Hello and welcome back to GlobalSign’s weekly news round-up.
After several weeks of relative quiet in terms of new attacks, this week was marked by an uptick in new incidents. One of the biggest being the $600 million dollar hack at decentralized finance platform Poly Network. Fortunately, within a few days the responsible party began returning the money because they only hacked Poly "for fun." The attacker executed the hack by exploiting a flaw in Poly Network’s code to steal the funds. The company pleaded with the hacker to return the money and, remarkably, their wish was granted. As of Thursday morning, $342 million worth of assets had been returned.
Another big name in the news this week was massive IT consulting firm Accenture which was impacted by a LockBit ransomware attack midweek. Fortunately, the company was able to fully restore certain affected systems within a day. In a statement Accenture said that it had “identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers.”
CNBC reporter Eamon Javers provided more details on his Twitter account. According to Javers, the hackers posted on the dark Web that “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases, reach us.”
Also, on Monday it was reported that Taiwan-based Gigabyte suffered a ransomware attack between August 3rd and August 4th. According to Bleeping Computer sources, the extortion gang RansomEXX claimed to have stolen 112GB of sensitive internal data as well as info from a code repository. This includes Intel and AMD chip information as well as a debug document. The breach is known to have affected both the Gigabyte support page and parts of the Taiwanese page.
Meantime, Microsoft was focused on rolling out its August patch Tuesday update. It addressed two additional security issues within Windows Print Spooler. In total, Microsoft's August security update covers 44 vulnerabilities, with seven rated critical. The new Windows Print Spooler flaws are CVE-2021-36947 and the zero-day CVE-2021-36936. They are related to the family of vulnerabilities collectively known as PrintNightmare, which were first made public in early July. The patches are crucial and if not done, things could really become nightmarish according to this article from Cybersecurity Drive.
Finally, Bleeping Computer reported that the universal decryption key for REvil's attack on Kaseya's customers last month has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key. The attack on managed service providers was vast and went global. It was executed by exploiting a zero-day vulnerability in the Kaseya VSA remote management application. This attack encrypted approximately sixty managed service providers and an estimated 1,500 businesses, making it possibly the largest ransomware attack in history. Scroll down to read the full story.
That’s a wrap for this week. Wishing everyone a cybersafe weekend!
Top Global Security News
Bleeping Computer (August 11, 2021) Hacker behind biggest cryptocurrency heist ever returns stolen funds
"The threat actor who hacked Poly Network's cross-chain interoperability protocol yesterday to steal over $600 million worth of cryptocurrency assets is now returning the stolen funds.
As the Chinese decentralized finance (DeFi) platform Poly Network shared two hours ago, the hacker has already returned almost $260 million worth of stolen cryptocurrency. In total, the attacker has transferred back $256 million Binance Smart Chain (BSC) tokens, $3.3 million in Ethereum tokens, and $1 million in USD Coin (USDC) on the Polygon network.
To send back all the stolen funds, the hacker still has to return another $269 million on Ethereum and $84 million on Polygon."
CRN (August 11, 2021) Accenture Hit By Ransomware Attack, Latest Victim Of ‘Cyber-Pandemic’
"Accenture on Wednesday confirmed that it was hit by a ransomware attack, with a hacker group using the LockBit ransomware reportedly threatening to release the company’s data and sell insider information.
CNBC reporter Eamon Javers Wednesday first broke the news about the attack in a tweet, writing that the hacker group in a post on the Dark Web wrote, 'These people patches are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases, reach us.'
Accenture, in an emailed response to a request for information from CRN, confirmed the ransomware attack, but said there was no impact on the company."
Bleeping Computer (August 11, 2021) Kaseya's universal REvil decryption key leaked on a hacking forum
"The universal decryption key for REvil's attack on Kaseya's customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key.
On July 2nd, the REvil ransomware gang launched a massive attack on managed service providers worldwide by exploiting a zero-day vulnerability in the Kaseya VSA remote management application.
This attack encrypted approximately sixty managed service providers and an estimated 1,500 businesses, making it possibly the largest ransomware attack in history."
DataBreach Today (August 11, 2021) Microsoft Patches 3 Zero-Day Vulnerabilities
"Microsoft's Patch Tuesday rollout addressed two additional security issues within Windows Print Spooler, including one zero day.
Microsoft's August security update covers 44 vulnerabilities, with seven rated critical. In July, the company's update included patches for 117 vulnerabilities.
The new Windows Print Spooler flaws are CVE-2021-36947 and the zero-day CVE-2021-36936. They are related to the family of vulnerabilities collectively known as PrintNightmare, which were first made public in early July. Microsoft rates the first two vulnerabilities as 'exploitation more likely,' and the third vulnerability as having been publicly disclosed, says Satnam Narang, staff research engineer at Tenable.
Microsoft's Security Response Center also published guidance on PrintNightmare, noting its investigation into the problems found the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks."
The Verge (August 9, 2021) Hackers reportedly threaten to leak data from Gigabyte ransomware attack
"Gigabyte has been the victim of a cyberattack, which was reportedly the work of a ransomware outfit called RansomEXX. According to The Record, the attack didn’t have an impact on any of the company’s production systems, but it did affect some internal servers. Currently, some parts of Gigabyte’s website, including its support section, are down, giving customers issues when trying to access warranty repair information and updates. The hackers who claim to have carried out the attack are reportedly threatening to release data from the company, including confidential documents from Intel, AMD, and American Megatrends."
Other Industry News
Phishing sites targeting scammers and thieves – Krebs on Security
Average Ransomware Payment Hits $570,000 in H1 2021 - Dark Reading
Six months on from Brexit, how has it affected the IT industry? - BetaNews
Conti ransomware affiliate goes rogue, leaks “gang data” – NakedSecurity by Sophos
‘Nothing is a standalone device’: How a complex ecosystem leaves medical security in flux – SC Media
Spotlight: the payments framework in Mexico - Lexology
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.