GlobalSign Blog

Cybersecurity News Round-Up: Week of May 31, 2021

Cybersecurity News Round-Up: Week of May 31, 2021

Well, another exciting week in cybersecurity is coming to a close.

This week meat lovers around the globe were very distressed after learning that massive food processing company, JBS, was attacked on Sunday.

where's the beef meme.png

The REvil attack impacted both its North American and Australian IT systems.
JBS said its backup servers were not affected, and that it was actively working with an incident response firm to restore its systems "as soon as possible".

The company stated earlier in the week that it was not aware of any evidence to suggest customer, supplier, or employee data has been compromised or misused as a result of the attack.

The incident was so damaging that the US Department of Agriculture (USDA) was unable to release the wholesale prices for beef and pork, affecting thousands involved in the agriculture market.

Fortunately, by mid-week JBS systems were coming back online.

The JBS incident took center stage this week, but there were additional attacks and other notable developments.

There’s been another healthcare related data breach. This time it involves the 20/20 Hearing Care Network, a vision and hearing benefits administrator. The organization had to notify 3.3 million individuals that their personal and health information contained in an AWS cloud storage bucket was accessed or downloaded - and then deleted - by an "unknown" party in January. The company says it reported the incident to the FBI, the U.S. Department of Health and Human Services and various state regulators.

In Japan, FujiFilm was the victim of a ransomware attack that forced the shut down of portions of its network to prevent the attack's spread. As a result of the partial network shutdown, Fujifilm USA added a notice to its website stating that it is currently experiencing problems affecting all forms of communications, including emails and incoming calls. In an earlier statement, Fujifilm confirmed that the cyberattack is also preventing the company from accepting and processing orders.

Fortunately, there were a few bright spots this week.

The US Justice Department announced this week it seized two command-and-control and malware distribution domains that were used as part of a recent phishing attack identified by Microsoft last week. The domains that had been used in spear-phishing attacks that mimicked email communications from the US Agency for International Development (USAID). Nobelium, a group Microsoft and CISA believe is responsible for the SolarWinds attack, was found operating a widespread malicious email campaign that used USAID’s Constant Contact email tools to send infected emails to thousands of recipients.

And in Brazil, the government passed new legislation intended to bring tougher measures against digital fraud and crime.

According to the law 14.155 sanctioned last Thursday (27), the Brazilian Penal Code has been updated with more stringent penalties regarding device invasion, theft and misconduct in digital media environments. The law now also includes crimes committed with the information provided by someone induced to or erroneously through fraudulent emails, social networks, or contacts via telephone.

The cloning of messaging apps such as WhatsApp, whereby criminals can, for example, request money from the victim's contacts, and phishing are the types of crimes included in the updated law.

That’s a wrap for the week. Wishing everyone a fun, cyber-safe weekend.

Top Global Cybersecurity News

ZDNet (June 2, 2021) FBI attributes JBS ransomware attack to Revil

"The United States FBI issued a short statement on Wednesday pinning the recent JBS ransomware incident on REvil.

'As the lead federal investigative agency fighting cyber threats, combating cybercrime is one of the FBI's highest priorities. We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice,' the agency said.

'We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable. Our private sector partnerships are essential to responding quickly when a cyber intrusion occurs and providing support to victims affected by our cyber adversaries.'"

READ MORE

Bleeping Computer (June 2, 2021) FUJIFILM shuts down network after suspected ransomware attack

"FujiFilm is investigating a ransomware attack and has shut down portions of its network to prevent the attack's spread.

FujiFilm, also known as just Fuji, is a Japanese multinational conglomerate headquartered in Tokyo, Japan, which initially started in optical film and cameras. It has grown to include pharmaceuticals, storage devices, photocopiers and printers (XEROX), and digital cameras.

FUJIFILM earned $20.1 billion in 2020 and has 37,151 employees worldwide.
'FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence,' FUJIFILM said in a statement."

