsoft in terms of security, and it will be interesting to see what other features we might be getting in the future.
More details from Microsoft can be found here.
Following REvil’s massive ransomware attack that targeted Kaseya VSA remote management, a universal decryption key was obtained for their affected customers. This key was recently leaked on hacking forums, allowing researchers to view it for the first time. It has since been confirmed that this decryptor is exclusive to victims of the Kaseya attack and will not work for others affected by an REvil attack. No one really understands why the decryptor was posted on a hacking forum, but it is believed that the poster was associated with the ransomware gang and wasn’t a victim themselves.
Vulnerabilities & Updates
A new vulnerability has been discovered in Arcadyan routers, that are used in many homes worldwide. This critical flaw allows a remote attacker to bypass authentication and is being actively used by a Mirai botnet to perform DDoS attacks. Abuse of this flaw has escalated dramatically just two days after public disclosure, which is why we highly recommend updating your router as soon as possible.
Microsoft have released their monthly batch of security updates for august and it includes fixes for 44 vulnerabilities. This patch addresses seven critical flaws, including remote code execution vulnerabilities in Windows TCP/IP, Remote Desktop Client, and Windows Print Spooler; there are also 37 flaws considered important. This is only the second time this year that a Patch Tuesday has featured less than 50 vulnerabilities. As always, we recommend applying the latest updates as soon as possible to ensure you and your devices are protected.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #154 – 13th August 2021
Why not follow us on social media:
Ironshare – Security Simplified