Hey Habr! Today we want to talk about new cyber attacks that have recently been discovered by our cyber defense think tanks. Under the cut is a story about a major loss of data by a silicon chip manufacturer, a story about a network shutdown in an entire city, a little bit about the dangers of Google notifications, statistics about hacking the US medical system, and a link to the Acronis YouTube channel.
In addition to protecting your data directly, we at Acronis also monitor threats, develop patches for new vulnerabilities, and prepare security recommendations for various systems. For this, a global network of Acronis Cyber ββProtection Operations Centers (CPOCs) security centers was recently created. These centers constantly analyze traffic to detect new types of malware, viruses and cryptojacking.
Today we want to talk about the results of CPOCs, which are now regularly published on the Acronis YouTube channel. And here are the 5 hottest news about incidents that could have been avoided with at least basic protection against ransomware and phishing.
Black Kingdom ransomware learns how to compromise Pulse VPN users
VPN provider Pulse Secure, on which 80% of Fortune 500 companies rely, has been the victim of ransomware attacks from the Black Kingdom family. They exploit a system vulnerability that allows them to read the file and extract account information from it. After that, the stolen login and password are used to access the compromised network.
Although Pulse Secure has already released a patch to address this vulnerability, companies that have not yet installed the patch are at increased risk.
However, as tests have shown, solutions that use artificial intelligence to detect threats, such as Acronis Active Protection, do not allow Black Kingdom to infect end-user computers. So if the company has such protection or a system with a built-in update control mechanism (for example, Acronis Cyber ββProtect), you don't have to worry about Black Kingdom.
Ransomware attack on Knoxville led to a network outage
On June 12, 2020, a massive ransomware attack was carried out on the city of Knoxville (USA, Tennessee), which led to the shutdown of computer networks. Including law enforcement officers have lost the ability to respond to incidents with the exception of emergency cases and a threat to people's lives. And even a few days after the attack ended, an announcement was still posted on the city's website stating that online services were unavailable.
An initial investigation determined that the attack was the result of a large-scale phishing attack that sent fake emails to city employees. This used ransomware such as Maze, DoppelPaymer or NetWalker. As in the previous example, if the city authorities used Ransomware countermeasures, such an attack would be impossible to pull off, because AI protection systems instantly detect variants of ransomware used.
MaxLinear Reported a Maze Attack and Data Leak
The manufacturer of integrated systems-on-a-chip, MaxLinear, confirmed that the company's networks were attacked by the Maze ransomware. Approximately 1Tb of data was stolen, including personal data as well as employee financial information. The organizers of the attack have already published 10 GB of this data.
As a result, MaxLinear had to take all of the company's networks offline and hire consultants to investigate. Let's repeat this attack as an example: Maze is a fairly well-known and well-recognized version of the ransomware. In the case of using protection systems from Ransomware MaxLinear, it would be possible to save a lot of money, as well as avoid damage to the company's reputation.
Malware "leaked" through fake Google Alerts notifications
Attackers have begun using Google Alerts to send out fake data breach alerts. As a result, terrified users went to fake sites and downloaded malware in the hope of βfixing the problemβ when they received alarm messages.
Malicious notifications work in Chrome and Firefox. However, URL filtering services, including Acronis Cyber ββProtect, prevented users on secure networks from following infected links.
The US Department of Health reported 393 HIPAA safety violations in the past year.
The US Department of Health and Human Services (HHS) reported 393 breaches of sensitive patient health information that resulted in violations of the Health Insurance Portability and Accountability Act (HIPAA) requirements between June 2019 and June 2020. Including 142 incidents were the result of phishing attacks on District Medical Group and Marinette Wisconsin, from which 10190 and 27137 electronic medical records were leaked, respectively.
Unfortunately, practice has shown that even specially trained and prepared users who have been repeatedly explained about the inadmissibility of clicking on links or opening attachments from suspicious emails can become victims. And without automated systems for blocking suspicious activity and URL filtering to prevent redirection to fake sites, it is very difficult to defend against sophisticated attacks that use very good pretexts, plausible mailboxes, and a high level of social engineering.
If you are interested in news about the latest threats, you can subscribe to the Acronis YouTube channel, where we talk about the latest CPOC monitoring results in near real time. You can also subscribe to our blog on Habr.com, because we will broadcast here the most interesting updates and research results.
Only registered users can participate in the survey. , you are welcome.
Have you received very plausible phishing emails in the past year?
-
33,3%Yes7
-
66,7%No14
21 users voted. 6 users abstained.
Source: habr.com