Updated: Apr 30, 2021
This week's digest is dominated by ransomware stories as attacks continue to rise in number. Keep reading to find out about a gang trying to exploit Apple by threatening to release confidential Apple blueprints, another ransomware attack on a UK university and why attackers are demanding Discord gift codes as ransom payments.
REvil has been on a hacking spree over the last month, demanding extremely high ransom demands in attacks targeting Acer ($50 million), Pierre Fabre ($25 million), and Asteelflash ($24 million). This time, they targeted Apple after the gang allegedly stole confidential information from Quanta's network, an original design manufacturer for Apple products. REvil targeted Apple after Quanta failed to communicate with them. According to the Tor payment page, Quanta must pay $50 million until April 27th, or $100 million after the countdown ends. So far, REvil leaked over a dozen schematics and diagrams of MacBook components on its dark web leak site, although there is no indication that any of them are new Apple products.
At least 10,000 UK nationals have been approached by fake profiles linked to hostile states over the past five years. A campaign, run by the Centre for the Protection of National Infrastructure, which reports to MI5, has been launched to help educate government workers about the threat of malicious LinkedIn profiles. The campaign hopes to warn users of connection requests which might then be used to lure users into sharing secrets and confidential information.
This week another UK university has been impacted by a suspected ransomware attack; last week, the University of Hertfordshire was hit. Research has shown that a third of UK universities have been hit with ransomware over the past decade. University of Portsmouth's key IT systems has continued to be offline, which has delayed the start of the new term. Staff and students were warned against logging into any university Windows devices on its network to help minimise the impact.
The newly discovered critical security flaw is rated 10 out of 10 on the CVSS vulnerability-rating scale. It is an authentication bypass vulnerability that can allow an unauthenticated user to perform remote code execution on the Pulse Connect Secure gateway. Pulse Secure VPNs continue to be a popular target for nation-state actors; last week, the FBI warned that a known arbitrary file-read Pulse Secure bug was part of five vulnerabilities under attack by the Russia-linked APT29 group. Pulse Secure said that the zero-day would be patched in early May.
Most ransomware operations demand thousands, if not millions. However, Nitro Ransomware is demanding a $9.99 Nitro Gift code instead. Discord is free, but they offer a Nitro subscription add-on for $9.99 per month that provides additional perks, such as larger uploads, HD video streaming, enhanced emojis, and the ability to boost your favourite server. Many are confused as to why only a gift card is demanded; however, it also steals the victim's Discord tokens. Researchers have pointed out that the gift cards can be resold and also can be used for money laundering.
Instead of splurging on bigger security tools, why not focus on finding leaner, better ones?
Join Cynet's Chief Security Strategist Chris Roberts as he discusses why it’s time to simplify then add lightness to protect our
organisations. Register here