Cyber Round-up for 21st May
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Most companies that suffer a ransomware attack prefer to stay quiet about the incident and avoid publishing any details; however, green energy tech provider, Volue, have been entirely transparent about being a victim of ransomware. The firm set up a website with details of the attack, including indicators of compromise, as well as their recovery road map and the CEO’s phone number. Volue were hit by the Ryuk ransomware gang, who have been responsible for many attacks recently, and their transparency not only helps future victims, but also “inspire confidence in the company”. Many cyber security professionals have praised their approach to the incident and encourage others to follow in their footsteps.
The National Cyber Security Centre (NCSC) and Health Service Executive (HSE) have briefed the Irish government on their recent investigations into the attacks on Ireland’s healthcare system. The Irish health system was targeted multiple times by hackers and the ‘Wizard Spider’ group is believed to be responsible. Two recent attacks were brought to the attention of the NCSC, one targeting the Department of Health, and the other targeting the HSE; the latter was reported as the “most significant in the state’s history”. A recent statement from the Irish government confirms that their main goal is to restore the operations of all medical services as soon as possible.
Cyber insurance firm, AXA, recently stated that they would no longer cover ransom payments for their customers; shortly after the announcement, they were hit by a ransomware attack themselves. The group responsible for the attack was the Avaddon gang, who claim to have stolen 3 terabytes worth of company data from AXA. The stolen data reportedly includes scans of customer ID documents and medical and hospital records. There is currently no information on the ransom demands and it is unclear whether AXA plan to pay the attackers.
70 different banks across Europe and South America have been affected by the Bizarro banking malware, which distribute MSI packages through spam emails. The malware is hosted on compromised WordPress, Amazon, and Azure servers, and once installed remains idle; this allows it to evade detection until it detects a connection to an online banking system. Bizarro is more advanced than your typical banking malware since it terminates existing browser sessions upon installation. This allows it to steal credentials when the victim is forced to log back into their online banking site. As always, we advise everyone to be cautious when receiving emails and avoid clicking any links unless you are certain they are benign.
Vulnerabilities & Updates
Cyber security professionals have dedicated a lot of time into finding out what exploits hackers are interested in. This investigation was designed to help companies prioritise their patching process so that they can address those in high demand first. During this study, it was found that Microsoft products make up 47% of all requests on hacker forums and markets, with Adobe in second place with 21%. It is also worth noting that 22% of exploit requests were for vulnerabilities more than 3 years old; updating as frequently as possible is vital, especially considering the demand of these old exploits.
A SQL Injection vulnerability was recently discovered for the WP Statistics plugin, that is installed on more than 600,000 WordPress sites. Fortunately, all sites running Wordfence (both the premium and free version) are protected. If you are not running Wordfence on your site, we recommend applying the latest patch as soon as possible to ensure that you are protected against this flaw.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #142 – 21st May 2021
Why not follow us on social media:
Ironshare – Security Simplified