News – September 2021


  • The state of ransomware: national emergencies and million-dollar blackmail

    September 14, 2021

    Banks have been “disproportionately affected” by a surge in ransomware attacks, clocking a 1,318% increase year-on-year in 2021. Ransomware has become one of the most well-known and prevalent threats against the enterprise today. This year alone, we have seen high-profile cases of ransomware infection — including against Colonial Pipeline, Kaseya, and Ireland’s health service — cause ...

  • Hacker-made Linux Cobalt Strike beacon used in ongoing attacks

    September 14, 2021

    An unofficial Cobalt Strike Beacon Linux version made by unknown threat actors from scratch has been spotted by security researchers while actively used in attacks targeting organizations worldwide. Cobalt Strike is a legitimate penetration testing tool designed as an attack framework for red teams (groups of security professionals who act as attackers on their own org’s ...

  • Pair of Google Chrome Zero-Day Bugs Actively Exploited

    September 14, 2021

    Google has addressed two zero-day security bugs that are being actively exploited in the wild. As part of the internet giant’s latest stable channel release (version 93.0.4577.82 for Windows, Mac and Linux), it fixed 11 total vulnerabilities, all of them rated high-severity. The two zero days are tracked as CVE-2021-30632 and CVE-2021-30633. “Google is aware that exploits ...

  • Apple rushes to block ‘zero-click’ iPhone spyware

    September 14, 2021

    Apple has issued a software patch to block so-called “zero-click” spyware that could infect iPhones and iPads. Independent researchers identified the flaw, which lets hackers access devices through the iMessage service even if users do not click on a link or file. The problem affects all of the technology giant’s operating systems, the researchers said. Read more… Source: BBC ...

  • Incident response analyst report 2020

    September 13, 2021

    The Incident response analyst report provides insights into incident investigation services conducted by Kaspersky in 2020. We deliver a range of services to help organizations when they are in need: incident response, digital forensics and malware analysis. Data in the report comes from our daily practices with organizations seeking assistance with full-blown incident response or ...

  • Brazil debates creation of national strategy to tackle cybercrime

    September 13, 2021

    Amid growing concerns about increasing threats in the cybersecurity space, the Brazilian government and the banking sector are discussing the creation of a strategy to address crime in digital environments. The president at the Brazilian Federation of Banks (FEBRABAN), Isaac Sidney, and the Minister of Justice and Public Security, Anderson Torres, have started negotiations for the ...

  • Cybersecurity: Rising risk for airlines

    September 13, 2021

    After remaking their security procedures following the 9/11 attacks to stop airline hijackings, carriers are now faced with rising threats targeting computers and electronic equipment critical to their operations and safety. Since the tragedy 20 years ago on Saturday, airlines and airports have fortified cockpits, barred sharp objects in carry-on luggage and improved technology to ...

  • APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs

    September 13, 2021

    In 2019, Trend Micro researchers wrote a blog entry about a threat actor, likely based in Colombia, targeting entities in Colombia and other South American countries with spam emails. This threat actor is sometimes referred to as APT-C-36 or Blind Eagle. Since then, we have continued tracking this threat actor. In this blog entry, we ...

  • BlackMatter ransomware hits medical technology giant Olympus

    September 13, 2021

    Olympus, a leading medical technology company, is investigating a “potential cybersecurity incident” that impacted some of its EMEA (Europe, Middle East, Africa) IT systems last week. Olympus has more than 31,000 employees worldwide and over 100 years of history developing for the medical, life sciences, and industrial equipment industries. The company’s camera, audio recorder, and binocular divisions ...

  • Windows MSHTML zero-day exploits shared on hacking forums

    September 12, 2021

    Threat actors are sharing Windows MSHTML zero-day (CVE-2021-40444) tutorials and exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks. Last Tuesday, Microsoft disclosed a new zero-day vulnerability in Windows MSHTML that allows threat actors to create malicious documents, including Office and RTF docs, to execute commands on a ...

  • REvil ransomware is back in full attack mode and leaking data

    September 11, 2021

    The REvil ransomware gang has fully returned and is once again attacking new victims and publishing stolen files on a data leak site. Since 2019, the REvil ransomware operation, aka Sodinokibi, has been conducting attacks on organizations worldwide where they demand million-dollar ransoms to receive a decryption key and prevent the leaking of stolen files. While in ...

  • Ransomware groups continue assault on healthcare orgs as COVID-19 infections increase

    September 11, 2021

    Ransomware groups have shown no signs of slowing down their assault on hospitals, seemingly ramping up attacks on healthcare institutions as dozens of countries deal with a new wave of COVID-19 infections thanks to the potent Delta variant. Vice Society, one of the newer ransomware groups, debuted in June and made a name for themselves by ...

  • Stolen Credentials Led to Data Theft at United Nations

    September 10, 2021

    A threat actor used stolen credentials from a United Nations employee to breach parts of the UN’s network in April and steal critical data, a spokesman for the intergovernmental organization has confirmed. That data lifted from the network can be used to target agencies within the UN, which already has experienced and responded to “further attacks” ...

  • SOVA, Worryingly Sophisticated Android Trojan, Takes Flight

    September 10, 2021

    A new Android banking trojan named SOVA (“owl” in Russian) is under active development, researchers said, and it has big dreams even in its infancy stage. The malware is looking to incorporate distributed denial of service (DDoS), man in the middle (MiTM) and ransomware functionality into its arsenal – on top of existing banking overlay, ...

  • Ukrainian man extradited to the US to face botnet, data theft charges

    September 10, 2021

    A Ukrainian man was arrested in Poland and extradited to the US to face charges as an alleged botnet operator. The US Department of Justice (DoJ) said this week that Glib Oleksandr Ivanov-Tolpintsev was taken into custody in Korczowa, Poland, on October 3 last year. As the US and Poland have an extradition treaty, the 28-year-old was ...