Round Up of Major Breaches and Scams
Washington state is among those being targeted by a “large-scale, highly sophisticated” nationwide phishing campaign, the office of Gov. Jay Inslee said Thursday. At a press conference Thursday, Inslee said that the state is taking proactive measures to protect state systems, but he said that no ransomware activity has occurred among the agencies targeted, and no state services have been impacted.
A Maryland man was sentenced to 12 months and one day in prison for hacking into and damaging the computers of his former employer. From January 5, 2004, through August 6, 2015, the man, Shannon Stafford, 50, of Crofton, Maryland, was employed at an unnamed international company with thousands of offices worldwide, in the IT department. Employed at the company’s Washington office, Stafford provided IT technical support to the organization’s Washington, McLean, Virginia, and Baltimore offices.
Round Up of Major Malware and Ransomware Incidents
A new ransomware strain called “Mount Locker” is demanding that victims pay multi-million dollar ransom payments to recover their data. According to Bleeping Computer, the ransomware first began making the rounds in July 2020. The malicious actors responsible for this threat took a cue from other crypto-malware gangs by stealing victims’ unencrypted data and threatening to publish the data unless they received payment.
A Russian citizen accused of offering a Tesla employee $1 million to enable a ransomware attack at the electric car company’s plant in Nevada denied wrongdoing Thursday before a federal magistrate judge. “I’m not guilty,” Egor Igorevich Kriuchkov said in response to a charge of conspiracy to intentionally cause damage to a protected computer. He said earlier in the hearing that he wanted “to go through the whole process as fast as possible.”
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware. Ransomware attacks are on the rise. SonicWall reported a 109% increase in ransomware the US during the first half of 2020. Due to relatively low execution costs, high rates of return, and minimal risk of discovery compared with other forms of malware, ransomware has quickly become a preferred method of attack for cybercriminals.
Round Up of Major Vulnerabilities and Patches
As the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks. Now according to network security platform provider SAM Seamless Network, over 200,000 businesses that have deployed the Fortigate VPN solution to enable employees to connect remotely are vulnerable to man-in-the-middle (MitM) attacks.
Airbnb may be at the heart of a severe security incident as hosts report they are able to inadvertently access private inboxes that are unrelated to their accounts. On Thursday, Airbnb hosts flooded Reddit, querying the sudden appearance of inboxes that do not belong to them when they signed into the service. In screenshots of an inbox shared on the platform, Reddit user “Autocasa” said that they had “no association with these people or their apartment names.”
Multiple vulnerabilities have been discovered in Microsoft Edge, the most severe of which could allow for arbitrary code execution. Microsoft Edge is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data.