CyberSec Roundup – 12th October, 2020

CyberSec Roundup
A synopsis of the latest Cybersecurity News

 

Big Week for Ransomware Attacks

Software AG, a German IT company had its internal servers compromised by the Clop ransomware group. A $23 million ransom has been demanded under threat of release. This includes employee information and other sensitive data.

Tyler Technologies paid the group behind the RansomExx an undisclosed amount for the decryption key for their data. The company does business with much of the US public sector and likely paid to prevent any related information from leaking.

University Hospital New Jersey paid a $670,000 ransom to the group behind the SunCrypt ransomware. This was to prevent the group from disclosing stolen data, which included patient information. The hospital’s network was infiltrated due an employee who disclosed their network credentials as part of a phishing scam.

Speaking of Phishing

There is a phishing campaign claiming to have insider information with regards to President Donald Trump’s COVID-19 diagnosis. The email has a link to the BazarLoader trojan which will give the attacker remote access to the infected machine.

In some good news, Microsoft has implemented consent phishing protections for Office 365. These will help to protect users from phishing attacks which attempt to trick them to providing their Office 365 passwords to bad actors.

Hacker Activity

The US Census Bureau was targeted over the last year by hackers, who tried to gain unauthorized access to their network. This is according to the Department of Homeland Security, as they disclosed in their Homeland Threat Assessment report. The identity of the hackers is unknown; however it is believed that they are domestic and internationally supported hackers behind the attempts.

And finally, an unknown hacking group has managed to use the Windows Error Reporting Service in a new fileless attack technique, according to Malwarebytes security researchers. The victim would have downloaded a phishing documents, which when opened runs a version of the malicious CactusTorch macro to launch the fileless attack.  An embedded shellcode is injected into a the WerFault.exe process. The shellcode is then instructed to download more malware via a hardcoded domain. However, this domain is currently down.

 

By: David Pinder
IT & Security Consultant
Certified Ethical Hacker

In Cyber News
Share this post? Twitter Facebook Google+
Next Post

Recent Posts

CyberSec Roundup – 10th September, 2024

September 10, 2024

CyberSec Roundup – 24th October, 2022

CyberSec Roundup – 17th October, 2022

×

Hello!

Glad to see you here, You can directly contact us on WhatsApp. We would are happy to assist you!

× Whatsapp Us