Categories
APT Botnet Breach Bug CVE Cyber Security Data leak DDoS Espionage Hacking Malware Maze Phishing Ransomware RAT Ryuk Scam Trojan Vulnerability

Cisco to pay $1.9B for infringing security patents, Ardonagh Group disables 200 admin accounts after ransomware attack, and more

Major cybersecurity events on 6th October 2020 (Evening Post): Ryuk attacks 20 organizations a week as ransomware threat surges. French cafe owners arrested for not maintaining a log of their open WiFi network users. Iran-linked APT exploits Zerologon flaw in attacks.

Round Up of Major Breaches and Scams

The anatomy of a $15 million cyber heist on a US company

Experienced fraudsters made off with $15 million from a U.S. company after carefully running an email compromise that took about two months to complete. The cybercriminal executed their plan with surgical precision after gaining access to email conversations about a commercial transaction. They inserted themselves in the exchange to divert the payment and were able to keep the theft hidden long enough to get the money.

Europol Warning as Cybercrime Adapts Quickest to New Normal

Cyber-criminals have continued to adapt and grow in sophistication over the past year, to stay hidden on the dark web and cause maximum damage with ransomware attacks, according to Europol. Ransomware remains “the most dominant threat” today and is becoming more dangerous as cyber-criminals continue to target their attacks with sophisticated, multi-stage raids starting with reconnaissance.

Cisco Ordered to Pay $1.9 Billion for Security Patent Infringement

Cisco has been ordered to pay $1.9 billion to a little-known threat detection company who accused it of infringing several cybersecurity patents. US District Judge Henry Morgan issued his verdict in Norfolk, Virginia after a month-long trial held without a jury due to COVID-19. He found Cisco had infringed four patents belonging to Herndon, Virginia-headquartered Centripetal Networks, with no action take regarding a fifth, according to Reuters.

Round Up of Major Malware and Ransomware Incidents

Insurance firm Ardonagh Group disabled 200 admin accounts as ransomware infection took hold

Jersey-headquartered insurance company Ardonagh Group has suffered a potential ransomware infection. Informed sources whispered to The Register that the insurance firm had been forced to suspend 200 internal accounts with admin privileges as the “cyber incident” progressed through its IT estate. The UK’s second largest privately owned insurance broker, according to the Financial Times, Ardonagh Group has spent the year to date acquiring other companies.

Android malware: Banking trojan Alien a rising threat

For over a decade, computer users have been plagued by malicious programs designed to steal their online banking credentials and initiate fraudulent transactions from their accounts. As mobile banking gained more adoption over the years, these programs followed the trend and jumped from computers to smartphones. One of the most widely used Android banking Trojans was abandoned by its creators last month, but the gap left in the cybercrime ecosystem is rapidly being filled by an even more potent one dubbed Alien.

Ransomware threat surge, Ryuk attacks about 20 orgs per week

Malware researchers monitoring ransomware threats noticed a sharp increase for these attacks over the past months compared to the first six months of 2020. At the top of the list are Maze, Ryuk, and REvil (Sodinokibi) ransomware families, according to recently published data from Check Point and IBM Security X-Force Incident Response team. Both companies observed a surge in ransomware incidents at a global level between June and September, with some threats being more active than others.

Insurance firm Ardonagh Group disabled 200 admin accounts as ransomware infection took hold

Jersey-headquartered insurance company Ardonagh Group has suffered a potential ransomware infection. Informed sources whispered to The Register that the insurance firm had been forced to suspend 200 internal accounts with admin privileges as the “cyber incident” progressed through its IT estate.

FBI investigating after cyberattack targets Wayne County School District

By this point, I’m expecting to read that an attack on a school district is a ransomware attack or a DDoS attack. This is neither. Eddie Robertson reports: A cyberattack against Wayne County School District’s 16th Section Principal Fund Account has resulted in an investigation by the FBI after they were contacted by school officials shortly after the breach was discovered on July 2. Money in that account is made up of royalty revenue from oil produced on property owned by the school district.

Round Up of Major Vulnerabilities and Patches

French cafe owners arrested for running no-log WiFi networks

Five French cafe and bar owners have been arrested for breaking a 2006 law which states that those who proved internet access must maintain access logs for those using the WiFi for at least a year. The arrests took place in the city of Grenoble, with the owners taken into custody last week after they have been discovered to be running open WiFi networks in their cafes and not maintaining a log of past users.

Iran-linked APT is exploiting the Zerologon flaw in attacks

Microsoft researchers reported that Iranian cyber espionage group MuddyWater is exploiting the Zerologon vulnerability in attacks in the wild. Microsoft published a post and a series of tweets to warn of cyber-attacks exploiting the Zerologon vulnerability carried out by the Iran-linked APT group known as MuddyWater, aka Mercury. The Zerologon vulnerability, tracked as CVE-2020-1472, is an elevation of privilege that resides in the Netlogon. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture.