Ukraine novel ransomware, Drones drop pineapple, Tata Power attacked
Microsoft says Ukraine, Poland targeted with novel ransomware attack
A newly discovered hacking group has attacked transportation and logistics companies in Ukraine and Poland with a novel kind of ransomware. Microsoft said in a blog post on Friday that the attackers targeted a wide range of systems within an hour on Tuesday, Microsoft said, adding that it hadn’t been able to link the attacks to any known group yet, but found that the hacks closely mirrored earlier attacks by a Russian government-linked cyber team that had disrupted Ukraine government agencies. The new ransomware, named “Prestige,” overlaps with those of another data-shredding cyberattack that involved the “FoxLoad,” or “HermeticWiper” malware.
(Reuters)
Wi-Fi spy drones snoop on financial firm
In a Twitter thread, Security researcher Greg Linares said a hacking incident at an unnamed US East Coast private investment firm was discovered when the financial firm spotted unusual activity on its internal Atlassian Confluence page. The company’s security team responded and found that the user whose MAC address was used to gain partial access to the company Wi-Fi network was also logged in at home several miles away. On the roof they found two Phantom drones, one with a modified Wi-Fi Pineapple device, and the other carrying a case that contained a Raspberry Pi, several batteries, a GPD mini laptop, a 4G modem, and another Wi-Fi device. Sophos senior threat researcher Sean Gallagher told?The Register?the attack described is something people have done “warwalking” with Wi-Fi Pineapples or the equivalent.
Indian power generation giant Tata Power hit by a cyber attack
In a brief statement released on Friday, the Mumbai-based company said that the attack impacted some of its IT systems. Tata Power did not share any further specifics on the matter. When asked by?TechCrunch, a PR representative refused to answer questions related to the nature of the attack and its impact on the organization, and declined to say whether any data was stolen.
Taiwan touts $900 million in new business from Silicon Valley meetings
Taiwan’s economy minister Wang Mei-hua met with top executives from NVIDIA, Cisco, Applied Materials, and Synopsys, adding that she “got great interest” from them. The visits are expected to bring back U.S. research and development investment and orders in Taiwan worth more than $900 million, although the island’s position as a producer has prompted worries in the United States that it is too reliant on Taiwan, especially as China ramps up military drills to assert its sovereignty claims.
(Reuters)
领英推荐
Thanks to this week’s episode sponsor, SafeBase
Dutch Police trick DeadBolt ransomware out of decryption keys
The Dutch National Police, in collaboration with cybersecurity firm Responders.NU, tricked the DeadBolt ransomware gang into handing over 155 decryption keys by faking ransom payments. This was achieved by making the payments in bitcoin but canceling the transactions before they were included in a block. This meant, the decryption key is sent immediately without waiting for a blockchain confirmation that the bitcoin transaction was legitimate. Responders.NU security expert Rickey Gevers told?BleepingComputer?“the attacker found out within several minutes, but we were able to grab 155 keys.” That meant that 90% of the victims who reported the deadbolt attack to the police got the decryption key for free.”
Microsoft Office 365 vulnerability lets hackers sidestep email encryption
A researcher from cloud and endpoint protection provider WithSecure has discovered an unpatchable flaw in Microsoft Office 365 Message Encryption (OME). The flaw enables a hacker to infer the contents of encrypted messages. OME uses the electronic codebook (ECB) block cipher, which leaks structural information about the message. This means if an attacker obtains many emails they can infer the contents of the messages by analyzing the location and frequency of patterns in the messages and matching these to other emails. Though this requires some sophistication, it suggests that just because emails are encrypted, doesn’t mean they’re safe from threat actors.
Almost 900 servers hacked using Zimbra zero-day flaw
The critical Zimbra Collaboration Suite (ZCS) vulnerability existed as a zero-day without a patch for nearly 1.5 months. The vulnerability tracked as CVE-2022-41352 is a remote code execution flaw that allows attackers to send an email with a malicious archive attachment that plants a web shell in the ZCS server while, at the same time, bypassing antivirus checks. According to Kaspersky, various APTgroups actively exploited the flaw soon after it was reported on the Zimbra forums.?
Last week in ransomware
The most interesting news last week involved the Dutch Police DeadBolt Ransomware story mentioned earlier in this newscast. Other interesting ransomware research includes fake adult sites pushing data wipers, TTPs on Black Basta, information on a new Prestige Ransomware targeting Ukraine and Poland (as also mentioned in this newscast, and Magniber ransomware being installed via JavaScript files. Some attacks that were made public last week include Healthcare organization CommonSpirit who admitted a ransomware attack, while Taiwanese chip maker ADATA denies they suffered a recent attack by RansomHouse and says the data is being recirculated from a 2021 breach by RagnarLocker.