Cyber Weekly Digest - Week #29

In this week’s Cyber Weekly Digest we dive into the most interesting cyber security stories, including how one of the most notorious ransomware gang REvil’s sites mysteriously went offline on Tuesday and a data breach affecting the fashion retailer Guess’s customers. Keep reading to stay up to date with the biggest cyber security stories from across the globe.

1. Guess announces a data breach following a ransomware attack.

This week Guess, the fashion retailer, confirmed they had become the victim of a ransomware attack in which customer data had been stolen. After an investigation it is believed that attackers gained access to the fashion retailer’s systems in February this year. Although Guess has not provided information on the identify of the threat actor, it was reported that the DarkSide ransomware gang had listed the retailer on their data leak site in April. At the time DarkSide claimed to have stolen over 200 GB worth of files from Guess’ network before attempting to encrypt their systems.

2. REvil ransomware gang’s sites mysteriously went offline.

All of REvil’s Dark Web sites slipped offline as of 1:00 am Tuesday morning. REvil is one of the biggest ransomware groups currently, who uses their sites to negotiate ransoms, leak data and receive payments from its victims. However, it is unclear why REvil’s sites went offline. Some argue that law enforcement was involved as the sites went offline just days after President Biden demanded that President Putin takes action on ransomware gangs. REvil’s most recent victims include Kaseya and their MSP customers which affected 1,500 businesses.

3. Chinese-based attackers are exploiting a new SolarWinds zero-day.

SolarWinds released a security patch for a zero-day vulnerability in the Serv-U FTP servers this week, the flaw would allow remote code execution when SSH is enabled. The vulnerability was disclosed by Microsoft who also observed that a threat actor had already exploited it to execute commands on vulnerable devices. It has been revealed that the group behind the attacks was the China-based group DEV-0322, who has previously targeted entities in the US Defence Industrial Base Sector and software companies.