Hello and welcome to the latest cybersecurity news wrap-up.
This week has been relatively quiet, in that there have not been any major new incidents such as SolarWinds (thankfully). Yet that incident is still a hot topic, as many companies continue to deal with the ramifications.
Enter security vendor Mimecast, which this week revealed that an investigation conducted by Mandiant, confirmed that attackers used the Sunburst backdoor in the compromised versions of SolarWinds Orion platform to downloaded some of the company’s source code repositories. The company also found a breached certificate – announced in January – was linked to several SolarWinds breaches of other organizations. Fortunately, the company has found no evidence the threat actor made any modifications to their source code, nor does it believe there was any impact on their products.
As many know, the US government was significantly impacted by the SolarWinds hack; at least nine federal agencies were attacked. Subsequently, there’s still plenty of questions being asked on Capitol Hill. This week, bipartisan leaders of a House panel “drilled” multiple agencies for updates. Members of the Energy and Commerce Committee sent letters demanding answers to the leaders of the departments of Commerce, Energy and Health and Human Services, as well as the Environmental Protection Agency and the National Telecommunications and Information Administration. The lawmakers wanted to know how the agencies are responding to the hack, and how they hope to prevent similar cyber attacks in the future.
In the UK, cybercriminals have hit a new low. They now have childcare organizations on their target list, to the point that the National Cyber Security Centre (NCSC) had to issue a warning. In a first-of-its-kind guidance for this sector, the warnings included recommending password protection information for parents. According to the story by the BBC, the cyber agency says child minders (as they are referred to in the UK), are "increasingly relying on technology to operate" and have become an "appealing target" for cyber-attacks. The NCSC is concerned that hackers could be seeking personal information about children or families, and to target the payments process for parents.
Finally, in what is likely no surprise to anyone, ransomware is showing no sign of slowing down. Cybersecurity researchers at Palo Alto Networks analyzed ransomware attacks targeting North American and European organizations and found the average ransom paid in exchange for a decryption key to unlock encrypted networks rose from $115,123 in 2019 to $312,493 in 2020 – a whopping 171% increase. Sadly, crime is apparently paying quite well these days.
That is a wrap for this week. Thanks for stopping by and reading our blog. Wishing you a great weekend!
Top Global Security News
Computing UK (March 18, 2021) Mimecast's source code stolen in SolarWinds breach
"Security vendor Mimecast has announced that its source code was stolen in cyber attacks linked to the SolarWinds breach.
In an incident report published on its website, the company said that the hackers used the Sunburst backdoor in the compromised versions of SolarWinds Orion platform as an initial attack vector to download 'a limited number of source code repositories'.
However, there was no evidence to suggest that the attackers were able to modify the code, or that any of the company's existing products were impacted as a result of the breach."
Ars Technica (March 17, 2021) I was a teenage Twitter hacker. Graham Ivan Clark gets 3-year sentence
"A Florida teenager accused of orchestrating one of last summer’s Twitter hacks—this one used celebrity accounts to make more than $100,000 in a cryptocurrency scam—pleaded guilty on Tuesday in exchange for a three-year sentence, it was widely reported.
Authorities said that Graham Ivan Clark, now 18, and two other men used social engineering and other techniques to gain access to internal Twitter systems. They then allegedly used their control to take over what Twitter has said were 130 accounts. A small sampling of the account holders included then Former Vice President Joe Biden, Tesla founder Elon Musk, pop star Kanye West, and philanthropist and Microsoft founder and former CEO and Chairman Bill Gates."
The Hill (March 17, 2021) Lawmakers press federal agencies on scope of SolarWinds attack
"The bipartisan leaders of a House panel on Wednesday drilled multiple agencies for updates on the SolarWinds hack, a mass cyber campaign that compromised at least nine federal agencies and 100 private sector groups.
Members of the Energy and Commerce Committee sent letters demanding answers to the leaders of the departments of Commerce, Energy and Health and Human Services, as well as the Environmental Protection Agency and the National Telecommunications and Information Administration.
The lawmakers, led by Chairman Frank Pallone (D-N.J.) and ranking member Cathy McMorris Rodgers (R-Wash.), drilled the agencies — several of which were reportedly compromised by the breach — on the impact of the hack, how they are responding to it and how they hope to prevent similar cyberattacks in the future."
ZDNet (March 17, 2021) Largest ransomware demand now stands at $30 million as crooks get bolder
"Ransomware shows no sign of slowing down as the average ransom paid to cyber criminals by organisations that fall victim to these attacks has nearly tripled over the past year.
Cybersecurity researchers at Palo Alto Networks analysed ransomware attacks targeting organisations across North America and Europe and found that the average ransom paid in exchange for a decryption key to unlock encrypted networks rose from $115,123 in 2019 to $312,493 in 2020.
That represents a 171% year-over-year increase, allowing cyber criminals to make more money than ever before from ransomware attacks."
InfoSecurity (March 16, 2021) UK Nurseries Get First Official Cyber-Attack Warning
"The UK's National Cyber Security Centre (NCSC) has issued its first ever cybersecurity warning to nurseries and childminders.
The agency, which is part of the nation's GCHQ intelligence service, said that the education sector's increasing reliance on technology has made it an 'appealing target' for cyber-criminals.
In a new set of guidelines published online, the NCSC warns early years practitioners that part of safeguarding the children in their care is making sure that sensitive data belonging to those children and their families doesn't fall into the wrong hands."
Dark Reading (March 15, 2021) Verkada breach demonstrates the danger of overprivileged users
"Uber's God Mode. Hard-coded passwords in networking products. Rosenbridge processor backdoors. And now Verkada's super admin account that reportedly gave hackers — as well as more than 100 internal users — access to videos from tens of thousands of client cameras.
The list of massive security failures due to product or service architectures that give a single user or group unfettered privileges continues to grow. In the latest case, hackers gained access to a super admin account for the cloud service of security-camera startup Verkada, enabling them to view videos from nearly 150,000 cameras. Prisoners in county jails, factories for carmaker Tesla, and the offices of Internet-infrastructure firm Cloudflare were all viewable using privileged access, according to reports and hacker statements.
Accounts that have backdoor access to devices or unlimited service capabilities significantly undermine security — even more so as supply chain attacks have become more common, says Jeff Costlow, chief information security officer at ExtraHop, a cloud security firm."
Other Industry News
FBI Warns of Increase of PYSA Ransomware Targeting Education Orgs. (Solutionsreview.com)
Ransomware attack forces college to tell students to stay home (Graham Clueley)
REvil Group Claims Slew of Ransomware Attacks (Threatpost)
U.S. Taxpayers targeted in Netwire, Remcos Trojan Attack Wave (ZDNet)
Another Mirai variant used in attempted hacks on routers, switches (CyberScoop)
Fastway Couriers Confirms Security Breach (InfoSecurity)
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.