Round Up of Major Breaches and Scams
A Russian-speaking threat actor has been targeting hundreds of industrial enterprises for more than two years, Kaspersky’s security researchers report. Focused on companies in Russia, the ongoing attacks are highly targeted, leveraging phishing emails for malware deployment. In some cases, legitimate documents that were stolen in previous attacks are leveraged for social engineering. Another characteristic of these attacks is the use of remote administration utilities, including Remote Manipulator System/Remote Utilities (RMS) and TeamViewer.
Intelligent identity solutions provider Ping Identity has acquired authorization solutions provider Symphonic Software to help enterprises prevent cyber risks and enhance their cybersecurity posture. The acquisition integrates Symphonic’s authorization platform with Ping’s data privacy and consent products, allowing enterprises to centralize administration and enforcement to critical resources.
Round Up of Major Malware and Ransomware Incidents
Several companies and large corporations from Israel have been breached and had their systems encrypted using a new strain of ransomware named Pay2Key, in what appears to be a targeted attack against Israeli networks. The first attacks were seen in late October but have now grown in numbers while also remaining contained to Israel. “As days go by, more of the reported ransomware attacks turn out to be related to the new Pay2Key ransomware,” Israeli cyber-security firm Check Point said in a security alert published today.
Ransomware gangs are increasingly likely to break their promise not to leak stolen data once a victim has paid them, Coveware has warned. The security vendor claimed in its analysis of Q3 2020 that data exfiltration is now a part of almost half of all ransomware attacks — used to drive monetization among victim organizations that have backed up. However, the tactic has now reached a tipping point, with groups such as Sodinokibi, Maze, Netwalker, Mespinoza and Conti starting to publish data even after payment, and/or demand a second ransom be paid to prevent publication, Coveware claimed.
Round Up of Major Vulnerabilities and Patches
Cisco has disclosed a zero-day vulnerability – for which there is not yet a patch – in the Windows, macOS and Linux versions of its AnyConnect Secure Mobility Client Software. While Cisco said it is not aware of any exploits in the wild for the vulnerability, it said Proof-of-Concept (PoC) exploit code has been released, opening up risks of cybercriminals potentially leveraging the flaw. The flaw (CVE-2020-3556) is an arbitrary code execution vulnerability with a CVSS score of 7.3 out of 10, making it high severity.
“There are over 6,000 systems and 80,000 cameras in operation across 183 LAs!” So exclaimed the UK’s outgoing Surveillance Camera Commissioner as he detailed just how many council CCTV cameras there are across the nation. In a public plea asking councils to take compliance with surveillance laws seriously, Tony Porter lifted the lid on the scale and depth of CCTV camera deployment across Great Britain.