Cybersecurity news provided by NetworkTigers on Monday, 22 March 2021.
SAN MATEO, CA — Acer victim of ransomware demand, CISA-FBI joint advisory on protection from TrickBot malware, cyberattack paralyzes Phoenix colleges, F5 discloses vulnerability in BIG-IP product, Russian national pleads guilty to Tesla malware scheme, Premiere Diagnostics stores patient IDs on unsecured server, New York state 911 call center attacked with ransomware, Microsoft releases “one-click” tool to address vulnerabilities within Exchange Server, one third of cybercrimes in 202 were new, New Zealand shipping company suffers security breach, Indian seaport under cyberattack, Buffaolo school closed due to ransomware attack, Swiss police seize equipment of self-confessed hacker.
Acer attacked with ransomware
Taiwanese computer manufacturer Acer is reported to have been a victim of the REvil ransomware gang in what may be the largest financial demand for stolen data ever made. The group is asking for a staggering $50 million in exchange for sensitive information that they are assumed to have accessed using the vulnerability present in Microsoft Exchange. REvil has posted photos on the dark web as proof of the hack. Acer has not yet made details of the breach clear in any official statements. Read more.
CISA-FBI issue joint advisory with regard to TrickBot malware
Criminals are using a phishing scheme in which they prompt victims to download TrickBot, which is a sophisticated piece of malware that allows for a full spectrum of harmful and illegal action once installed. The emails are reported to contain alleged proof of traffic violations. As a result of its prevalence, the CISA and FBI have issued a Joint Cybersecurity Advisory (CSA) with regard to TrickBot. Authorities have provided a list of measures to help protect against a breach caused by the malware. Read more.
Phoenix colleges suffer potential cyberattack
The Maricopa County Community College District, made up of ten schools in Phoenix, Arizona, has suffered a network outage due to a suspected cyberattack. Students enrolled in the district will get an extra week of spring break as the outage has reportedly paralyzed the college’s network. The school’s chancellor said that the motion to keep schools closed for the week was executed out of “an abundance of caution,” and is meant to allow staff and experts to understand the source of the disruption and bring the network safely and successfully back online. Read more.
BIG-IP under attack from cybercriminals due to vulnerability
In the wake of the recent major breach involving Microsoft Exchange, Seattle-based company F5 has disclosed that their BIG-IP product, used by many to manage high traffic networks, has been found to not only be vulnerable to attack but also currently under siege. Due to the amount of access one can gain from accessing BIG-IP, as well as the relative lack of knowhow it requires to take advantage of the weakness, the severity of the vulnerability has been rated 9.8 out of 10. F5 has released patches for this weakness as well as a few others over the last week, but much of this development has been unable to make mainstream news due to the spotlight currently being focused on Microsoft Exchange. Read more.
Russian national pleads guilty to Tesla malware scheme
A Russian man named Egor Igorevich Kriuchkov has pleaded guilty after being apprehended encouraging a Tesla employee to install malware into the company’s network in exchange for $1 million to be delivered in Bitcoin. Kriuchkov is said to have met with the employee in Reno, NV and Lake Tahoe, CA, treating the unnamed Tesla worker to all expenses paid meals and entertainment. Kriuchkov was seeking to deploy a multi-layered attack on Tesla, first distracting cybersecurity officials within the company with a decoy breach and then taking advantage of said distraction by initiating a second “real” attack that would extract sensitive company data. The information was then to be held for ransom. The Tesla employee reported Kruichkov to the FBI and was then recruited as an informant. Read more.
COVID-19 testing company stored scans of patient photo IDs on unsecured server
Premiere Diagnostics, a company that has been providing different types of COVID-19 testing since the onset of the pandemic, has been found to have been storing scans of the photo IDs of around 52,000 patients on a server that did not even require a password to access. The scans include passports, drivers licenses, and health insurance ID cards. The incident was discovered by Comparitech, a cybersecurity watchdog. While no evidence of malicious activity with regard to the data has been found, the same scanning technology that Comparitech used to easily find the vulnerability could have been used by criminals. Premiere Diagnostics has since secured the information. Read more.
New York State capital region’s 911 call center attacked with ransomware
Authorities are unsure how a ransomware attack that took hold of computer-aided dispatch facilities for New York’s Albany, Rensselaer, and Saratoga counties took place. Staff worked through the night to mitigate the damage from the attack before it was able to completely paralyze the system. While 911 calls were not affected, the Albany sheriff stated that some information was obtained in the breach. The incident serves to underscore the importance of protecting public services and utilities from cyber attacks as such breaches become more common and increasingly sophisticated. Read more.
Microsoft releases “one-click” tool for Exchange Server security
For small companies with fewer resources, such as a dedicated IT department or advanced cybersecurity staff, Microsoft has released a “one-click” tool that is designed to easily address the highest risk vulnerabilities within Exchange Server. Microsoft has stated that the “Microsoft Exchange On-Premises Mitigation Tool” is not a complete replacement for patching outdated software. It has only been designed to provide protection against attacks that have already been observed and therefore is not guaranteed to provide security against future efforts. The company has reported that around 80,000 servers worldwide still remain unpatched and therefore vulnerable. Read more.
Nearly a third of cybercrime threats from last year had never been seen before
Proving that the world of cybersecurity is in a continual state of evolution, HP Inc. has stated that 29% of the threats detected in the last quarter of 2020 were new, never before seen attacks. The results of their latest Quarterly Threats Index Report also indicate that, due to the priority placed upon zero-day exploits, many companies tend to ignore older vulnerabilities within their systems leaving them exposed to opportunistic attackers. Read more.
International courier suffers security breach
New Zealand-based shipping company Fastway Couriers has revealed that it has suffered a breach of data in a cyberattack affecting 450,000 customers. Information exposed consists of names, addresses, email addresses, and telephone numbers. Fastway is currently utilizing an outside IT consultancy firm in order to carry out an independent investigation into the attack and has reassured customers that no financial data was compromised. Read more.
Indian seaport under cyberattack
Indian authorities, deeply mired in the battle with China-aligned hackers over the country’s power infrastructure, have another frontier to manage as reports have revealed that India’s seaports are also in the crosshairs. Recorded Future, a U.S.-based security firm, has stated that at least one of the country’s ports has had its network compromised for an undisclosed but extended period of time. Reports show that the breach is attributed to Chinese-affiliated hacking group RedEcho. Read more.
Buffalo school closed due to ransomware attack
New York’s state’s Buffalo Public School District suffered a ransomware attack last week that is continuing to cause disruption. The school was in the process of phasing in regularly attended classes but has now had to close the Monday following the attack to perform system tests and ensure that the network can function properly. It is currently not known what information may have been exposed and thus far no demands have been made. Read more.
Swiss police seize equipment of individual claiming credit for Verkada security camera hack
As requested by U.S. authorities, Swiss police in the city of Lucerne have raided the home of a hacker who claimed to have taken part in the breach of security startup Verkada. Electronic equipment was reportedly seized in the search, and the Swiss office has directed all inquiries into the raid to U.S. authorities. The hack allowed unauthorized access to thousands of live camera feeds in what was a politically motivated attack said to highlight the pervasiveness of video surveillance in everyday life. Read more.
More cybersecurity news
Read more cybersecurity news and articles brought to you by NetworkTigers.
About NetworkTigers
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com
Contact NetworkTigers
Mike Syiek, CEO
NetworkTigers, Inc.
1029 S. Claremont Ave
San Mateo, CA 94402
editor@networktigers.com
1-800-430-6950