Updated: Dec 10, 2021
In this week’s digest, read about security incidents affecting some of the most well-known organisations around the world, such as Panasonic and IKEA. Keep reading to find out about the biggest cyber security stories from the week.
Panasonic has disclosed a security breach after unknown threat actors gained access to servers on its network this month. Media reporters have claimed that the threat actors had access to Panasonic’s servers from June, with Panasonic first spotting the activity in November. The threat actors were able to access sensitive customer and employee information. Panasonic is currently investigating the incident; however, it has not yet found evidence of data being leaked.
IKEA is warning employees of an ongoing reply-chain phishing cyber-attack targeting internal mailboxes in internal emails. These emails are also being sent from other compromised IKEA organisations and business partners. IKEA IT teams warn employees that the reply-chain emails contain links with seven digits at the end and shared an example email. Employees have been warned not to open the emails, regardless of who sent them and report them immediately.
AT&T is taking action to mitigate a botnet found inside its network, infecting 5,700 VoIP servers that route traffic from enterprise customers to upstream mobile providers. The botnet, named EwDoor, targets AT&T customers using EdgeMarc Enterprise Session Border Controller edge devices. Researchers have noted that EwDoor includes six major functions: Self-updating, port scanning, file management, DDoS attack, reverse shell and arbitrary command execution. So far, AT&T has not found any evidence that the botnet has been “weaponised”.
Planned Parenthood Los Angeles has disclosed a data breach after suffering a ransomware attack in October that exposed the personal information of approximately 400,000 patients. Although the breach exposed no financial information, names, addresses, date of birth, and health information was accessed that could allow threat actors to perform more targeted attacks. It is unknown what ransomware gang is responsible for the attack and whether a ransom has been paid.
Last month, the Emotet malware resurfaced after law enforcement shut down its infrastructure ten months ago. Researchers have now found Emotet distributed through malicious Windows App Installer packages that pretend to be Adobe PDF software. This new Emotet campaign starts with stolen reply-chain emails that appear as a reply to an existing conversation, including a link taking the user to a fake Google Drive page to install an “Adobe PDF Component”. The malicious package looks like a legitimate Adobe application, as it has a legitimate Adobe PDF icon, a valid certificate that marks it as a ‘Trusted App’. Typically, Emotet campaigns lead to ransomware attacks deploying TrickBot and Qbot.