Cyber Round-up for 26th March
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Taiwanese computer company, Acer, were recently hit by a ransomware attack that has affected their back-office network. REvil, the group behind the attack, has demanded a ransom of $50 million in exchange for a decryption key and it is currently unclear whether or not the firm plan to pay the price. Acer have confirmed that the incident has not affected their production systems and are continuing operations without too much disruption. As it stands, none of the encrypted data has been leaked, but it is likely to happen if Acer decide against paying the ransom.
UK students have been warned to stay away from Russia-based science website claiming to “remove all barriers” to science. The pirate site allows users to access over 85 million scientific research papers and suggest that it should all be publicly accessible knowledge. UK police have stated that a large portion of the material was obtained via malicious methods; they have also issued a warning to all students that accessing this site is illegal and may result in credentials being stolen to gain access to more scientific research.
The NCSC’s Cyber Aware campaign included a new survey that asked the UK public how safe they feel online, and some of the results were quite interesting. It was found that 58% are worried about money being stolen online, 53% worry about sharing personal details and 48% are concerned about malware infections. The survey also revealed that 86% of 25 to 34 year olds expressed concerns about the safety of their personal information; this age bracket made up the majority of the responses.
In response to this, the NCSC has put together the Consumer Cyber Action Plan, with free tailored advice on how to reduce the chances of an online attack.
Purple Fox was a well-known malware that utilised exploit kits and phishing to infect machines, but it has since evolved and gained new techniques that give it worm-like properties. These properties allow Purple Fox to spread between Windows devices; this has caused infection rates to rise by 600% since May 2020. Despite this evolution, the malware still partially relies on phishing, so be cautious when receiving suspicious emails.
More details can be found here.
A fake version of the popular app, Clubhouse, has emerged and many users have installed it. The malicious app, once installed, begins spreading the BlackRock malware; this was designed to steal credentials from more than 450 services, including Twitter, Facebook, WhatsApp, and Amazon. This fake application can only be downloaded from a bogus website impersonating Clubhouse. Infection can be avoided entirely by only downloading apps from your official app store.
Vulnerabilities & Updates
A ransomware group known as Black Kingdom has been seen taking advantage of unpatched Microsoft Exchange Servers, after the recent ProxyLogon vulnerabilities were discovered. The group is exploiting the flaws to execute a PowerShell that spreads the ransomware to all computers on the network. The malware has been showing inconsistent behaviour, with many claiming their data was encrypted, where as others were just presented with the ransom note. We advise everyone to update their Exchange servers as soon as possible to ensure you do not become a victim of this attack.
The Wordfence team has recently patched two vulnerabilities that exist in the Thrive Themes plugin. Patches have been released; however unpatched sites are still being actively exploited. We advise all users of the plugin to update to the latest version as soon as possible; here is a list of all affected versions. Wordfence users have received updates to protect them against these threats.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #134 – 26th March 2021
Why not follow us on social media:
Ironshare – Security Simplified