In this week's digest, we take a look into a ransomware gang looking to recruit insiders with "millions of dollars" and how attackers were unable to sell data stolen by EA games. Keep reading to find out about the biggest cyber security stories from across the globe.
In June, the LockBit ransomware operation announced the launch of their new LockBit 2.0 ransomware-as-a-service. This week, with the recent launch, the LockBit 2.0 ransomware gang updated the Windows wallpaper on encrypted devices to offer "millions of dollars" for corporate insiders who provide access to networks where they have an account. The message is likely targeting those who are responding to an attack, as the message appears once the network has already been breached.
The threat actors behind the Electronic Arts breach this year have released the entire cache of stolen data after failing to extort the company and later sell the stolen files to a third-party buyer. The threat actors breached EA in June and had hoped to sell the stolen data for $26 million; however, they could not find a buyer. The leaked files contain the source code of the FIFA 21 soccer game, including tools to support the company's server-side services. The data was likely unable to be sold because it did not include any personal or financial information.
Researchers have discovered nine vulnerabilities, collectively named PwnedPiper, in the pneumatic tube systems (PTS) used in more than 80 per cent of major hospitals in North America and 3,000 hospitals worldwide. The bugs in Swisslog Healthcare's Translogic PTS, include hard-coded passwords, unencrypted connections and unauthenticated firmware updates that could lead to remote code execution. PwnedPiper could give an unauthenticated attacker root control and could let threat actors take over Nexus stations. If an attacker could take over this tube network, it could result in denial-of-service, sophisticated ransomware or full-blown meddler-in-the-middle attacks on hospitals.
This week, Zoom agreed to pay $86m to settle a class-action privacy lawsuit in the US, which was filed in March 2020 on behalf of Zoom subscribers nationwide and its free users. The lawsuit alleged that Zoom had invaded the privacy of millions of users by sharing personal data with Facebook, Google and LinkedIn. Zoom was also accused of falsely claiming that it offers end-to-end encryption and failing to prevent attackers from "zoombombing" sessions.
At Black Hat US this week, researchers revealed a new class of DNS vulnerabilities impacting major DNS-as-a-Service providers that could allow attackers to access sensitive information from corporate networks. The DNS flaws provide threat actors with nation-state intelligence harvesting capabilities with a simple domain registration. The researchers haven't found evidence that the DNS vulnerability was previously exploited in the wild before. However, they explained, anyone with knowledge of the issues and the skills to abuse it "could have collected data undetected for over a decade.". Two of the major DNS providers have already fixed these DNS flaws. However, others are still likely vulnerable, exposing millions of devices to attacks.
Cynet named #1 in Software Testing Help's Top 10 Ransomware Protection Providers.
Find out more about how Cynet can protect you against the growing threat of ransomware.