OSN August 12, 2021

by | Aug 12, 2021 | Company News

Title: Accenture Confirms Hack After LockBit Ransomware Data Leak Threats
Date Published:  August 12, 2021

https://www.bleepingcomputer.com/news/security/accenture-confirms-hack-after-lockbit-ransomware-data-leak-threats/

Excerpt:  “Accenture, a global IT consultancy giant has allegedly been hit by a ransomware cyberattack from the LockBit ransomware gang.  Accenture is an IT giant known to serve a wide range of industries including automobiles, banks, government, technology, energy, telecoms, and many more.  Valued at $44.3 billion, Accenture is one of the world’s largest tech consultancy firms employing around 569,000 employees across 50 countries.”

Title: Ransomware Gang Uses PrintNightmare to Breach Windows Servers
Date Published:  August 12, 2021

https://www.bleepingcomputer.com/news/security/ransomware-gang-uses-printnightmare-to-breach-windows-servers/

Excerpt:  “Ransomware operators have added PrintNightmare exploits to their arsenal and are targeting Windows servers to deploy Magniber ransomware payloads.  PrintNightmare is a class of security vulnerabilities (tracked as CVE-2021-1675, CVE-2021-34527, and CVE-2021-36958) impacting the Windows Print Spooler service, Windows print drivers, and the Windows Point and Print feature.  Microsoft has released security updates to address CVE-2021-1675 and CVE-2021-34527 in June, July, and August.”

Title: Microsoft Confirms Another Windows Print Spooler Zero-day Bug
Date Published:  August 12, 2021

https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-another-windows-print-spooler-zero-day-bug/

Excerpt:  “Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer.  This vulnerability is part of a class of bugs known as ‘PrintNightmare,’ which abuses configuration settings for the Windows print spooler, print drivers, and the Windows Point and Print feature.  Microsoft released security updates in both July and August to fix various PrintNightmare vulnerabilities.”

Title: A Remedial Approach to Destructive IoT Hacks
Date Published:  August 12, 2021

https://www.helpnetsecurity.com/2021/08/12/destructive-iot-hacks/

Excerpt:  “As of this year, there are more than 10 billion active IoT devices all over the world, many of which are deployed in enterprises.  Keeping those devices secure is of the utmost importance, lest they be a way in for attackers, so it’s imperative that organizations institute IoT security practices that remediate vulnerabilities and better protect the network – by identifying and securing every “thing”. The main challenge lies in the fact that most companies aren’t aware of the spread of devices connected to its network.  Executives often greatly underestimate how much of their network is made up of IoT devices––putting the number at about 1 percent. However, it’s typically 20 percent or higher. In fact, IBM X-Force recently estimated that devices make up 43 percent of the access points on the average organization’s network.”

Title: Threat Actors Behind the Poly Network Hack are Returning Stolen Funds
Date Published:  August 12, 2021

https://securityaffairs.co/wordpress/121057/hacking/poly-network-hackers.html

Excerpt:  “The threat actor behind the hack of the Poly Network cross-chain protocol is now returning the stolen funds. The hackers have stolen $611 million worth of cryptocurrency assets, $273 million worth of Ethereum tokens, $253 million in tokens on Binance Smart Chain and $85 million in USDC on the Polygon network.  The Representatives of Poly Network asked the hackers to return the stolen assets to avoid the response of law enforcement.”

Title: Microsoft Warning: This Unusual Malware Attack Has Just Added Some New Tricks
Date Published:  August 12, 2021

https://www.zdnet.com/article/microsoft-warning-this-unusual-malware-attack-has-just-added-some-new-tricks/

Excerpt:  “Microsoft’s Security Intelligence team is once again raising an alarm about the call center phishing and malware group behind what it calls BazaCall.  “We are tracking multiple active email campaigns that use BazarLoader to deliver a wide range of payloads. These campaigns appear disparate but share a common trait: their tactics attempt to challenge conventional email security solutions and best practices,” Microsoft said in a tweet.  The ‘Stolen Images’ Bazarloader campaign uses fake copyright infringement contact form emails and malicious files pretending to contain “stolen images” to trick users into downloading the malware.”

