This week’s Cyber Weekly Digest explores some of the most intriguing cyber security stories this year. Find out about a double extortion attack on a US law firm, whose clients include Fortune 500 companies, and how Kaseya obtained a universal decryptor for victims affected in the July 2nd ransomware attack.
This week US based law firm, Campbell Conroy & O’Neil, P.C, announced that they had become a victim of a double-extortion ransomware attack. The law firm disclosed a data breach as a result of a ransomware attack which hit them in February. Their clients include high-profile Fortune 500 and Global 500 companies such as Apple, Mercedes Benz, Boeing, Pfizer and British Airways. According to the Campbell’s investigation, attackers were able to access the names, dates of birth, drivers licence numbers, passport numbers, payment card information and medical information from “certain individuals”. Campbell is offering 24 months free access to credit monitoring, fraud consultation, and identity theft restoration services to all individuals whose Social Security numbers or equivalent information was exposed during the attack.
French lawmakers have launched an investigation into Israeli offensive cybersecurity company NSO Group after they discovered French President Emmanuel Macron was potentially targeted by the company’s spyware along with 13 other heads of states. Other heads of states include presidents Imran Khan of Pakistan, Cyril Ramaphosa of South Africa and Barham Salih of Iraq. The news comes after last week when 17 media partners published a report which shed light onto the widespread use of Pegasus spyware often used by repressive regimes against human rights activists, journalists and world leaders. Pegasus spyware infects iPhones and Android devices, allowing operators to extract messages, photos and emails, record calls and secretly activate microphones and cameras.
One of the most notable cyber security stories from last year was the July Twitter hack in which 130 high-profile accounts were compromised. This week another individual has been charged for their involvement. 22-year-old Joseph O'Connor has been charged with intentionally accessing a computer without authorisation and obtaining information from a protected computer, as well as for making extortive communications. O’Connor was arrested in the Spanish town Estepona by the Spanish National Police following a US arrest warrant.
On Thursday Kaseya confirmed that they received a universal decryptor for the ransomware attack from a "trusted third party", which allows victims to recover the files without paying ransom demands. REvil threat actors had originally demanded $70 million for a universal decryptor, $5 million for MSPs, and $40,000 for each extension encrypted on a victim's network. Soon after the attack REvil ransomware shut down their payment sites and infrastructure, leaving victims unable to negotiate with attackers.
On Tuesday, SentinelOne researchers published a report exploring a high-severity privilege-escalation flaw in HP printer drivers which could impact hundreds of millions of Windows machines. The vulnerability is believed to have existed in systems for 16 years but was only discovered this year. It carries an 8.8 out of 10 rating on the CVSS scale, making it high severity.