Round Up of Major Breaches and Scams
Experienced fraudsters made off with $15 million from a U.S. company after carefully running an email compromise that took about two months to complete. The cybercriminal executed their plan with surgical precision after gaining access to email conversations about a commercial transaction. They inserted themselves in the exchange to divert the payment and were able to keep the theft hidden long enough to get the money.
Cyber-criminals have continued to adapt and grow in sophistication over the past year, to stay hidden on the dark web and cause maximum damage with ransomware attacks, according to Europol. Ransomware remains “the most dominant threat” today and is becoming more dangerous as cyber-criminals continue to target their attacks with sophisticated, multi-stage raids starting with reconnaissance.
Cisco has been ordered to pay $1.9 billion to a little-known threat detection company who accused it of infringing several cybersecurity patents. US District Judge Henry Morgan issued his verdict in Norfolk, Virginia after a month-long trial held without a jury due to COVID-19. He found Cisco had infringed four patents belonging to Herndon, Virginia-headquartered Centripetal Networks, with no action take regarding a fifth, according to Reuters.
Round Up of Major Malware and Ransomware Incidents
Jersey-headquartered insurance company Ardonagh Group has suffered a potential ransomware infection. Informed sources whispered to The Register that the insurance firm had been forced to suspend 200 internal accounts with admin privileges as the “cyber incident” progressed through its IT estate. The UK’s second largest privately owned insurance broker, according to the Financial Times, Ardonagh Group has spent the year to date acquiring other companies.
For over a decade, computer users have been plagued by malicious programs designed to steal their online banking credentials and initiate fraudulent transactions from their accounts. As mobile banking gained more adoption over the years, these programs followed the trend and jumped from computers to smartphones. One of the most widely used Android banking Trojans was abandoned by its creators last month, but the gap left in the cybercrime ecosystem is rapidly being filled by an even more potent one dubbed Alien.
Malware researchers monitoring ransomware threats noticed a sharp increase for these attacks over the past months compared to the first six months of 2020. At the top of the list are Maze, Ryuk, and REvil (Sodinokibi) ransomware families, according to recently published data from Check Point and IBM Security X-Force Incident Response team. Both companies observed a surge in ransomware incidents at a global level between June and September, with some threats being more active than others.
Jersey-headquartered insurance company Ardonagh Group has suffered a potential ransomware infection. Informed sources whispered to The Register that the insurance firm had been forced to suspend 200 internal accounts with admin privileges as the “cyber incident” progressed through its IT estate.
By this point, I’m expecting to read that an attack on a school district is a ransomware attack or a DDoS attack. This is neither. Eddie Robertson reports: A cyberattack against Wayne County School District’s 16th Section Principal Fund Account has resulted in an investigation by the FBI after they were contacted by school officials shortly after the breach was discovered on July 2. Money in that account is made up of royalty revenue from oil produced on property owned by the school district.
Round Up of Major Vulnerabilities and Patches
Five French cafe and bar owners have been arrested for breaking a 2006 law which states that those who proved internet access must maintain access logs for those using the WiFi for at least a year. The arrests took place in the city of Grenoble, with the owners taken into custody last week after they have been discovered to be running open WiFi networks in their cafes and not maintaining a log of past users.
Microsoft researchers reported that Iranian cyber espionage group MuddyWater is exploiting the Zerologon vulnerability in attacks in the wild. Microsoft published a post and a series of tweets to warn of cyber-attacks exploiting the Zerologon vulnerability carried out by the Iran-linked APT group known as MuddyWater, aka Mercury. The Zerologon vulnerability, tracked as CVE-2020-1472, is an elevation of privilege that resides in the Netlogon. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture.