Cyber Round-up

Cyber Round-up for 25th June

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

Cybercriminals go after Amazon Prime Day Shoppers

Checkpoint’s latest blog highlights the increase in phishing campaigns that have been generated to target the Amazon Prime Day’s. Prime day’s promote big discounts and special deals on products. Checkpoints research was carried out in the weeks leading up to the promotion, and discovered over 2300 new Amazon related domains were registered with either malicious or suspicious behaviour. These types of domains are often used in email phishing campaigns to lure victims and steal credentials or finances. Even though Amazon Prime Day’s have now concluded, it is key to stay vigilant and look out for phishing emails.  


Attackers in Executive Clothing – BEC continues to separate orgs from their money

Ransomware is constantly topping the news headlines of late, but another highly successful and lucrative method for cyber criminals is BEC or Business Email Compromise. BEC typically starts with an email and often impersonates a person of authority requesting the victim to perform some sort of financial transaction (invoice payment, money transfer, gift card purchases etc.). In their recent blog post, Talos Intelligence detail the BEC threat, along with some real world examples of both simple and advanced attacks. What this reinforces is that technology alone will not prevent these types of attacks, we need both strong technology and educated people to defeat the BEC threat.


Fertility Clinic Suffers Ransomware Attack and Data Breach

A fertility clinic in the US has disclosed that following a recent ransomware attack, sensitive patient information was stolen. RBA and its affiliate MyEggBank issued a notification stating, they were hit by a cyber attack that encrypted embryology data, but not before accessing the network and stealing patient information.  The stolen data of approximately 38,000 patients included: names, addresses, social security numbers and lab information/results. This has become a common trait with ransomware gangs who want leverage over the victims, in an effort to force them into paying the ransom.


Wormable DarkRadiation Ransomware Targets Linux and Docker

Researchers at TrendMicro are warning of a new variant of ransomware called DarkRadiation that is targeting Linux and Docker instances. The variant is written in Bash script and uses the Telegram messaging service as means to perform command and control and report on infection status. Not only does this malware encrypt files on the target, but if root access is available, it also searches for users on the system and overwrites their existing passwords.


City of Liege, Belgium hit by ransomware

Belgium’s third largest city, Liege, had its network and online services disrupted this week by yet another ransomware attack. The attack has impacted civil and population services with town halls, birth and burial services, and wedding events being cancelled. Based on the information disclosed, it appears this is the result of the RYUK ransomware gang. Cities, councils and governments have become common targets for the bad guys, mainly due to their lack of mature security practices.


Vulnerabilities & Updates

Zero-day vulnerabilities in Pling leave Linux marketplaces open to RCE

Two zero-day vulnerabilities in OpenDesktop’s Pling has surfaced, and if exploited could results in remote code execution and supply chain attacks. Pling, a content management app, allows component installation in Linux desktops such as Gnome and KDE. After no response from the developers security firm Positive Security have disclosed the flaws to the warn users and they are recommending to no longer use Pling or access any affected websites.


One-Click Exploit Could Have Let Attackers Hijack Any Atlassian Account

Atlassian have recently patched flaws in its Single Sign On capability that could have allowed bad actors to gain access to accounts in its cloud and on premise products.  By tricking a user into clicking on a specially-crafted Atlassian link, the attacker can execute a malicious payload that steals the user’s session, which can then be used to log in to the victim’s account. From there they can obtain sensitive information and stage further attacks across Atlassian’s integrated products.


And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.

Stay Safe, Secure and Healthy!

Edition #147 – 25th June 2021

Why not follow us on social media: