Updated: Aug 20
This week in cyber security featured some of the most significant security stories of the year so far. This week's digest discusses one of the largest cryptocurrency heists and the latest LockBit 2.0 victim. Keep reading to stay up to date on all the biggest cyber security stories from across the world.
On Wednesday, global IT consultancy giant Accenture suffered a LockBit 2.0 ransomware attack, in which the ransomware gang threatened to publish files they allegedly stole in the attack. The ransomware gang stated that they stole six terabytes of data from Accenture and are now demanding a $50 million ransom. The attackers claim to have been able to get access to Accenture's network through a corporate insider. Accenture stated that they were able to fully restore their affected systems from a backup, and that was no impact on Accenture's operations or their clients' systems. Earlier this week, the Australian government warned of LockBit 2.0 ransomware attacks after the group actively recruited insiders at companies they plan on breaching in exchange for millions of dollars.
A day after releasing Patch Tuesday updates, Microsoft confirmed yet another Windows Print Spooler remote code execution vulnerability which they are working to remediate in an upcoming security update. The unpatched vulnerability is the latest to join a list of flaws collectively known as PrintNightmare. An attacker who successfully exploits this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Microsoft recommends users stop and disable the Print Spooler service to prevent malicious actors from exploiting the vulnerability.
Attackers stole $611 million worth of cryptocurrencies from blockchain-based financial network Poly Network, in what's believed to be one of the largest cryptocurrency heists. What is most interesting about this story is that within a day, the attacker had pledged to return the stolen funds as they were "not very interested in money". So far, Poly Network has received $260 million back, $269m in Ether tokens, and $84m in Polygon tokens has yet to be returned. The hacker claimed to have always planned to return the tokens and said the heist was carried out to highlight vulnerabilities in Poly Network software.
Researchers have discovered a new android threat named FlyTrap, which is being used to steal session cookies, which has been running since March targeting Facebook accounts in over 140 countries. FlyTrap campaigns rely on simple social engineering tactics to trick victims into using their Facebook credentials to log into malicious apps that collected data associated with the social media session. Researchers found that the stolen information was accessible to anyone who discovered FlyTrap's command and control server.
The AlphaBay dark web market has come back to life after an administrator of the original project relaunched it over the weekend. AlphaBay originally started in 2014 and quickly became the largest darknet market until law enforcement took it down in 2017. In the statement, the AlphaBay founder said they wanted to set new standards for a sustainable model and build a "professionally-run, anonymous, secure marketplace.". To prevent drawing unnecessary attention from law enforcement, AlphaBay outlines a list of rules including no ransomware selling or discussing, no harming others and no activity relating to former Soviet Union countries.