Weekly News Digest #41

Warning issued by FBI and NSA of the ongoing brute force hacking campaign linked to Russian military

The brute force password-hacking campaign is actively targeting organizations in the USA and Europe since mid-2019. According to National Security, the FBI, and the Department of Homeland Security, the campaign is led by the Russian military intelligence that is tied to the Fancy Bear group. The campaign is likely to be an element of the broader effort from the side of Russia’s GRU and 85th GTsSS aimed at obtaining the massive amount of information belonging to sensitive targets. 

Malicious actors are actively using the brute force attack techniques by initiating repeated login attempts to uncover valid account credentials, usernames, and passwords. The list of targeted organizations includes energy and logistics companies, military defense contractors, think tanks, law firms, universities, and media outlets. To scale brute force attempts, the Russian malicious actors leveraged Kubernetes software containers. They also routed the attacks through TOR and commercial VPN services to evade detection. 

Read more

Free decryption key allows Lorenz ransomware attack victims to recover their files

The decryptor is the 120th ransomware decryption tool released for free within the scope of Europol’s No More Ransom project. Now, the victims of Lorenz ransomware can decrypt their files for free. Due to the bug in the ransomware’s code, even the victims who paid ransom could not recover their files. That is why the release of this decryption key is so important. The decryption key has been engineered by researchers from the Dutch cybersecurity company Tesorion and thanks to the No More Ransom project, it’s now available to all victims. 

No More Ransom is a joint project carried out by law enforcement agencies including Europol’s European Cybercrime Centre and its European partners. The main goal of this project is to disrupt malicious ransomware groups by allowing victims to decrypt their files without paying any ransom. The project has been helping the victims of ransomware attacks since 2016. Lorenz ransomware appeared in April 2021 and since then has actively targeted organizations worldwide. 

Read more

DDoS Activity is Surging in 2021

DDoS attacks are increasing in volume and becoming more sophisticated. The prediction regarding the potential surge in DDoS activity in 2021 made in 2H2020 Threat Intelligence Report has been correct. According to the information provided by NETSCOUT’s ATLAS Security Engineering & Response Team (ASERT), in the first quarter of 2021, there has been a 31% increase in the number of committed DDoS attacks compared to the same period in 2020. In total, 2.9 million DDoS attacks were launched in the first quarter of 2021. Although the first months of the year are mostly associated with the lowest number of initiated DDoS attacks, the global community saw 972,000 attacks initiated in January 2021, the biggest number of attacks committed within a month ever.

The top attack type in the first quarter of 2021 was UPD (all 30+ UDP Reflection/Amplification DDoS Vectors tracked). The max size of the attack recorded for this period was 480 Gbps and the max throughout equalled 675 Mpps. There were no massive terabit attacks observed and, thus, the attack size remained relatively flat. However, attackers are actively launching faster and difficult-to-mitigate attacks. The most affected industries are healthcare, eCommerce, and education. 

Read more

The damage to the Ireland health system caused by ransomware attacks equals $600 mln

The Ireland Health Service Executive (HSE) experienced a ransomware attack more than 6 weeks ago and now it is operating under electronic health record (EHR) downtime procedures and is experiencing continued care disruptions. In its June 28 update, the HSE mentioned the importance of investments in comprehensive network monitoring for any malware. It also warned patients about potential care delays and recommended them to bring any health information that may be helpful to support their care. 

According to the projections made by the HSE Director General Paul Reid, the total costs of the recovery and related procedures may exceed $600 mln. The current ongoing recovery needs are estimated to equal $120 mln and these costs are required to hire external technical leaders. The remaining sum will be allocated to replace and upgrade systems crippled by ransomware. The HSE is also going to establish a special security operation centre to prevent future threats

Read more 

Fake gadgets are sent by scammers to steal money

The popularity of major cryptocurrencies like Bitcoin has exploded dramatically fo the last few years. However, like any other asset, a cryptocurrency needs to be somewhere stored. To this end, users may either use the services provided by online companies or purchase special hardware to keep all the details and credentials. Users often use special digital keys to protect their crypto assets. These digital keys, in most cases, are no bigger than a USB drive. Malicious actors have noticed this pattern.

Scammers are actively targeting crypto enthusiasts who use Ledger’s Nano S and Nano X devices to steal their wallets. The criminal actors are sending fake devices to users mentioning that their current devices are not secure. As soon as a user plugs a fake device into the systems, cybercriminals get the chance to steal the content of the user’s wallets. Ledger has already distributed more than 1.5 mln devices and that is why they have become so attractive for malicious actors. Last year, Ledger experienced a data breach resulting in the compromise of customers’ data including 1 mln email addresses. Scammers use this information for malicious purposes. 

Read more