It’s another week in cybersecurity land. Last week was relatively quiet, but this week things are heating up again in terms of attacks. Why don’t we start off with some good news for a change?
On Wednesday, there was a massive global takedown of the Emotet botnet.
US and European law enforcement agencies seized control of the computing infrastructure used by Emotet, a botnet of infected machines. It’s been one of the most pervasive cyber threats over the last six years. The investigators “gained control of the infrastructure and took it down from the inside,” Europol, the European Union’s law enforcement agency, said in a statement.
According to ZDNet, Dutch police are already in the process of delivering an Emotet update that will remove the malware from all infected computers in late April.
The takedown of Emotet is significant as it’s estimated to be behind hundreds of millions of dollars in total damages. Ukrainian law enforcement has estimated the damages goes into the billions. They released some video showing officers seizing computer equipment, cash, and rows of gold bars from alleged Emotet operators. See the video here from WIRED.
In other news…
- Google said on Monday it had identified a hacking effort suspected to be centered in North Korea that targeted US-based cybersecurity experts. A post on the company's blog claimed that researchers had identified a sophisticated and coordinated effort in which North Korean operatives using fake personas allegedly make contact with US-based cybersecurity workers through Twitter, LinkedIn, Telegram, Discord, and Keybase.
- REvil ransomware gang has demanded $30 billion from massive pan-Asian retail chain operator Dairy Farm Group. This week, BleepingComputer was contacted by a threat actor who stated that the group had compromised Dairy Farm Group's network and encrypted devices around January 14th, 2021.
- Austrian construction equipment manufacturing firm Palfinger AG was hit with a cyber attack that knocked the majority of its worldwide IT infrastructure offline. The company appears to still be investigating the incident to determine the extent of it.
- Then, in Australia, the country’s own top financial watchdog has announced it was hit by a cyber attack on January 15th that may have allowed criminals to access credit license applications. The incident was related to Accellion software used by ASIC to transfer files and attachments.
- Finally, late last week police in the Netherlands arrested two people for allegedly selling data from the Dutch health ministry's COVID-19 systems on the criminal underground. The arrests came after an investigation by a local news reporter who discovered ads for Dutch citizen data online, advertised on instant messaging apps like Telegram, Snapchat, and Wickr.
Grab a cup of coffee, hot chocolate (or wine perhaps?) to get all the details on these and other top cybersecurity news stories.
Thanks for stopping by our blog, and have a great weekend!
Top Global Security News
HelpNetSecurity (January 27, 2021) International law enforcement effort pulls off Emotet botnet takedown
"InterLaw enforcement and judicial authorities worldwide have effected a global takedown of the Emotet botnet, Europol announced today.
'The Emotet infrastructure essentially acted as a primary door opener for computer systems on a global scale. Once this unauthorised access was established, these were sold to other top-level criminal groups to deploy further illicit activities such data theft and extortion through ransomware. Investigators have now taken control of its infrastructure in an international coordinated action,' they explained.national law enforcement effort pulls off Emotet botnet takedown.
The Emotet takedown has included Europol, Eurojust, and authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine."
Vice (January 26, 2021) North Korean Hackers Hacked Famous Hackers With Fake Hacking Website, Google Says
"North Korean hackers clandestinely recruited security researchers from around the world and lured them to visit an 'exploit research blog' about hacking in order to hack them, Google said Monday. The scheme was at times successful—they used Windows and Chrome zero-days to hack them, Google said in its report.
The hackers primarily used fake Twitter and LinkedIn accounts to approach security researchers. The hackers also used the Twitter accounts to post links to a blog where they analyzed public vulnerabilities and also claimed to find zero-days, which turned out to be fake. The hacking campaign spanned the last several months.
After Google's announcement, several security researchers admitted on Twitter that they were targeted."
Bleeping Computer (January 26, 2021) Pan-Asian retail giant Dairy Farm suffers REvil ransomware attack
"Massive pan-Asian retail chain operator Dairy Farm Group was attacked this month by the REvil ransomware operation. The attackers claim to have demanded a $30 million ransom.
The Dairy Farm Group operates over 10,000 outlets and has 230,000 employees throughout Asia. In 2019, the Dairy Farm Group's total annual sales exceeded $27 billion.
This week, BleepingComputer was contacted by a threat actor who stated that the REvil ransomware group had compromised Dairy Farm Group's network and encrypted devices around January 14th, 2021.
BleepingComputer was told that the ransom demand is $30 million but has not independently confirmed this amount."
IT Security Guru (January 26, 2021) Crane manufacturer Palfinger hit by global cyberattack
"Palfinger, a global leader in crane and lifting manufacturing, has been targetted by a cyberattack which has disturbed both the companies business operations and IT systems. The crane manufacturer is Austrian based and has more than 11,000 employees in over 35 locations. Being one of the global leaders in crane and lifting solutions, Palfinger has an annual revenue of €1.75 billion, making it a prime target for cyberattacks.
At the moment Palfinger has been the victim on an ongoing global cyber-attack which has had a massive impact on its IT infrastructure. So far the consequences of the attack are inconclusive, but the company are putting an extreme effort into finding a solution."
Sydney Morning Herald (January 26, 2021) Australian Corporate watchdog ASIC hit with cyber attack
"The Australian Securities and Investments Commission (ASIC) outed itself late on Monday as the latest victim of the cyber attackers who have been causing headaches in recent weeks for corporate users of software that allows people to transfer documents and attachments.
ASIC is not alone in being caught in the attack. The Reserve Bank of New Zealand and law firm Allens have also been targeted through the attack on Accellion software users."
ZDNet (January 25, 2021) Dutch COVID-19 patient data sold on the criminal underground
"Dutch police have arrested two individuals on Friday for allegedly selling data from the Dutch health ministry's COVID-19 systems on the criminal underground.
The arrests came after an investigation by RTL Nieuws reporter Daniel Verlaan who discovered ads for Dutch citizen data online, advertised on instant messaging apps like Telegram, Snapchat, and Wickr.
The ads consisted of photos of computer screens listing data of one or more Dutch citizens."
Other Industry News
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.