BlackCat ransomware hits again, a huge DDoS attack and security updates issued.
Welcome to Cyber Security Today. Wednesday June 15, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
There’s lots of news today about the BlackCat ransomware strain, also called AlphV.
First, in a background blog issued this week about the strain, Microsoft noted that one attack started by taking advantage of an unpatched Exchange server to compromise an organization. After getting inside the attacker collected operating system and network information to find domain computers, domain controllers and administrators. Then they found a password folder that gave access to account credentials. The attacker was able to steal and threaten the release of intellectual property in addition to encrypting data and demanding a ransom for decryption keys. This is another example of why IT and security teams have to patch critical applications as soon as security updates are available. The attacker was in the network for two weeks before the ransomware was deployed, which also shows why constant network monitoring for suspicious activity is vital.
Separately, an Italian news site called CyberSecurity360 reported the AlphV gang is demanding the equivalent of $4.5 million from the University of Pisa after a ransomware attack there. The gang is already publishing what is says is stolen data as proof of the hack. Payment has to be made by this Friday or the ransom will be hiked.
Meanwhile Canadian-based cyber threat analyst Brett Callow of Emsisoft has tweeted that the AlphV gang has added another pressure tactic: It’s created a site on the open internet where employees and customers of victim organizations can check if their personal information has been copied by the gang. Presumably the gang is using stolen email addresses to message people it thinks are impacted. The idea is they will pressure their employer or partner firm to give in to the crooks’ demands. Callow notes other criminal gangs are doing the same. For those who don’t recall, the BlackCat/AlphV gang is a re-branding of the Darkside and BlackMatter gangs.
Data theft, encryption and erasure are only three of the worries of IT security teams. A distributed denial of service attack that knocks websites offline is also a weapon of some threat actors. The latest example is a huge attack described this week on a customer of Cloudflare, which provides technology to blunt such attacks. The attacker’s network of compromised devices fired 26 million requests per second at the unnamed organization. That’s a record. DDoS attacks can be used for harassment or to divert IT teams from a hacking attack going on elsewhere on their network. Depending on your organization’s risk profile it may need to subscribe to a DDoS mitigation service. Certainly every IT department and security team needs to keep all corporate-managed computers and devices secure with patches and multifactor authentication so they can’t be leveraged by threat actors to launch denial of service attacks.
Finally, Microsoft has issued a security update for a Windows vulnerability called Follina that affects a number of versions of the operating system and Microsoft Office. The update was issued yesterday as part of the monthly Patch Tuesday fixes. It is estimated some 50 vulnerabilities were fixed. In addition, Adobe released patches for Animate, Bridge, Illustrator, InCopy, InDesign and RoboHelp Server. Google issued updates for the Chrome browser. So did industrial equipment makers Siemens and Schneider Electric. Although some of these patches may be installed automatically corporate and personal users of these applications should ensure their systems are up to date.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.