Cybersecurity news provided by NetworkTigers on Monday, 4 April 2022.
SAN MATEO, CA — FBI releases ransomware warning, US denies accusations of cyberattacks against Russia, Viasat hacked using modem-wiping malware, Calendly used for phishing scam, Globant hacked by Lapsus$, Connecticut airport website victim of cyberattack, hackers steal more than $600 million in crypto, leaked details of Okta hack shows weak security, Ukrainian internet provider taken down by cyberattack, Kaspersky added to US national security blacklist, CISA adds 66 bugs to known vulnerabilities list.
FBI releases ransomware warning
The FBI has released a Private Industry Notification (PIN) in which it warns local government organizations and public services about an increased risk of ransomware attacks. The PIN details some recent ransomware incidents, describes how to best protect against attack and provides information about how to report cybercrime to the FBI directly. Read more.
US denies accusations of cyberattacks against Russia
Russia’s Ministry of Foreign Affairs has accused the US of engaging in a cyberattack campaign against the country in which hundreds of critical infrastructure networks were under fire. The US has denied Russia’s statement, calling it “disinformation.” Read more.
Viasat hacked using modem-wiping malware
Researchers have determined that the February 24th cyberattack on Viasat that coincided with Russia’s invasion of Ukraine was carried out using a new modem-wiping malware variant called AcidRain. Viasat asserts that no user data was accessed in the attack and that it was isolated to a specific portion of the company’s network operated on their behalf by Eutelsat subsidiary, Skylogic. Read more.
Calendly used for phishing scam
Popular calendar app Calendy has been leveraged by scammers to trick victims into revealing their email credentials. The scammers are leading victims to malicious links via emails sent from within Calendly that slip past email security features. This scam marks the first instance of cybercriminals using Calendly as a means by which to steal personal information. Read more.
Globant hacked by Lapsus$
Globant, a major software and IT consultancy company, has been hacked by Lapsus$. The extortion group recently posted 70GB of stolen data online that included administrative credentials and source code. Researchers say that the data leaked is “significant” with regard to the customers that it impacts. Read more.
Connecticut airport website victim of cyberattack
Connecticut’s Bradley International Airport had its website hit with a DDoS attack that contained messaging sympathetic to Russia stating that as soon as weapons shipments to Ukraine are stopped, the hacks will cease. CyberKnow has attributed the hack to Russian hacker group Killnet, although no official statement has done so. It is not known why Bradley International would be targeted specifically. The airports operations were not affected by the hack. Read more.
Hackers steal more than $600 million in crypto
Ronin Network, a blockchain developed by game publisher Sky Mavis to host game Axie Infinity, has been compromised. In what is one of the largest crypto thefts yet, criminals have made off with more than $600 million in Ethereum and USDC. The hackers gained access to the network on March 23rd and remained unnoticed until a user was not able to withdraw funds from their account. Read more.
Leaked details of Okta hack shows weak security
Documents related to the hack of Okta by Lapsus$ reveal that the hackers used commonly known and easy to download tools in order to exploit vulnerabilities within their system. The timeline of events does not square with Okta’s official statements regarding the attack, and implies that Okta was not stringent in their efforts to contain the breach, mitigate damage or protect the data of their clients. Read more.
Ukrainian internet provider taken down by cyberattack
Ukrtelecom, Ukraine’s largest fixed line telecommunications provider, has been hit with what is being described as the most severe cyberattack against the country since Russia’s invasion began. The type of attack levied against the provider is not yet known, although it has caused service disruptions across the country. Ukrtelecom appears to be struggling to restore operations and mitigate the effects of the attack. Read more.
Kaspersky added to US national security blacklist
Russian cybersecurity firm Kaspersky has been added to the US blacklist over concerns that the company poses risks to nation security. The addition marks the first time a Russian company has been blocked, as other organizations have been based out of China. Kaspersky’s official statement claims that the move was political and not based on any actual information. The use of Kaspersky’s products by federal contractors was already banned in 2017. Read more.
CISA adds 66 bugs to known vulnerabilities list
Covering a wide range of vulnerabilities existing in both hardware and software, CISA’s “Known Exploited Vulnerabilities” list has had 66 new entries added. Federal agencies have until April 15th to patch the bugs listed, whose disclosure dates span from 2005 to 2022. Read more.
More cybersecurity news
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses, health care and government agencies globally. www.networktigers.com
NetworkTigers provides the latest industry and cybersecurity news in a weekly roundup at news.networktigers.com.