GlobalSign Blog

Cybersecurity News Round-Up: Week of July 9, 2021

Cybersecurity News Round-Up: Week of July 9, 2021

Hello and welcome back to the GlobalSign weekly news wrap-up.

This week, all eyes have been on Kaseya, the Dublin, Ireland-based IT solutions developer for managed service providers (MSP) and enterprise clients. The company announced late last week that it was the victim of a cyberattack on July 2.

Currently most agree the attacker, believed to be REvil, executed a supply chain ransomware attack by leveraging a vulnerability in Kaseya's VSA product used by many MSPs, but also their customers. VSA is a unified remote-monitoring and management tool for handling networks and endpoints.

It is also believed that 800 to 1500 companies, mostly small to medium-sized, may have been compromised via their MSP.

Businesses and entities severely impacted include everything from large retailers such as Sweden-based Coop supermarkets -- which was forced to temporarily close since their cash registers were locked as a result of the hack – to towns like Leonardtown, Maryland, where attackers are requesting $45,000 per computer (to encrypt them) from the local government.

Especially interesting here is the code behind REvil appears to have been written specifically to avoid computer systems that primarily use Russian or related languages.

This attack has legs and unfortunately appears that due to the scale, we’ll be talking about this one for quite some time.

Unrelated, but equally as critical, is a new, urgent warning from Microsoft. The company is imploring Windows users to immediately install an update after a discovery of a serious vulnerability dubbed “PrintNightmare”.

The flaw affects Windows Print Spooler service. As this story in Tech Republic explained, “pushing out patches for all versions of Windows, even unsupported ones, shows how serious Microsoft considered this vulnerability….choosing not to wait until next week's Patch Tuesday to roll it out.”

Then, the Republican National Committee on Tuesday announced one of its contractors had been breached by Russian hackers but seemed confident the data wasn’t breached.

The Russian advanced persistent threat (APT) 29 group – AKA “Cozy Bear” -- is allegedly behind the hack.

Also, this week, British Airways settled a data breach lawsuit out of court. Under the agreement with PGMBM, the court-appointed law firm representing victims, the airline will pay thousands of claimants an undisclosed sum. The resolution does not include any admission of liability on the part of the operator. The 2018 data breach exposed personal data belonging to more than 420,000 customers.

That’s all for the now. Let’s hope the week finishes on a quiet note. Wishing everyone a great weekend!

Top Global Security News

CNN Business (July 8, 2021) Microsoft security update: urgent warning on PrintNightmare to update your PC immediately

Microsoft is urging Windows users to immediately install an update after security researchers found a serious vulnerability in the operating system.

The security flaw, known as PrintNightmare, affects the Windows Print Spooler service. Researchers at cybersecurity company Sangfor accidentally published a how-to guide for exploiting it. The researchers tweeted in late May that they had found vulnerabilities in Print Spooler, which allows multiple users to access a printer. They published a proof-of-concept online by mistake and subsequently deleted it -- but not before it was published elsewhere online, including developer site GitHub.

READ MORE

Slashdot (July 8, 2021) Code In Huge Ransomware Attack Written To Avoid Computers That Use Russian, Says New Report - Slashdot

The computer code behind the massive ransomware attack by the Russian-speaking hacking ring REvil was written so that the malware avoids systems that primarily use Russian or related languages, according to a new report by a cybersecurity firm. NBC News reports:

It's long been known that some malicious software includes this feature, but the report by Trustwave SpiderLabs, obtained exclusively by NBC News, appears to be the first to publicly identify it as an element of the latest attack, which is believed to be the largest ransomware campaign ever. "They don't want to annoy the local authorities, and they know they will be able to run their business much longer if they do it this way," said Ziv Mador, Trustwave SpiderLabs' vice president of security research.

READ MORE

Portswigger (July 7, 2021) British Airways agrees to pay victims of record-breaking data breach

British Airways (BA) has reached an out-of-court settlement with the victims of a data breach that exposed personal data belonging to more than 420,000 customers.

Under the agreement with PGMBM, the court-appointed law firm representing victims, the airline will pay thousands of claimants an undisclosed sum. The resolution does not include any admission of liability on the part of the operator.

“This represents an extremely positive and timely solution for those affected by the data incident,” said PGMBM chairman Harris Pogust in a statement.

READ MORE

The Hill (July 6, 2021) RNC says contractor breached in hack, GOP data secure

The Republican National Committee (RNC) on Tuesday acknowledged that one of its contractors had been breached by hackers linked to Russia but said its data had not been accessed.

Bloomberg News reported Tuesday that the Russian advanced persistent threat (APT) 29 group had breached the RNC’s computer systems last week by compromising Synnex, a third-party technology provider.

The APT29 group, also known as “Cozy Bear,” is the same group that hacked the Democratic National Committee (DNC) ahead of the 2016 elections. It was also linked by U.S. intelligence agencies to last year’s SolarWinds hack, which compromised nine federal agencies.

READ MORE

Other Industry News

Ransomware gangs taking aim at soft target industrial control systems - ZDNet

Microsoft digitally signs malicious rootkit driver – Ars Technica

Kaseya Was Working on Patches Before Ransomware Attack - Bankinfosecurity Asia

$50 billion to modernise US power grid - Smart Energy

Attacks on UK Businesses Fall for First Time in Three Years - Infosecurity Magazine

European police lay siege to hacker haven DoubleVPN – SearchSecurity

Older workers a secret weapon against attacks? – Financial Times

Like what you’re reading? Fill out the form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.

Share this Post