Cyber Round-up for 19th March
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
South and City College in Birmingham has had to close all of its campuses for a week, due to a recent cyber-attack that crippled their IT systems. The college has notified the Information Commissioner’s Office and reverted to online classes until their systems are restored. A recent statement posted on their website labelled the incident as a “major ransomware attack” that encrypted many of their servers and workstations. The group behind the attack has not yet been identified.
Security researchers have discovered a new botnet that appears to be an enhanced variant of the well-known Mirai IoT malware. This new botnet, named ZHtrap, exploits flaws to infect CCTV cameras, Realtek devices, DVRs and more. The behaviour of this malware is quite unique, as it has been seen using honeypots to hijack bots from its rival cyber criminals.
More details on this new botnet can be found here.
The FBI has issued warnings to the education sector following an increase in ransomware attacks, specifically the PYSA ransomware. In March alone, 12 schools from the US and UK have been hit by PYSA, including higher education facilities. Other targets of these attacks include government and healthcare institutions, as well as a handful of private companies.
More details on the techniques used in the attacks can be found here.
Microsoft have released a new batch of mitigation tools for on-premise Exchange servers; specifically, those who have not yet applied the latest security patches for the recent ProxyLogon 0-day. Running the new tool is the fastest way to reduce the likelihood of an attack, however this is not an alternative to the security patch, and it is still vital that systems are updated as soon as possible.
The Microsoft Safety Scanner tool can be downloaded here.
A twitter account impersonating Elon Musk has been plaguing users with its fake bitcoin giveaway. The scam told users that any bitcoin they sent would be doubled and returned to them; many users fell victim to this, with one man from Germany losing approximately £430,000 worth of bitcoin. This year has been incredibly profitable for scammers, with campaigns making “record-breaking sums” in 2021. As always, if something seems too good to be true, it probably is. Be careful when clicking links and providing details to suspicious individuals.
There are many risks that merchants face when using PayPal, including Overpayment, shipping scams and phishing. Overpayment and shipping scams are both big issues, in which scammers can trick PayPal into believing their product was not delivered, and claim back their money, while keeping the product. Generic phishing is also very popular, with PayPal being one of “the most-spoofed brands”. We advise all merchants to be cautious when using PayPal, as scams are incredibly common and can impact your bottom line if ignored.
Vulnerabilities & Updates
This is not your typical vulnerability; in fact, this is a good one is some ways. The LockBit ransomware has become increasingly active recently, and this new bug in the service allows victims to decrypt their data for free. The bug was advertised on a cybercrime forum, detailing how the one-time free decryption works. It is expected that this will be patched pretty soon, making future decryptions much more costly for victims.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #133 – 19th March 2021
Why not follow us on social media:
Ironshare – Security Simplified