Cyber Weekly Digest - Week #16
In this week's digest, find out how a cyber attack left supermarkets in the Netherlands short of cheese and more on Microsoft's largest Patch Tuesday so far in 2021. Keep reading to get the latest on the biggest cyber security stories of the week.
Bakker Logistiek, one of the largest logistics services providers in the Netherlands, suffered a ransomware attack which indirectly impacted the supply of cheese to supermarkets. It is unknown what ransomware gang targeted Bakker Logistiek; researchers speculate that the threat actors gained access to their systems through the recently reported Microsoft Exchange ProxyLogon vulnerabilities. This cyber security story is another reminder of the indirect impacts of cyber-attacks.
This week researchers disclosed nine vulnerabilities affecting implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices. The researchers that discovered the vulnerabilities have named them NAME:WRECK. In a real-world attack scenario, adversaries can exploit these flaws to find their way into an organisation's network via an internet-facing device that issues DNS requests to a server and exfiltrate sensitive information, or even use them as a stepping stone to sabotage critical equipment.
Microsoft has released an update which patches 110 vulnerabilities, the largest so far in 2021. 19 labelled "critical" in severity and 88 considered important. The most severe of those flaws disclosed is arguably a Win32k elevation of privilege vulnerability actively being exploited in the wild by the cybercriminal group BITTER APT. Notably, Microsoft released updates to fix four more flaws in Exchange Server versions 2013-2019, also reported by the U.S. National Security Agency.
Capcom announced that they have almost finished restoring the internal systems affected by a ransomware attack they suffered last year. Most interestingly, investigators revealed that Ragnar Locker operators gained access to Capcom's internal network by targeting an old VPN backup device located at its North American subsidiary in California. The compromised VPN device was on its way out as new models had been installed; however, it continued to function as an emergency backup due to remote working.
100,000 malicious Google sites that seem legitimate are being used by attackers to install a remote access trojan and later infect the victim's systems with ransomware, credential-stealers, banking trojans and other malware. The malicious sites contain popular business keywords, including business-form related convincing Google's web crawler that the intended content meets conditions for a high page-rank score, which increases the likelihood that victims will visit the webpage.
Instead of splurging on bigger security tools, why not focus on finding leaner, better ones?
Join Cynet's Chief Security Strategist Chris Roberts as he discusses why it’s time to simplify then add lightness to protect our
organisations. Register here