Cyber Round-up for 4th June
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The Russian hackers responsible for the recent SolarWinds breach were found to be involved in a spear-phishing campaign, which the U.S Department of Justice have intervened with. The DoJ were able to take control of two of the command-and-control sites being used in the campaign, which has massively disrupted the group’s phishing operations.
More details on the seized domains can be found here.
JBS, the world’s largest supplier of meat, was recently hit by a sophisticated ransomware attack that forced them to shut down operations. There are currently no details regarding the ransom request, and we do not know if JBS plan to pay the attackers; it was however confirmed that the FBI is investigating the attack, and the company is working hard to restore operations as soon as possible.
On another note, we recently received an update on the Colonial Pipeline cyber-attack, and it was confirmed that the $4.4M ransom was paid. More details on this can be found here.
A leaked British Army spreadsheet was found on WhatsApp, containing the personal data of Special Forces soldiers. The spreadsheet was available for download with no password and didn’t contain any government markings to indicate its confidentiality. Sources suggest that this information sharing on WhatsApp is normal, however it is usually password protected. This is a serious incident since the identities of the soldiers involved are supposed to be hidden from the public for the safety of them and their families.
FujiFilm have suffered what they believe to be a ransomware attack and have shut down parts of their network to prevent the attack from spreading. The firm were hit by an attack on Tuesday and stated that they are “aware of the possibility of a ransomware attack.”; FujiFilm have since been working hard to determine the severity of the attack and have apologised for the affect it may have had on partners and customers.
Security Researchers are becoming worried by the amount of ransomware victims that are relying on cyber-insurance providers to pay ransoms. In the first half of 2020, 41% of all insurance claims were linked to ransomware attacks; with this becoming an increasingly popular response to extortion attempts, more payments are being made to the attackers, which further funds continued attacks. Many security experts are warning companies against their reliance on cyber-insurance and are unhappy with how frequently ransoms are being paid.
Vulnerabilities & Updates
The Wordfence Threat Intelligence team recently found a critical zero-day in the Fancy Product Designer plugin that could allow a remote attacker to execute arbitrary code. This plugin has been installed on more than 17,000 WordPress sites worldwide, and the flaw is already being actively exploited. The zero-day was patched in version of 4.6.9 of Fancy Product Designer, and we advise anyone using the plugin to update as soon as possible.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #144 – 4th June 2021
Why not follow us on social media:
Ironshare – Security Simplified