News – July 2021


  • Understanding REvil: The Ransomware Gang Behind the Kaseya Attack

    July 6, 2021

    REvil has emerged as one of the world’s most notorious ransomware operators. In just the past month, it extracted an $11 million payment from the U.S. subsidiary of the world’s largest meatpacking company based in Brazil, demanded $5 million from a Brazilian medical diagnostics company and launched a large-scale attack on dozens, perhaps hundreds, of ...

  • US warns of action against ransomware gangs if Russia refuses

    July 6, 2021

    White House Press Secretary Jen Psaki says that the US will take action against cybercriminal groups from Russia if the Russian government refuses to do so. Psaki added that the recent REvil ransomware attack on Florida-based IT company Kaseya is not yet attributed to anyone, specifically not to the Russian government. Read more… Source: Bleeping Computer  

  • REvil ransomware asks $70 million to decrypt all Kaseya attack victims

    July 5, 2021

    REvil ransomware has set a price for decrypting all systems locked during the Kaseya supply-chain attack. The gang wants $70 million in Bitcoin for the tool that allows all affected businesses to recover their files. The attack on Friday propagated through Kaseya VSA cloud-based solution used by managed service providers (MSPs) to monitor customer systems and ...

  • The Aviation Industry Needs to Move Towards Cyber Resilience

    July 5, 2021

    2021 is a significant year for aviation. It marks the 20th anniversary of the 9/11 attacks, the worst acts of unlawful interference in the history of aviation. It is also the Year of Security Culture for the ICAO community, which aims to enhance security awareness and foster a security culture throughout the industry. The importance ...

  • CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack

    July 4, 2021

    CISA and the Federal Bureau of Investigation (FBI) continue to respond to the recent supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple managed service providers (MSPs) and their customers. CISA and FBI strongly urge affected MSPs and their customers to follow the guidance below. CISA and FBI recommend affected MSPs: Download the Kaseya ...

  • Kaseya was fixing zero-day just as REvil ransomware sprung their attack

    July 4, 2021

    The zero-day vulnerability used to breach on-premise Kaseya VSA servers was in the process of being fixed, just as the REvil ransomware gang used it to perform a massive Friday attack. The vulnerability had been previously disclosed to Kaseya by security researchers from the Dutch Institute for Vulnerability Disclosure (DIVD), and Kaseya was validating the patch ...

  • US chemical distributor shares info on DarkSide ransomware data theft

    July 3, 2021

    World-leading chemical distribution company Brenntag has shared additional info on what data was stolen from its network by DarkSide ransomware operators during an attack from late April 2021 that targeted its North America division. Brenntag is the second largest in sales for North America, according to the ICIS report on the Top 100 Chemical Distributors worldwide. The ...

  • Microsoft confirms presence of PrintNightmare vulnerable code in all versions of Windows

    July 2, 2021

    Microsoft has assigned CVE-2021-34527 to the print spooler remote code execution vulnerability known as “PrintNightmare” and confirmed that the offending code is lurking in all versions of Windows. The megacorp said it was still investigating whether the vulnerability was exploitable in every version, but domain controllers are indeed affected. Microsoft also confirmed that this nasty was distinct ...

  • CISA: Kaseya VSA Supply-Chain Ransomware Attack

    July 2, 2021

    CISA is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software. CISA encourages organizations to review the Kaseya advisory and immediately follow their guidance to shutdown VSA servers. Source: Cybersecurity and Infrastructure Security Agency KASEYA VSA Important Notice July 2nd, 2021 KASEYA VSA ...

  • Why Healthcare Keeps Falling Prey to Ransomware and Other Cyberattacks

    July 2, 2021

    The healthcare industry is under attack like never before. What started as a surge in criminal activity during the early days of the coronavirus pandemic has now metastasized into a full-blown crisis within the healthcare industry worldwide. The recent disruptive ransomware attacks on Scripps Health in San Diego, Ireland’s national health service and Waikato hospitals in ...

  • TrickBot Spruces Up Its Banking Trojan Module

    July 2, 2021

    The TrickBot trojan is adding man-in-the-browser (MitB) capabilities for stealing online banking credentials that resemble Zeus, the early banking trojan, researchers said — potentially signaling a coming onslaught of fraud attacks. TrickBot is a sophisticated (and common) modular threat known for stealing credentials and delivering a range of follow-on ransomware and other malware. But it started ...

  • Australian Cyber Security Centre Annual Cyber Threat Report 2020-21

    July 1, 2021

    The ACSC Annual Cyber Threat Report 2020–21 has been produced by the Australian Cyber Security Centre, with contributions from the Defence Intelligence Organisation (DIO), Australian Criminal Intelligence Commission (ACIC), Australian Security Intelligence Organisation (ASIO), The Department of Home Affairs and industry partners. The report covers the financial year from 1 July 2020 to 30 June 2021. ...

  • NSA, Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaign

    July 1, 2021

    FORT MEADE, Md. – The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the UK’s National Cyber Security Centre (NCSC) released a Cybersecurity Advisory today exposing malicious cyber activities by Russian military intelligence against U.S. and global organizations, starting from mid-2019 and likely ongoing. This advisory is ...

  • Network Attack Trends: February-April 2021

    July 1, 2021

    Unit 42 researchers observed network attack trends, February-April 2021. In the following sections, we present our analysis of the most recently published vulnerabilities, including the severity and category. Additionally, we provide insight into how the vulnerabilities are actively exploited in the wild based on real-world data collected from Palo Alto Networks Next-Generation Firewalls. We then ...

  • PurpleFox Using WPAD to Target Indonesian Users

    July 1, 2021

    In September 2020, we published a blog describing how the PurpleFox Exploit Kit used Cloudflare services to maintain an infrastructure resilient to blocking and detection attempts. Since then, PurpleFox has been maintaining this strategy while at same time improving its attack chain by incorporating the latest public vulnerabilities into its arsenal. Recently, we found that PurpleFox ...