Colonial Pipeline paid close to $5 million to the ransomware group that committed a cyberattack against the company and locked its systems. The fuel giant’s systems have been affected for 1 week. The company experienced a ransomware attack on May 7 that forced the company to freeze its IT systems and temporarily close down its operations. The payment was made in cryptocurrency to DarkSide malware operators to restore the affected systems. Since the decryptor was very slow, backups were also required in restoration efforts.
DarkSide is a ransomware-as-a-service (RaaS) outfit that provides the ransomware variant to signed up affiliates in exchange for a share in their future profits gained in a malicious way. Affiliates may also steal corporate files during attacks so that when a victim refuses to pay a ransom, it faces the risk of facing data leaks. The amount of remuneration provided to developers of DarkSide ranges between 10% and 25% of the ransom depending on the total sum paid.
The nasty remote trojan is targeting businesses representing the aviation, travel, and cargo sectors of the economy. According to Microsoft, the remote access tool dubbed RevengeRAT has been used to target companies via spear-phishing emails. The malicious software has been distributed through carefully crafted emails containing masqueraded Adobe PDF files in the attachment and when the email is opened, the download of a malicious visual basic file takes place.
The loader that then delivers RevengeRAT is distributed via phishing emails. According to the security firm Morphisec, the loader also delivers the RAT Agent Tesla. The malicious campaign uses emails resembling the ones distributed by legitimate organizations. An embedded link is included in an image posing as a PDF file. The malicious VBScript is then downloaded and the RAT payloads are dropped.
The detected vulnerability has been affecting Windows and Mac versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017. The cyberattacks have been targeting Adobe Reader users on Windows. The successful exploitation of the security flaw tracked as CVE-2021-28550 could lead to remote code execution.
According to Digital Shadows senior cyber threat intel analyst Sean Nikkel, various nation-state actors, as well as criminal actors, actively use malicious PDF files taking into account the ubiquity of Adobe products that are used both in private and public sectors. Malicious actors have historically used phishing emails containing PDF attachments to make users open and download files. In some other cases, cybercriminals create malicious websites hosting weaponized PDF files. The increase in the number of such attacks is likely to be attributable to remote work.
Apple’s “Find My” function helps users to track their iOS and macOS devices. However, it can also be exploited to transfer data without using the Internet to and from random passing devices. The security researcher Fabian Bräunlein used a microcontroller and custom MacOS app capable of broadcasting data from one device to another through Bluetooth Low Energy. When the receiving device is connected to the Internet, the collected data can be forwarded to the Apple iCloud server controlled by an attacker. The security researcher named the method “Send My”.
Apple cannot fully prevent the misuse of the “Find My” function in this way. The release of Apple AirTags inspired Fabian Bräunlein to conduct the research. The previous research carried out by the team with the Technical University of Darmstadt in Germany was also leveraged by Fabian.
The 5G networks are facing significant risks such as the inadequate implementation of telecom standards, weaknesses in system architecture, and supply chain threats that make them a lucrative target for individual and nation-backed cybercriminals. On Monday, the U.S. National Security Agency published the analysis identifying and estimating risks and vulnerabilities related to the adoption of 5G technologies. The research was carried out in cooperation with the Office of the Director of National Intelligence (ODNI) and the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA).
According to the report, adversarial nations make contributions to the development of such technical standards that may cause the adoption of untrusted proprietary technologies and equipment that can be hardly updated, repaired, or replaced. Also, the report contains information on the issues associated with the optional security controls that are baked into telecommunication protocols. If network operators do not implement these controls, they create favourable conditions under which cyberattacks can take place. Unless weaknesses in the system architecture are early detected, the exploitation of new vulnerabilities may significantly increase the negative impact of cyberattacks on organizations and users.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.