Welcome to GlobalSign’s latest cybersecurity news wrap up.
It hasn’t been a great start to the New Year for several UK organizations, as this week numerous new attacks in the country were revealed. One of the most interesting was at British Mensa. As a result, the organization’s website was forced offline for days, but is now back online as of this writing.
The UK Research and Innovation (UKRI), the government department that directs research and innovation funding, also appears to have been the victim of an attack in the last several weeks.
Then, Serco, one of the companies involved in the NHS Test and Trace operations, was hit by a Babuk ransomware attack. Babuk is used by attackers to encrypt networks and steal data. Just last month, it emerged as the first new form in ransomware in 2021.
Meanwhile, on the other side of the pond, December’s SolarWinds attack continues to take its toll. This week we learned that U.S. Department of Agriculture agency – the National Finance Center (NFC) – is one of the many entities impacted by the massive attack. But it should be noted the software vulnerability used to break into NFC's systems is not the same one used by APT27 – the suspected Russian nation-state hackers behind the original attack.
Finally, Dark Reading published a very interesting article about a LockBit Russian cybercriminal named “Aleks”. He agreed to speak with researchers about, among other things, why he became involved in cybercrime, how he chooses victims and the tools he uses to conduct his crimes. What I found most interesting: Why GDPR matters to him. Definitely worth checking out!
That’s all the news for now. Thanks for stopping by and have a great weekend!
Top Global Security News
Bleeping Computer (February 2, 2021) US federal payroll agency hacked using SolarWinds software flaw
"The FBI has discovered that the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report.
NFC provides human resources and payroll services to roughly 170 federal agencies and over 650,000 federal employees since 1973.
The USDA did, however, provide a statement saying that it 'notified all customers (including individuals and organizations) whose data has been affected.'
The threat actors behind the USDA agency hack are suspected to be part of a Chinese-backed hacking group according to Reuters' sources. Reuters sources believe the attackers to be based out of China as they utilize infrastructure and tools utilized in previous state-backed Chinese cyberattacks."
Dark Reading (February 2, 2021) Interview with a Russian Cybercriminal
"Aleks seems to choose victims based on their ability to pay quickly, Williams says, though the report notes the attacker's views may not represent those of LockBit group. For example, Aleks says the EU's General Data Protection Regulation (GDPR) may work in adversaries' favor. Victim companies are more likely to pay 'quickly and quietly' so as to avoid penalties under GDPR.
'I do not like to work in the US because getting paid is harder there, the EU pays better and more,' Aleks reportedly told researchers. While the US is still lucrative, laws require victim organizations to disclose breaches anyway, giving the attacker less leverage in an operation. Researchers note a victim may still be motivated to pay if they believe their data will be leaked.
'That took us by surprise,' Williams says of Aleks' preference for European victims. 'We never thought that GDPR would be a thing that resulted in more of that region being targeted … That was pretty interesting insight.'"
The Daily Swig (February 1, 2021) British Mensa website hacked after directors quit over ‘data protection failures’
"The British Mensa website has suffered a cyber-attack following reports from disgruntled employees that the organization failed to protect its members’ data.
British Mensa, which has around 18,000 members, fell victim to an unknown actor last week, forcing its website offline.
The site is currently serving a 503 Service Unavailable error, while a static page states it is 'under maintenance.'"
IT Pro Portal (February 1, 2021) UK innovation agency hit with ransomware attack
"UK Research and Innovation (UKRI), the government department that directs research and innovation funding, suffered a possible ransomware attack last week.
The organization has issued a statement in which it described 'data being encrypted by a third-party.' However, it could not confirm whether or not any data was stolen, which is common practice for modern ransomware operators.
According to ZDNet, the attack affected two separate services: a portal used for its UK Research Office (UKRO), based in Brussels, and an extranet (often known as the BBSRC extranet) used by UKRI’s Councils."
Verdict (February 1, 2021) NHS Test and Trace contractor Serco hit by cyberattack
"Serco, one of the companies involved in the NHS Test and Trace operations, has confirmed that it has been hit by a cyberattack. NHS Test and Trace is unaffected.
Sky News reported that public services company Serco was targeted by Babuk ransomware, a new form of ransomware that is used by attackers to encrypt networks and steal data, with the victim told to pay a ransom to unencrypt their network and prevent stolen data from being released.
Serco is one of the two main contractors providing call handlers to support NHS professionals involved in Test and Trace, and one of the five companies managing testing centres."
Other industry News
US Fertility Sued Over Ransomware Attack, Health Data Exfiltration
VMware Carbon Black's healthcare users faced 239M attempted cyberattacks in 2020
Ransomware: Average Ransom Payment Declines to $154,108
China Tied to Separate SolarWinds Espionage Campaign
Top U.S. law firm Goodwin Procter Says It Was Hit by Data Breach of Vendor
'Clone Firm' Fraudsters Stealing Millions From UK Investors
U.K. Arrest in ‘SMS Bandits’ Phishing Service
Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.