READ MORE

Data Breach Today (June 2, 2021) Health Data for Millions Deleted From Cloud Bucket

"20/20 Hearing Care Network, a vision and hearing benefits administrator, is notifying nearly 3.3 million individuals that their personal and health information contained in an Amazon Web Services cloud storage bucket was accessed or downloaded - and then deleted - by an 'unknown' actor in January.

In a May 28 breach report filed with the Maine attorney general's office, the Fort Lauderdale, Florida-based company says that on Jan. 11, it was alerted to "suspicious activity" in its Amazon Web Services environment. The company says it reported the incident to the FBI, the U.S. Department of Health and Human Services and various state regulators.

As of Wednesday, the 20/20 Hearing Care Network breach was not yet posted on the HHS HIPAA Breach Reporting Tool website listing health data breaches affecting 500 or more individuals.

But the company's report to Maine's attorney general notes that the incident affected 221 state residents and nearly 3.3 million individuals in total, which would rank the incident among the largest health data breaches reported to regulators so far in 2021."

READ MORE

Dark Reading (June 1, 2021) Cybersecurity Group Hopes to Push 30 More National Priorities

"More than a year after the Cyberspace Solarium Commission recommended more than 80 policy initiatives to strengthen US cybersecurity, the US government has codified only 27 provisions into law.

The group hopes to change that this year, and cybersecurity experts agree that the time has come. Among the important recommendations that will be pushed in 2021 are a national data protection legislation, federal reporting requirements, and the creation of a Bureau of Cyber Statistics, according to a commissioner and two outside experts.

The fact that the US government does not have a clear picture of cyber threats or how often public and private entities are affected needs to be fixed quickly, Paul Rosenzweig, senior fellow for cybersecurity at the R Street Institute, a conservative public-policy group, said during a session at the RSA Conference on the outstanding priorities from the Cyberspace Solarium Commission (CSC)."

READ MORE

ZDNet (June 1, 2021) Department seizes domains used in Nobelium-USAID phishing campaign

"The US Justice Department announced on Tuesday that it has seized two command-and-control and malware distribution domains that were used as part of a recent phishing attack identified by Microsoft last week.

Nobelium, a group Microsoft and CISA believe was behind the massive SolarWinds attack, was found operating a widespread malicious email campaign that used the account of the US Agency for International Development (USAID) on mass-mailing service Constant Contact to send infected emails to thousands of recipients.

Both Microsoft and CISA released alerts about the attack and the Washington Post as well as the New York Times reported that few, if any, of the malicious emails were opened."

READ MORE

ZDNet (May 31, 2021) Brazil approves stricter legislation to tackle online crime

"The Brazilian government has passed new legislation introducing tougher measures against fraud and crimes perpetrated in digital environments.

According to the law 14.155 sanctioned last Thursday (27), the Brazilian Penal Code has been altered to add more stringent penalties in relation to device invasion, theft and misconduct in digital media environments, as well as crimes committed with the information provided by someone induced to or erroneously through fraudulent emails, social networks, or contacts via telephone.

Crimes that are included in the scope of the new legislation include cloning of messaging apps such as WhatsApp, whereby criminals can, for example, request money from the victim's contacts, and phishing. Brazil is a world leader in phishing attacks, with one in five Internet users in the country targeted at least once in 2020."

READ MORE

Other Industry News

With JBS attack, ransomware industry achieves critical mass - Axios

Breached companies facing higher interest rates and steeper collateral requirements - ZDNet

Spear-phishing campaign linked to SolarWinds attackers halted following domain seizure – Portswigger 

Anti-ransomware biz ExaGrid ‘paid $2.6m ransomware demand’ – Blocks and Files

Scripps Notifying 147K People of Data Breach – InfoSecurity

EU's revamped data transfer tools will have more safeguards - Computing UK

Meet the ransomware negotiators you hope you’ll never need – Fortune

The state of cybersecurity in financial services - Finextra

Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.

Share this Post