Tuesday, June 15, 2021

Overview of security incidents for the period 1-7 May 2021

A brief overview of the main events in the world of information security for the week

Overview of security incidents for the period 1-7 May 2021

Fraudsters copied the voices of the heads of companies in which their victims work. An unknown person withdrew $ 30 million from the Spartan protocol. Iranian hackers threatened to publish hundreds of GB of data from the Israeli companies, and a Russian nuclear submarine developer was cyber-attacked – about these and other events for the period from 1 to 7 May 2021 read our review.

Cybercriminals have launched a massive phishing campaign against organizations from a wide variety of industries in countries around the world using new malware. According to experts from the Mandiant company, the attacks affected at least 50 organizations. The UNC2529 group behind the malicious campaign used special phishing lures to infect victims’ computers with three new malicious programs.

Much of the Belgian government’s IT network was shut down in a massive DDoS attack, rendering its internal systems and public sites inaccessible. The attack affected the state-funded Internet service provider Belnet, which is used by government agencies, including parliament, educational institutions, ministries and research centres. The incident affected the work of more than 200 organizations.

Technical details and a PoC code for exploiting a dangerous vulnerability ( CVE-2021-28482 ) in Microsoft Exchange servers have appeared on the net. Exploiting the issue allows remote attackers to execute code on vulnerable devices. Technical details published by security researcher Nguyen Janga. The cybersecurity specialist also published a demo PoC exploit written in Python on GitHub.

Qihoo 360 Netlab, China’s security team, discovered Linux malware that went unnoticed for three years. The RotaJakiro backdoor was discovered in the course of analyzing suspicious traffic from one of the system processes identified during the analysis of the structure of the botnet used for the DDoS attack.

Iranian cybercriminal group N3tw0rm has attacked the computer networks of the Israeli branch of the international clothing chain H&M and threatened to release customer data. Hackers threaten to release 110GB of H&M Israel data if the ransom is not paid. The hackers also reported hacking into the computer systems of the Israeli company Veritas Logistics. The criminals stole 9 GB of information from the company’s customers.

A cybercriminal group allegedly working for the Chinese government attacked a Russian defence enterprise that develops nuclear submarines for the Russian Navy. A phishing email sent by cybercriminals to the CEO of the St. Petersburg design bureau Rubin used the Royal Road RTF exploit tool to deliver a previously unknown Windows backdoor called PortDoor to the attacked system.

Glovo, Spanish food and non-food delivery service, has been hacked . The hacker gained access to the credentials of customers and couriers and sold this information on the Web. Upon learning of the hack, the startup’s management stopped the attacker and “took additional security measures.”

A ransomware group attacked the American non-profit organization Midwest Transplant Network, as a result of which a data leak occurred, affecting more than 17 thousand people.

A student’s reluctance to pay for licensed software led to the infection of an entire research institute’s computer networks with the ransomware Ryuk and the loss of several weeks of critical research work. The affected organization turned to Sophos for help, and the company’s specialists were able to find out how the ransomware penetrated its computer networks. The name of the institute was not disclosed, but it is known that it is engaged in research on COVID-19.

An attacker attacked the Spartan Protocol decentralized financing project operating on the Binance Smart Chain (BSC) and removed about $ 30 million from its liquidity pools. The cybercriminal reportedly used an exploit aimed at “miscalculating the liquidity share” in the SPARTA / WBNB liquidity pool, which allowed the attacker to withdraw funds.

The number of voice copying tool scammers is on the rise. Criminals have a variety of AI training materials, including audio clips, podcasts, and online presentations. 45 minutes of audio material is enough for the technology to learn to imitate a voice. According to experts from the information security firm Secure Anchor, in just the last four months the number of such incidents has increased by 60%. 17 companies lost an average of $ 175,000 due to voice copying fraud, and in one case hackers gained access to enterprise IT systems.

See how to protect yourself here

 Catch up on more stories here

Latest news

Related news

- Advertisement -spot_img