Title: Japanese Electronic Components Manufacturer Murata Apologizes for Breach of Employee and Customer Data
Date Published:  August 12, 2021

https://www.zdnet.com/article/japanese-electronic-components-manufacturer-murata-apologizes-for-breach-of-employee-and-customer-data/

Excerpt:  “An official with Japanese electronic components manufacturer Murata has released an apology for the leak of thousands of files in June that contained bank account information for employees and business partners of the company.  Norio Nakajima, CEO of Murata Manufacturing, released a statement apologizing for an incident on June 28 when a subcontractor downloaded a project management data file containing 72,460 pieces of information.  More than 30,000 documents contained business partner information like company name, address, associated names, phone numbers, email addresses and bank account numbers. The companies are based in Japan, China, Philippines, Malaysia, Singapore, the US and EU but the enterprises “subject to customer information are only China and the Philippines.””

Title: Attacks Against Industrial Networks Will Become a Bigger Problem. We Need to Fix Security Now
Date Published:  August 12, 2021

https://www.zdnet.com/article/attacks-against-industrial-networks-will-become-a-bigger-problem-we-need-to-fix-security-now/

Excerpt:  “Industrial infrastructure, including electricity grids, oil and gas facilities, manufacturing plants and more, has become a tempting targets for cyber attackers, whether they’re criminal gangs attempting to make money from ransomware attacks, or nation-state-backed hacking operations out for espionage and disruption.  Recent incidents – such as the Colonial Pipeline ransomware attack, and a cyber attacker attempting to modify chemical levels in the drinking water supply at a water-treatment plant in Florida – have demonstrated how industrial infrastructure is vulnerable to hackers – and that attacks against these systems can have a broader impact on the general public.  Many industrial networks have operated on the same technology for decades and the need to secure them against attacks is well known. ”

Title: Data Breach at Georgia Health System
Date Published:  August 11, 2021

https://www.infosecurity-magazine.com/news/data-breach-at-georgia-health/

Excerpt:  “A health system in Georgia has begun notifying patients of a six-month-long data breach that culminated in a ransomware attack.  St. Joseph’s/Candler (SJ/C), one of the largest hospital systems in Savannah, became aware of suspicious network activity on the morning of June 17, 2021. A ransomware attack was confirmed, and steps were taken to limit its impact.  With its computers out of action, the health system used social media to spread word of the security incident, posting: “On the morning of June 17, St. Joseph’s/Candler became aware of suspicious network activity. As a security measure, SJ/C took immediate steps to isolate systems and to limit the potential impact.  “We also promptly initiated an investigation into the scope of the incident, which is ongoing and in its early stages, although SJ/C has confirmed that the incident involved ransomware.””

Title: Attackers Increasingly Turning to DDoS as a Ransom Vector
Date Published:  August 12, 2021

https://www.infosecurity-magazine.com/news/attackers-turning-ddos-ransom/

Excerpt:  “Nearly half (44%) of organizations have been targeted or fallen victim to a ransom-related distributed denial of service (RDDoS) attack in the past 12 months, according to a survey of 313 cybersecurity professionals by the Neustar International Security Council (NISC).  Interestingly, during the same period, a lower proportion (41%) of organizations were targeted by a ransomware attack, suggesting cyber-criminals are increasingly using DDoS attacks as a means of extorting money from victims.  Rodney Joffe, chairman of NISC, SVP and fellow, Neustar, explained: “Rather than spending a lot of time and careful planning on infecting an organization’s network with malware or ransomware, cyber-criminals are taking an easier approach and using DDoS as a ransom vector. For bad actors, launching a DDoS attack is relatively simple and also has the added benefit of being harder to trace back to its origin.”  The research indicates that this is an effective ransom tactic; 70% of organizations hit by RDDoS were targeted multiple times, and 36% admitted they paid the ransom. This compares to 57% of those infected by ransomware being targeted on multiple occasions, with the same proportion (36%) choosing to pay the ransom.”