Cyber Weekly Digest - Week #46
Updated: Nov 16, 2020
This week in cyber security is another dominated by ransomware stories and the effects they can have on businesses. Keep reading to find out about a company whose operations were shut down for two weeks after a ransomware attack as well as new tactics used by criminals to get victims to pay up.
Ragnar Locker Team hacked into Facebook accounts to run an ad campaign on Monday. The attackers had budgeted $500 for a campaign which warns the Campari Group to pay up. The Campari Group was hit by the ransomware attack last week on November 3rd, the Ragnar Locker group claim to have a “huge volume” of their confidential data.
This week a hacker has been spotted to be selling access to Pakistan International Airlines’ network. The threat actor is selling the domain admin access to the airline for $4,000; the threat actor has also been found to be selling databases that exist in the airline’s network. Researchers discovered the access for sale on multiple illegal online forums which they had been monitoring.
This month’s patch Tuesday has seen 112 flaws being patched, 17 of those fixed are rated as “critical”. The biggest concern is the actively exploited zero-day vulnerability CVE-2020-17087. This zero-day is not identified as “critical” as it is a privilege escalation flaw that would allow an attacker who has already compromised an account on a system to gain administrative control, meaning it would have to be chained with another exploit.
Towards the end of this week, Animal Jam suffered a data breach in which 46 million accounts were affected. The threat actor shared Animal Jam two databases on a hacker forum, claiming that they were obtained by ShinyHunters: a well-known website hacker. Among the stolen information was seven million email addresses used to create parent accounts for Animal Jam users.
Last month Ryuk hit the office furniture giant – Steelcase. It has been revealed that all of their production was halted for two weeks since October 22nd as they depend on “network” for running, scanning and transferring product in the plants. Although their business operations were affected, apparently no confidential customer or employee information was stolen during the attack. This is an example of how ransomware can severely impact a businesses finances, not just through the ransom demand.
To find out more about reducing the time to recover after being hit by a ransomware attack, register for our upcoming webinar "When Ransomware Hits: How to Minimise your Recovery Time." On November 26th at 11:00 GMT.