Cyber Weekly Digest - Week #27
In this week’s digest we dive into the Russian threat actors were able to gain months long access to the Danish Central Bank and how 700 million LinkedIn users’ data was posted for sale on a hacking forum. Keeping reading to get up to date with the latest cyber security news from around the world.
Russian state threat actors compromised Denmark’s central bank and deployed malware, giving them access to the network for more than half a year undetected. The compromise came to light due to official documents from the Danish central bank in a freedom of information request. The breach was part of the SolarWinds cyber espionage campaign last year. Despite the hackers’ long-term access, the bank said that it found no evidence of compromise beyond the first stage of the attack.
This week another data-scraping operation has been discovered, in which 700 million LinkedIn users’ data was posted for sale. The threat actors who posted the LinkedIn data have since boosted the data listing to 1 billion users as this operation follows the data-scrape LinkedIn experienced in May. The data has since been collated and refined by attackers to identify specific targets, the targets include 88,000 U.S. business owners who have changed jobs in the last 90 days. LinkedIn’s response acknowledges the abuse of LinkedIn data, but points out that it’s not technically a breach since the information was public. Although the data is in fact public information, this could mark a wave of targeted LinkedIn attacks.
This week the technical details and a proof-of-concept were accidentally leaked after confusion over another Windows Print Spooler vulnerability, which had already been patched by Microsoft. The remote code execution (RCE) bug, tracked as CVE-2021-3452, impacts all versions of Windows per Microsoft. It is still being investigated to find out if the vulnerability is exploitable on all of them. The vulnerability allows attackers to take over affected servers via remote code execution with SYSTEM privileges as it enables them to install programs, view, change, or delete data, and create new accounts with full user rights.
The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA) this week, which is a new module for its Cyber Security Evaluation Tool (CSET). The tool is a security audit self-assessment tool for organisations that want to understand better how well they are equipped to defend against and recover from ransomware attacks. The module was tailored to assess varying levels of ransomware threat readiness to be helpful to all organisations regardless of their cyber security skill level.
SentinelOne shares began trading on the New York Stock Exchange on Wednesday, under the ticker symbol “S.” The initial price range was $26-to-$29 but this was then lifted to $31-to-$32. The offering was then priced at $35 and the amount raised came to about $1.2 billion, exceeding its goal. SentinelOne surpassed CrowdStrike’s $6.7 billion market debut in 2019, and the previous IPO big winner, McAfee, to become the highest-valued cybersecurity IPO in history.