GlobalSign Blog

Cybersecurity News Round-Up: Week of July 26, 2021

Cybersecurity News Round-Up: Week of July 26, 2021

Welcome back to GlobalSign’s weekly news roundup.

Fortunately, this week was quieter in terms of major new attacks. What we are seeing is continued government efforts to significantly ramp up its cybersecurity capabilities in light of the onslaught of ransomware attacks since late last year.

On Tuesday, the FBI advised Congress to NOT make ransom payments to cybercriminals illegal. Reason being, according to Bryan Vorndran, assistant director of the FBI's cyber division, is that the payments could inadvertently create opportunities for further extortion by ransomware gangs.

"If we ban ransom payments now, you're putting US companies in a position to face yet another extortion, which is being blackmailed for paying the ransom and not sharing that with authorities," Vorndran said at a Senate Judiciary Committee hearing on ransomware.

On Wednesday, President Biden signed a national security memorandum tasking a group of federal agencies to develop cybersecurity performance goals for critical infrastructure. The executive memo follows a security directive handed down by the Transportation Security Administration last week requiring owners and operators of TSA-designated critical pipelines to implement mitigations to protect against ransomware and other threats.

Also this week, four governmental cybersecurity agencies announced the 30 most exploited vulnerabilities. The US Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom's National Cyber Security Centre (NCSC), and the U.S. FBI said the top vulnerability is CVE-2017-11882. The exploit involves a stack buffer overflow in the equation editor of Microsoft Office, which can lead to remote code execution (RCE).

Over in Ireland, its healthcare system has had a tough year. Not only is it still recovering from a damaging ransomware attack, but now Northern Ireland’s Department of Health has been forced to temporarily suspend its CovidCert online vaccination certification service after a number of users were potentially exposed to data of other users. Northern Irish DoH is working on resolving the issue and an update is expected to follow soon.

Finally, there are two new ransomware groups, Haron and BlackMatter. According to Ars Technica, both groups say they are aiming for big-game targets – corporations or other large businesses with deep pockets. And The Hacker News reports that BlackMatter registered an account on Russian-language forums XSS and Exploit on July 19, quickly following it up with a post stating they are looking to purchase access to infected corporate networks comprising anywhere between 500 and 15,000 hosts in the US, Canada, Australia, and the UK and with revenues of over $100 million a year, potentially hinting at a large-scale ransomware operation.

We hope you stick around to read all the stories in this week’s news roundup. There’s lot of good stuff, including The Hill’s coverage of hackers posing as a flirtatious aerobics’ instructor. Those crazy hackers – what will they think of next???

Top Global Security News

Bleeping Computer (July 28, 2021) Northern Ireland suspends vaccine passport system after data leak

"This week, Northern Ireland's Department of Health (DoH) has temporarily suspended their COVIDCert online vaccination certification service after a data incident.

The government body says that a limited number of users were potentially exposed to data of other users, causing them to temporarily halt the service.
COVIDCert enables fully vaccinated individuals based in Northern Ireland to obtain a digital certificate confirming their COVID-19 vaccination status."

READ MORE

Ars Technica (July 28, 2021) Haron and BlackMatter are the latest groups to crash the ransomware party

"July has so far ushered in at least two new ransomware groups. Or maybe they’re old ones undergoing a rebranding. Researchers are in the process of running down several different theories.

Both groups say they are aiming for big-game targets, meaning corporations or other large businesses with the pockets to pay ransoms in the millions of dollars. The additions come as recent ransomware intrusions of oil pipeline operator Colonial Pipeline, meat packer JBS SA, and managed network provider Kaseya have caused major disruptions and created pressure in Washington to curb the threats.

The first group is calling itself Haron. A sample of the Haron malware was first submitted to VirusTotal on July 19. Three days later, South Korean security firm S2W Lab discussed the group in a post.

Most of the group’s site on the dark web is password protected by extremely weak credentials. Past the login page, there’s a list of alleged targets, a chat transcript that’s not fit to be shown in full, and the group’s explanation of its mission."

READ MORE

ZDNet (July 28, 2021) Get patching: US, UK, and Australia issue joint advisory on top 30 exploited vulnerabilities

"At the end of almost seven months in 2021, one of the 30 most exploited vulnerabilities dates from 2017, according to the US Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom's National Cyber Security Centre (NCSC), and the US FBI.

CVE-2017-11882 is the holder of the dubious honour, and it is due to a stack buffer overflow in the equation editor of Microsoft Office, which can lead to remote code execution (RCE). It is an exploit that vendors have been banging on about for years already.

The quartet of agencies said on Wednesday that the easiest way to fix this hole, and the 29 others listed, would be to patch systems."

READ MORE

Cyberscoop (July 28, 2021) Biden issues memo to push critical infrastructure cybersecurity upgrades

"President Joe Biden on Wednesday signed a national security memorandum tasking a group of federal agencies to develop cybersecurity performance goals for critical infrastructure.

The directive is the latest effort from the Biden administration to get critical industries on board with improving cybersecurity in areas that could impact national security and the economy. The executive memo follows a security directive handed down by the Transportation Security Administration last week requiring owners and operators of TSA-designated critical pipelines to implement mitigations to protect against ransomware and other threats.

'Our current posture is woefully insufficient given the evolving threat we face today,' a senior administration official told reporters in a call on Tuesday. 'We really kicked the can down the road for a long time. The administration is committed to leveraging every authority we have, though limited, and we’re also open to new approaches, both voluntary and mandatory.'”

READ MORE

CNN (July 27, 2021) FBI tells Congress ransomware payments shouldn't be banned

"Congress should not attempt to address the threat of ransomware by making ransom payments to cybercriminals illegal, a top FBI official told US lawmakers Tuesday.
Banning ransom payments could inadvertently create opportunities for further extortion by ransomware gangs, said Bryan Vorndran, assistant director of the FBI's cyber division.

'If we ban ransom payments now, you're putting US companies in a position to face yet another extortion, which is being blackmailed for paying the ransom and not sharing that with authorities,' Vorndran said at a Senate Judiciary Committee hearing on ransomware.

The debate over outlawing ransomware payments illustrates the broader challenge facing policymakers as they seek to clamp down on a crime that takes advantage of a victim's financial incentives: It can often be more tempting to pay in hopes of resolving the problem quickly, cybersecurity experts say, compared to refusing to negotiate, having to restore data from backups and risking the release of sensitive information online."

READ MORE

Other Industry News

Hackers posed as flirtatious aerobics instructor while targeting US defense contractor's employee – The Hill

Hacking DEF CON 29 – Reznok

Hackers co-opt Microsoft’s anti-phishing feature for phishing attacks – Venture Beat

Brazil creates cyberattack response network - ZDNet

‘Holy moly!’: Inside Texas' fight against a ransomware hack - Associated Press

Healthcare Cyberattacks, Data Breaches Pressuring Nonprofit Orgs - Health IT Security

Spanish DPA sets a new standard in GDPR enforcement with record fines – Lexology

Like what you’re reading? Fill out the form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.

Share this Post