Cybersecurity news provided by NetworkTigers on Monday, 18 April 2022.
SAN MATEO, CA — Cisco vulnerability allows criminals to create login creds, major wind turbine company attacked by Conti, FBI: North Korean hackers stole over $600 million in crypto, US federal alert warns of new “Pipedream” malware, RaidForums shut down by US authorities, ransomware breaches decrease by 25% in first quarter of 2022, Ukraine stymies Russian cyberattack on power grid, CISA warns of WatchGuard bug, Conti hacks Panasonic, researchers caution against info-stealing malware, Conti leak used to attack Russian organizations.
Cisco vulnerability allows criminals to create login creds
Cisco has released a warning related to a vulnerability within certain Wireless LAN Controller software that can allow a hacker to create their own login credentials and take control of a system. Cisco has suggested updates and also some techniques to mitigate the bug for those unable to update. Thus far, no evidence has suggested that this exploit is being used in the wild. Read more.
Major wind turbine company attacked by Conti
Nordex, one of the world’s largest manufacturers of wind turbines, has been attacked with ransomware courtesy of Russia’s Conti hacker gang. The attack forced the company to shut down IT systems and remote access to their turbines. Nordex said that the breach only affected internal systems. Conti has claimed credit for the hack, but a lack of leaked data implies that they are currently negotiating a ransom demand with Nordex. Read more.
FBI: North Korean hackers stole over $600 million in crypto
According to the FBI, Lazarus Group and APT38, two hacker gangs associated with North Korea, are responsible for the recent theft of more than $600 million in crypto from video game company Axie Infinity. Evidence suggests that cybercrime, and crypto thefts specifically, are a source of income for the North Korean regime under Kim Jung Un. Read more.
US federal alert warns of new “Pipedream” malware
A joint warning has been issued from a variety of US agencies warning about the discovery of malicious cyber tools designed specifically to gain control of industrial control systems. The malware is consistent with previous attempts at the hands of Russian hackers, although authorities are not currently disclosing who may be responsible for the danger. The newly discovered malware is being called “Pipedream.” Read more.
RaidForums shut down by US authorities
US law enforcement has taken down RaidForums, one of the largest marketplaces for the buying, selling and trading of stolen databases and information. The marketplace’s founder, a Portuguese citizen, is facing six criminal counts. The FBI, along with Portuguese authorities and in collaboration with a range of international help, seized three domains associated with RaidForums. Read more.
Ransomware breaches decrease by 25% in first quarter of 2022
Digital Shadows has reported that the number of ransomware victims has dropped by 25% in the first quarter of 2022. The decrease is likely due to increased pressure on some of the major ransomware players that resulted in less activity. However, new ransomware groups are continually forming and shuffling members, making experts assume that the numbers will increase as the year continues. Read more.
Ukraine stymies Russian cyberattack on power grid
The Ukrainian government has reportedly thwarted an attempt by Russian hackers to attack critical power infrastructure. The attack was designed to shut down victim networks and was carried out by GRU, an arm of Russia’s military that is responsible for previous cyberattacks. The campaign was fought off thanks to the combined effort of the Ukrainian government, Microsoft and a team of IT staffers. Read more.
CISA warns of WatchGuard bug
CISA has posted a warning to organizations about Russian hacking group Sandworm and their efforts to create a botnet by exploiting a bug in WatchGuard Firebox and XTM firewall appliances. The group has been using Cyclops Blink malware to target these appliances since 2019. The FBI has dismantled Sandworm’s efforts thus far and recommends that users of these devices follow all update instructions recommended by the manufacturer. Read more.
Conti hacks Panasonic
Panasonic has reported that its Canadian operations were hacked in February of this year. Russian ransomware gang Conti has taken credit for the attack and claims to have stolen more than 2.8 GB of data from the electronics company. It is not known if Conti made a ransom demand in the attack, nor has Panasonic shared any extensive details about the incident. Read more.
Researchers caution against info-stealing malware
Two information-stealing malware types, FFDroider and Lightning, have been spotted in the wild and pose a threat to those who may be unaware of the danger. Information-stealers are able to grab credentials and data from an infected computer and send the info directly to a remote entity and are becoming increasingly common. Read more.
Conti leak used to attack Russian organizations
Conti ransomware gang, having suffered a severe data breach at the onset of Russia’s war against Ukraine, has seen its malware being repurposed and turned against Russian organizations. A hacking group called NB65 has been actively hacking Russian agencies and claiming that the attacks are in retaliation for the country’s invasion. So far, NB65 is said to have hacked Russian TV, the nation’s space agency and more. Read more.
More cybersecurity news
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses, health care and government agencies globally. www.networktigers.com
NetworkTigers provides the latest industry and cybersecurity news in a weekly roundup at news.networktigers.com.