Hello and welcome to GlobalSign’s weekly news post!
We’ve seen some very big players in the bullseye recently. Now, one of the most reputable cybersecurity companies in the world, FireEye, has acknowledged that it had been the victim of a breach. Not only that, the attackers made off with some of its tools. The Washington Post reported on Tuesday that a notorious group of hackers, APT 29 or Cozy Bear – attributed to Russia’s SVR foreign intelligence service – are responsible. The admission is shocking, but let’s not forget that many other well-known companies have been victims of attacks this year: Twitter, Garmin, and Magellan Health to name just a few.
The attack on FireEye may be retaliation for the company’s previous reports calling out Russian bad actors. For example, in its investigation of the 2015 power grid attacks in the Ukraine, FireEye tied the hacking group Sandworm to Unit 74455 of Russia’s GRU military intelligence agency. FireEye also was the first cybersecurity provider to offer evidence of hackers sabotaging the 2018 Winter Olympics, also tied to the GRU military agency.
Another technology player impacted by a hack in the last week is FoxConn. Best known for its work as an Apple supplier, the company was target by ransomware and a demand of $34.7 million in Bitcoin. The incident began on November 29th when cybercriminals infiltrated Foxconn’s networks. The hackers stole and encrypted files, as well as deleted data from servers at the company’s Mexican facility. The attack appears to be the work of ransomware gang DoppelPaymer. One of its members told Bleeping Computer that it has encrypted around 1,200 servers, stolen 100GB of files, and deleted 30TB of backup files.
In the “how low can you get?” category, German biotech firm BioNTech announced on Wednesday that documents relating to the Covid-19 vaccine it has developed with Pfizer were “unlawfully accessed” after a cyber-attack on Europe’s medicines regulator. It was not immediately clear when or how the attack took place, who was responsible or what other information may have been compromised.
Finally, software provider Epicor admitted that a portion of its network had been breached at an unspecified time, and that it was now investigating it. Epicor is a global business software company based in Austin, TX, which products are aimed at the manufacturing, distribution, retail and services industries. In a statement, the company stressed that its business operations and customer data hosted in its cloud solutions were unaffected by the breach.
Those are the top stories. Scroll down below for more thought-provoking headlines from the week. Thanks, and have a great weekend!
Top Global Security News
ARN (December 10, 2020) Epicor software hit by cyber attack
"Business software provider Epicor has become the latest vendor to be hacked as a wave of cyber attacks rocks the technology industry.
Epicor admitted that a portion of its network had been breached at an unspecified time, and that it was now investigating it. The company stressed that its business operations and customer data hosted in its cloud solutions were unaffected by the breach.
In a statement, Epicor CEO Steve Murphy said it was working with an “industry-leading” cyber security firm to uncover the breach and that the investigation remains ongoing as of 9 December."
Data Breach Today (December 9, 2020) FireEye Hack: Sizing Up the Impact
"FireEye's disclosure this week of the theft of its penetration testing tools - and its proactive response - has drawn praise but raised many questions, as well.
Among the questions: How much damage can hackers actually cause by using the stolen tools? And who likely perpetrated the attack against a cybersecurity industry heavyweight?
FireEye reported Tuesday that it was the target of a combination of hacking techniques tailored to penetrate its defenses, resulting in the theft of its "Red Team" tools. These include scripts, tools, scanners and techniques that are used to test clients' infrastructure for security vulnerabilities or configuration lapses that could lead to a data breach."
The Guardian (December 9, 2020) Hackers accessed vaccine documents in cyber-attack on EMA
"German biotech firm BioNTech said on Wednesday that documents relating to the Covid-19 vaccine it has developed with Pfizer were “unlawfully accessed” after a cyber-attack on Europe’s medicines regulator.
Earlier, the European Medicines Agency (EMA) – which is responsible for assessing and approving vaccines for the European Union – said it had been targeted in a cyber-attack. It gave no further details.
It was not immediately clear when or how the attack took place, who was responsible or what other information may have been compromised."
Portswigger (December 8, 2020) Hackers demand $34.7 million in Bitcoin after ransomware attack on Foxconn
"A ransomware attack on Taiwanese electronics giant Foxconn has resulted in hackers demanding $34.7 million in Bitcoin.
Cybercriminals infiltrated Foxconn’s networks on November 29, stealing and encrypting files and deleting data from servers at the company’s Mexican facility, Bleeping Computer reported.
The attack was reportedly carried out by ransomware gang DoppelPaymer, which is demanding $34.7 million in cryptocurrency for the return of files.
A member of DoppelPaymer told Bleeping Computer that it has encrypted around 1,200 servers, stolen 100GB of files, and deleted 30TB of backup files."
ZDNet (December 2, 2020) Brazilian aerospace firm Embraer hit by cyberattack
"Brazilian aerospace and defence group Embraer has been targeted by a cyberattack that has impacted the company's operations.
According to a statement released by the global firm on Monday (30) the attack resulted in the 'disclosure of data allegedly attributed to the company'.
The incident was reported five days after it took place to the Brazilian Securities and Exchange Commission. The Brazilian legislation requires immediate reporting of problems such as cyber attacks."
Other Industry News
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.