Cyber Weekly Digest - Week #33

Updated: Aug 20, 2021

This week in cyber security featured some of the most significant security stories of the year so far. This week's digest discusses one of the largest cryptocurrency heists and the latest LockBit 2.0 victim. Keep reading to stay up to date on all the biggest cyber security stories from across the world.

1. Accenture suffers a LockBit2.0 cyber attack.

On Wednesday, global IT consultancy giant Accenture suffered a LockBit 2.0 ransomware attack, in which the ransomware gang threatened to publish files they allegedly stole in the attack. The ransomware gang stated that they stole six terabytes of data from Accenture and are now demanding a $50 million ransom. The attackers claim to have been able to get access to Accenture's network through a corporate insider. Accenture stated that they were able to fully restore their affected systems from a backup, and that was no impact on Accenture's operations or their clients' systems. Earlier this week, the Australian government warned of LockBit 2.0 ransomware attacks after the group actively recruited insiders at companies they plan on breaching in exchange for millions of dollars.

2. Microsoft warns of another unpatched Windows Print Spooler vulnerability

A day after releasing Patch Tuesday updates, Microsoft confirmed yet another Windows Print Spooler remote code execution vulnerability which they are working to remediate in an upcoming security update. The unpatched vulnerability is the latest to join a list of flaws collectively known as PrintNightmare. An attacker who successfully exploits this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Microsoft recommends users stop and disable the Print Spooler service to prevent malicious actors from exploiting the vulnerability.

3. Attackers stole and returned millions of cryptocurrencies from Poly Network.

Attackers stole $611 million worth of cryptocurrencies from blockchain-based financial network Poly Network, in what's believed to be one of the largest cryptocurrency heists. What is most interesting about this story is that within a day, the attacker had pledged to return the stolen funds as they were "not very interested in money".