Updated: Jan 7, 2022
Although 2021 is coming to an end, threat actors are working harder than ever. In this week’s cyber weekly digest, we’ll dive into a ransomware attack on Sainsbury’s payroll provider and more on the Log4Shell vulnerability. Keep reading to stay up to date on the latest cyber security stories.
Log4Shell is an unauthenticated RCE vulnerability that allows complete system takeover on systems with Log4j 2.0-beta9 up to 2.14.1, which was disclosed this week. Since then, it has been discovered that attackers have launched more than 1.8 million attacks on half of all corporate networks. BitDefender also reported that they found the first ransomware family being installed directly via Log4Shell exploits later this week. Apache has released Log4j 2.15.0 to address the maximum severity CVE-2021-44228 RCE vulnerability and urges those using the library to upgrade to the latest release ASAP.
Apple on Monday released updates to iOS, macOS, tvOS, and watchOS with security patches for multiple vulnerabilities. The vulnerabilities include a remote jailbreak exploit chain and several critical issues in the Kernel and Safari web browser. In total, Apple fixed five Kernel and four IOMobileFrameBuffer flaws.
Opioid treatment network Behavioral Health Group (BHG) suffered a cyberattack that led to an almost week-long disruption of IT systems and patient care. BHG is one of the largest networks of outpatient opioid treatment centres in the USA. While BHG has not disclosed the nature of the incident, it was likely caused by a ransomware attack, although there is no evidence that patient data had been stolen in the attack.
Swedish carmaker Volvo Cars has disclosed that unknown attackers have stolen research and development information after hacking some of its servers. While Volvo did not disclose many details on the breach, the Snatch extortion gang has already claimed the attack. The extortion group added an entry on their data leak site about breaching Volvo Car Corporation’s servers and stealing files during the intrusion with screenshots of the stolen files as proof. Snatch has also leaked 35.9 MB of what they claim to be documents stolen from Volvo.
Sainsbury’s is among major businesses in the UK and US affected by a cyber attack on a payroll system provider, Kronos. Kronos confirmed that it was dealing with a ransomware attack on its computer systems earlier this week. US supermarket chain Wholefoods and carmaker Honda North America use Kronos and were among those affected. Multiple departments, including payroll, human resources and accounting, are now using historical data and working patterns to ensure employees are paid the correct amount on time.