Cybersecurity Weekly: Ransomware training, holiday package phishing attack, $10 million DarkSide bounty
Should companies subject employees to ransomware-specific security training? Tis the season for the wayward package phish. The U.S. puts a $10 million bounty on DarkSide ransomware hackers. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Should companies subject employees to ransomware-specific security training?
According to a recent report, only 31% of 1,500 employees and 36% of 1,500 business leaders said that their enterprises offer ransomware-focused security training. This lag could be attributed to organizations not having an adaptable and scalable cybersecurity education program that can cover new topics as they arise, which we know often happens in cyber.
2. Tis the season for the wayward package phish
The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a lure about a wayward package that needs redelivery. Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients.
3. The U.S. puts a $10 million bounty on DarkSide ransomware hackers
The DarkSide ransomware gang spent a year or so as one of the most prolific groups in a very crowded field of criminal hackers. The U.S. State Department offered a reward of up to $10 million for anyone who has information that will help them identify or locate DarkSide leadership, as well as up to $5 million for tips that lead to the arrest or conviction of DarkSide affiliates.
4. Criminal group dismantled after forcing victims to be money mules
The Spanish police have arrested 45 people who are believed to be members of an online fraud group that operated twenty websites to defraud at least 200 people of 1,500,000 Euros, or $1.73 million. The simultaneous weekend raids took place in various provinces of Spain, and were the result of lengthy investigations that began in July 2019.
5. BlackBerry uncovers initial access broker linked to three distinct hacker groups
A previously undocumented initial access broker has been unmasked as providing entry points to three different threat actors for mounting intrusions that range from financially motivated ransomware attacks to phishing campaigns. BlackBerry's research and intelligence team dubbed the entity Zebra2104.
6. Two NPM packages with 22 million weekly downloads backdoored
In yet another instance of a supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly downloads of nearly 22 million were compromised with malicious code by gaining unauthorized access to the respective developer's accounts.
7. Electronics retail giant MediaMarkt hit by ransomware attack
MediaMarkt suffered a weekend ransomware attack that encrypted servers and workstations and led to the shutdown of IT systems to prevent the attack's spread. The attack affected numerous retail stores throughout Europe. While online sales continue to function as expected, cash registers cannot accept credit cards or print receipts at affected stores.
8. Experts detail malicious code using ManageEngine ADSelfService exploit
At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus self-service password management and single sign-on solution.
9. SolarWinds vulnerability exploited in first stage of Clop ransomware attacks
A recent surge in Clop ransomware attacks led researchers to spot a common thread in the first stage of the attack: the exploitation of a known and patched vulnerability in SolarWinds Serv-U file server software. Researchers recently spotted the attack chain while conducting incident response cases of Clop ransomware victims.
10. White hat hackers earn over $1 Million at Pwn2Own Austin 2021
The Pwn2Own Austin 2021 hacking contest has ended, the participants earned a total of $1,081,250 for 61 zero-day exploits. The participants compromised NAS devices, mobile phones, printers, routers, and speakers from Canon, Cisco, HP, NETGEAR, Samsung, Sonos, TP-Link and Western Digital.